Red Hat Will Pay Microsoft To Get Past UEFI Restrictions

Thibault NĂ©lis thib at stammed.net
Mon Jun 4 11:31:24 UTC 2012 

On 06/04/2012 12:22 PM, J.Witvliet at mindef.nl wrote:
> -----Original Message-----
> From: users-bounces at lists.fedoraproject.org [mailto:users-bounces at lists.fedoraproject.org] On Behalf Of JD
> So, if all the linux distros put their "heads" together and create a single
> Linux signature authority, which will serve all the distros, and be funded
> largely by the industry (which sell linux servers - such as IBM, among
> others),
> and other for-money linux distros, such as Red Hat; then this will go a long
> way towards making linux totally independent of MS as far as key signatures
> are concerned.

That's what I believe yes.  It will still be far from ideal, but then 
again, an ideal situation implies a dynamic WoT and would thus require 
educating users in basic trust management.  Smart algorithms with sane 
default behavior and good UI can actually make this quite easy if 
appropriate metaphors are used, but the general consensus in the 
industry right now seems to be that "users are too stupid to understand 
these things".  I tend not to agree, but that debate is quite heavy on 
its own (this is the reason why we're still stuck with PKI for the web 
by the way).

So with that established mindset, the only solution is to force people 
to trust who the developer wants them to trust first, and then maybe 
offer them the choice to have their say if they're deemed intelligent 
enough to find the obscure certificate stores.  This sounds bad, but it 
enables the process to be entirely automated and transparent for the 
user.  Just like when visiting HTTPS websites; we don't have to worry 
about how many people in our web of trust actually do trust the owner of 
the certificate to be the owner of the domain, or about verifying a 
fingerprint on an side-channel (who picks up the phone to do that these 
days?).  It just works (although at what cost?), so it is sort of better 
from a usability stand point, if we exclude the "I might not trust who 
I'm told I should trust and I might not like it" from the concept of 
usability.

The way we implement this is by having predefined root certificates, 
quite simply.  If the user actually trusts the owners of *all* the root 
certificates on his machine, then the model is actually fine.  I think 
I'd trust Red Hat, SUSE, Canonical, the Linux Foundation, the FSF or the 
OSI way, way more than Microsoft for example.  There's still the problem 
that typically one entity cannot be certified by multiple entities, and 
thus we have to include all root certificates for all certified entities 
we need to verify, and this quite invariably will include root 
authorities that we don't trust (in this case, the problem will most 
probably occur with other certified hardware in the machine, as pointed 
out elsewhere in this thread, but I think not with shims).

Anyway, webs of trust and distributed social networking constitute nice 
food for thought IMO.  In the meantime, we'll just have to go with good 
enough.

> -----Original Message-----
>
> Excuse me if I'm misunderstanding,
> But somehow it looks to me that we are forced in a direction we should not be heading to.
>
> Wasn't the whole idea behind this uefi-restrictions, to:
> a) improve Microsoft security record (fighting malware, rogue-drivers, worms, ...)
> b) Fighting illegal versions of Windows.

Well I would hope not.  UEFI is independent from Microsoft, and it looks 
like this spec is going to be implemented in a very wide range of 
devices in the near future.  It's the *Unified* Extensible Firmware 
Interface, after all.  The board comprises AMD, American Megatrends, 
Apple, Dell, HP, IBM, Insyde Software, Intel, Lenovo, Microsoft, and 
Phoenix Technologies[0].  Secure boot will also be useful for everyone.

The goal is legit, but unfortunately it *is* very possible to subvert 
and abuse the technology, and to make it into a revival of Palladium, 
which is why everyone ought to, I think, take a look at it and form an 
informed opinion before accepting it blindly (I know this won't happen 
for people on this list, but the rest of the world doesn't care as much) 
or refusing it outright.

> As long as you still can boot something else.... (I mean NON-microsoft)

On x86, yes, on ARM, I think there will be blood (although Microsoft 
isn't nearly as big on ARM as they are on x86, people might just be able 
to ignore them and buy an alternative if they're smart).

> Just hope that "official" versions of W8, do not require such uefi-structure beneath them, otherwise you have a problem with vmware/kvm/xen.

Indeed there could be a problem, but only if they plan to verify the 
firmware's integrity.  Technically this is a challenge (since the 
firmware could make up a lie) and I don't think they have any plan to 
attempt that, it was just speculation AFAIK.

[0] http://www.uefi.org/about/
-- 
t

More information about the users mailing list