*countable infinities only

Gregory Maxwell gmaxwell at gmail.com
Thu May 31 16:50:24 UTC 2012

On Thu, May 31, 2012 at 12:22 PM, Peter Jones <pjones at redhat.com> wrote:
> The argument that it's a security effort is bolstered in many vendors eyes
> by the existence of attacks in the wild which Secure Boot would prevent.

I'm not aware of any attack _objectives_ (as compared to methods)
which this would prevent, at least not without locking down all the
code on the system instead of just the kernel and bootloader.

Yes, some malware exploits insecure kernels to screw with the boot
environment to prevent its removal. But if you take that away the
malware will just modify the first piece of unsigned code to perform
the same attack at every boot.  If the first piece of unsigned code
runs before software update the malware can still prevent updates from
defeating it.

If the kernel was secure to begin with (no boot time userspace
exploit) then permissions in the kernel are enough and you don't need

> If you see a legal challenge to MS requiring secure boot to be enabled with
> their keys in order to ship systems with their trademarked logo on it,
> you're at your leisure to follow through on that. I'll make no attempt to stand in
> your way. I look forward to keeping track of your progress on this matter.

Fedora's participation would substantially undermine both claims on
anti-competitive and tortious interference grounds.   I can only
accept that the legal options have already been considered and were
regarded as non-viable even absent Fedora's actions,  but it's a
little unfair to say "so you do it." here.

I think it would be more accurate and honest to say "We've got better
lawyers than you do, and we've already considered this and currently
consider it non-viable for reasons we can't discuss in public— so much
so that we're willing to forever undermine some possible arguments by
going along with this."

On Thu, May 31, 2012 at 12:42 PM, Miloslav Trmač <mitr at volny.cz> wrote:
> BIOS passwords.  (Yes, it can be reset on many machines, but that's a
> property of the machine, not of the design.)

If I have access to the hardware I can just replace the whole motherboard.

On Thu, May 31, 2012 at 12:42 PM, Miloslav Trmač <mitr at volny.cz> wrote:
> I can't see that this is a freedom issue.  You are absolutely not
> _forced_ to use the system this way.

One freedom Fedora provides is the freedom to fork and make respins,
without asking permission and without making them any less good (e.g.
not like the old SUSE thing where the installer was non-free, or the
old ubuntu thing where the distribution build infrastructure was
non-free). If I make a fork of Fedora post SecureBoot my fork will be
less compatible and harder to install the moment I adjust the binary
to change the trademark name, much less make any real change.

You may not thing this freedom to stand as technical equals is very
important— but I counter that many people rationally believe the
freedom to modify the software you run is not very important either.

If it really was a non-issue Peter Jones wouldn't have just written:
"Next year if we don't implement some form of Secure Boot support, the majority
of Fedora users will not be able to install Fedora on new machines."

The corollary to this is that "Next year if Fedora implements this,
Forks and Respins will not be installable by the majority of users on
the same hardware where Fedora runs".

On Thu, May 31, 2012 at 11:59 AM, Peter Jones <pjones at redhat.com> wrote:
> You see why maybe that comes across as a bit of a fib?  I'm not saying
> you're
> a bad person or something, but you appear to be reacting emotionally without
> fully thinking through what you're saying, and as a result overlooking
> things and contradicting yourself in an embarrassing way. You may want to do
> some more sleeping on it.

Well, I forwarded you some of the private discussion I was involved with which
I felt supported the position I took that this wasn't seriously a
matter for public
discussion. You don't agree with my interpretation, and I don't consider you
crazy for not agreeing with it.

While airing Fedora governance dirty laundry in public isn't my goal,
I wanted to at least make some comment here in my defense. My reading
skills are not defective, and I'm not trolling. I was emotional about
this 12 hours ago, but now I am responding in the hopes of increasing
awareness.  I know the page said that said that it wasn't done.  But
in direct contradiction to that I was told, to the best of my ability
to understand, that this was going to be presented fait accompli, and
that it would not be put to a vote before Fesco because doing so would
simply be pretextual.

Perhaps internal background to which I am not privy makes the nature
of the pretext seem more charitable to others— that it would only be
pretextual because everyone relevant has already been convinced that
this best— and that it's not because they don't value freedom as much
or because they're already too committed to this path...   But I was
not being careless, emotional, or dishonest to present this exactly as
final as it was presented to me.

More information about the devel mailing list