Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Thibault NĂ©lis
thib at stammed.net
Fri Jun 1 12:11:18 UTC 2012
On 06/01/2012 01:18 PM, Sam Varshavchik wrote:
> Who gets to make a call what is "trusted", and what even "trusted" means.
>
> Can I recompile my own kernel, sprinkle some magic dust over it, and
> make "trusted", without involving any other party?
Yes, you can sign it yourself, with your own key.
> Again, you are assuming that Microsoft will sign off on the concept of
> signing a shim, and going forward, it's the wild-wild West.
>
> Not going to happen.
Well why wouldn't they? The alternative is a boot loader for which a
review would make sense. Great, but now the boot loader runs a kernel
which hasn't been reviewed by Microsoft. Should they review the kernel
as well? It's impossible.
At some point, they have to trust the people developing the software,
and not the software itself. In essence, the shim is like a certificate
(since it's signed by Fedora implicitly via the package management system).
>> BTW, if you're wondering about loading your own modules or building
>> your own kernel, it wouldn't make sense to ask Fedora to trust your
>> piece of software,
>
> No, it wouldn't. Why the frak should I ask anyone for permission to run
> my own software on my own computer? Can you explain that concept to me?
Well, we agree, so just sign it yourself, there's no problem here.
>> since it would have nothing to do with Fedora and won't even be in
>> their repos.
>
> Nobody said that it would.
>
>> So you have to do the logical thing, generate a personal key and sign
>> your own stuff with it.
>
> But I can't do that. Only Fedora key's signed stuff will run.
Yes you can. You have to go up the chain. The top is the firmware,
where you'll put your key, then sign your own shim with it. The actual
boot loader will then be yours to chose, and you'll make it load your
own kernel. Etc.
> And, if an individual can get a signed key, just for asking, for their
> own stuff, so can an upper Moldovian, in order to right the next release
> of Stuxnet, that's going to get bootstraped off Fedora.
>
> You're living in a fantasy land.
Not quite. They would have to ask (a) the OEMs directly, (b) trust
brokers that the OEMs trust.
OEMs won't care about individuals, they can't possibly do, so they will
refuse all requests.
For now, the only trust broker is Microsoft (actually, we now know that
Verisign is somehow involved since they will receive the payments; and
they are arguably less biased). Microsoft/Verisign currently ask $100
for the signatures. Every time an attacker's malware is detected and
blacklisted, it would have to pay $100 to a trust broker to get a new
signature.
Now, I agree that it isn't much for certain botmasters, but at least
Verisign probably won't allow shady payments, and hiding the financial
trail of an electronic transaction with the payment methods Verisign
uses is increasingly difficult. Also, I guess Microsoft/Verisign will
ask for at least a little bit of information before signing, so you'd
have to come up with a believable story every time, possibly with
something to back it up. This will discourage a lot of attackers, and
will slow down the spread of malware significantly. That's the plan
anyway, and until now it's pretty sound.
Or, an attacker could walk you through the steps to install their key on
your firmware. For certain targets, I believe they'd be better off
paying Verisign rather than their phone bill. ;)
>> If the modules you want are of enough value for all Fedora users, you
>> can ask the kernel maintainers (I guess) to review them, sign them and
>> bundle them in the Fedora repositories. This feels natural.
>
> I don't give a frak about that. I just want to run my own stuff, without
> anyone else sticking their nose in my personal business. Is that too
> much to ask?
As I said already, just sign it yourself, which is only natural since
you wouldn't be running Fedora software anymore, but your own little
derivative of Fedora.
You should cool down, BTW. That's just the slashdot effect, everyone
suddenly likes to hate and revolution sounds cooler than ever, but it
will pass.
--
t
More information about the users
mailing list