Red Hat Will Pay Microsoft To Get Past UEFI Restrictions
Thibault NĂ©lis
thib at stammed.net
Mon Jun 4 11:31:24 UTC 2012
On 06/04/2012 12:22 PM, J.Witvliet at mindef.nl wrote:
> -----Original Message-----
> From: users-bounces at lists.fedoraproject.org [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of JD
> So, if all the linux distros put their "heads" together and create a single
> Linux signature authority, which will serve all the distros, and be funded
> largely by the industry (which sell linux servers - such as IBM, among
> others),
> and other for-money linux distros, such as Red Hat; then this will go a long
> way towards making linux totally independent of MS as far as key signatures
> are concerned.
That's what I believe yes. It will still be far from ideal, but then
again, an ideal situation implies a dynamic WoT and would thus require
educating users in basic trust management. Smart algorithms with sane
default behavior and good UI can actually make this quite easy if
appropriate metaphors are used, but the general consensus in the
industry right now seems to be that "users are too stupid to understand
these things". I tend not to agree, but that debate is quite heavy on
its own (this is the reason why we're still stuck with PKI for the web
by the way).
So with that established mindset, the only solution is to force people
to trust who the developer wants them to trust first, and then maybe
offer them the choice to have their say if they're deemed intelligent
enough to find the obscure certificate stores. This sounds bad, but it
enables the process to be entirely automated and transparent for the
user. Just like when visiting HTTPS websites; we don't have to worry
about how many people in our web of trust actually do trust the owner of
the certificate to be the owner of the domain, or about verifying a
fingerprint on an side-channel (who picks up the phone to do that these
days?). It just works (although at what cost?), so it is sort of better
from a usability stand point, if we exclude the "I might not trust who
I'm told I should trust and I might not like it" from the concept of
usability.
The way we implement this is by having predefined root certificates,
quite simply. If the user actually trusts the owners of *all* the root
certificates on his machine, then the model is actually fine. I think
I'd trust Red Hat, SUSE, Canonical, the Linux Foundation, the FSF or the
OSI way, way more than Microsoft for example. There's still the problem
that typically one entity cannot be certified by multiple entities, and
thus we have to include all root certificates for all certified entities
we need to verify, and this quite invariably will include root
authorities that we don't trust (in this case, the problem will most
probably occur with other certified hardware in the machine, as pointed
out elsewhere in this thread, but I think not with shims).
Anyway, webs of trust and distributed social networking constitute nice
food for thought IMO. In the meantime, we'll just have to go with good
enough.
> -----Original Message-----
>
> Excuse me if I'm misunderstanding,
> But somehow it looks to me that we are forced in a direction we should not be heading to.
>
> Wasn't the whole idea behind this uefi-restrictions, to:
> a) improve Microsoft security record (fighting malware, rogue-drivers, worms, ...)
> b) Fighting illegal versions of Windows.
Well I would hope not. UEFI is independent from Microsoft, and it looks
like this spec is going to be implemented in a very wide range of
devices in the near future. It's the *Unified* Extensible Firmware
Interface, after all. The board comprises AMD, American Megatrends,
Apple, Dell, HP, IBM, Insyde Software, Intel, Lenovo, Microsoft, and
Phoenix Technologies[0]. Secure boot will also be useful for everyone.
The goal is legit, but unfortunately it *is* very possible to subvert
and abuse the technology, and to make it into a revival of Palladium,
which is why everyone ought to, I think, take a look at it and form an
informed opinion before accepting it blindly (I know this won't happen
for people on this list, but the rest of the world doesn't care as much)
or refusing it outright.
> As long as you still can boot something else.... (I mean NON-microsoft)
On x86, yes, on ARM, I think there will be blood (although Microsoft
isn't nearly as big on ARM as they are on x86, people might just be able
to ignore them and buy an alternative if they're smart).
> Just hope that "official" versions of W8, do not require such uefi-structure beneath them, otherwise you have a problem with vmware/kvm/xen.
Indeed there could be a problem, but only if they plan to verify the
firmware's integrity. Technically this is a challenge (since the
firmware could make up a lie) and I don't think they have any plan to
attempt that, it was just speculation AFAIK.
[0] http://www.uefi.org/about/
--
t
More information about the users
mailing list