I plead ignorance; I don't know enough about the technical details of exactly what will be signed and exactly what it will be capable of. Matthew would be much better placed to answer the question.

Well the way he wants to implement is is to make sure that the kernel all modules are signed. But you can still attack a system when you modifiy the initrd as this is never signed with a red hat key. Even when you use encryption for your /, the initrd is usually accessable - you dont need to modify any kernel module for that. I dont get what kind of security you gain there. Secure boot can only be one small step to increase security, by itself it does not solve major issues.

If Microsoft did the same, people would whine about them being anti-competitive and locking out the competition by preventing booting of alternative operating systems.
Microsoft mandates that the user should have the right to disable Secure Boot, I think Canonical should too.

Seems like Canonical is willing to give up users freedom in order to put less restrictions on manufacturers in order to get an advantage over Microsoft.

But Microsoft drafted the Secure Boot specification and the especially wrote it that a package can only be signed with one key, this effectively ensures that there will never be any competition and puts them into a monopoly.

Personally I think that the real problem is the Secure Boot itself. The need for a key ?.. Why not... The need for a payed key ? That's the stupidiest thinkg I ever heard. What about the liberty of doing with the PC whatever we want ? But let just pass that..

The option to disable the Security Boot on the BIOS is a good idea, but it is not the solution. For example, Ubuntu had to buy a key and introduce it on the new Ubuntu in order to new users that don't understand well computers and just bought one with UEFI and Secure Boot Active could boot Ubuntu without blamming it for not working and not understanding why.

And, It is already a pain in the a** (sorry for the expression), to find a computer without Windows in stores, but now if we have to handle with computers with probably a Metro visual in the UEFI (I heard of that a long time a go so I don't know if the situation changed), and a Secure Boot with the possibility to not desactivate that could be a really mess.

I am not blaming Microsoft, I just don't understand the whole situation at all...

Let's make internet campaign : UEFI is BAD, don't buy UEFI hardware!
If we make it now many people will see it and will fear from UEFI! ) Just like campaign against ACTA!
LET the FUD begin!

Follow up on this - there was some discussion of it by Matthew and Peter, and ajax, on the fedora-devel list yesterday:

https://lists.fedoraproject.org/pipe...ne/169341.html (the initial question about Ubuntu's approach)





To summarize - there is considerable scepticism that any approach which doesn't actually make a reasonable attempt to restrict what can be booted using a signed bootloader chain will be viable. Our guys pretty much reckon that if Canonical does go ahead with the plan to just get a generic bootloader signed in such a way that anyone could boot anything with it, that will be revoked quite quickly, or never signed in the first place. I particularly like ajax's take on it - anything formulated as a Futurama quote gets an automatic +10 from me.

edit: my disclaimer about being entirely prepared to be wrong in any situation still applies. The above is only my interpretation of other people's responses to canonical's plans; there are zillions of possible points of failure there, and I certainly don't mean to be read as stating categorically that Canonical's plans are flawed. the people who signed https://lists.ubuntu.com/archives/ub...ne/035445.html are certainly smart cookies who, like matthew and peter, probably know much more about this than me. So don't put too much weight on anything I say when it comes into conflict with any of those. I'm sure we'll find out down the road how everything shakes out.

If disabling Secure Boot is not the solution, then what is?

This whole OS-signing, driver-signing and kernel module signing things may sound new for users of alternative operating systems but the reality is that they are things that Windows users have come to take for granted today. Ever since Microsoft released Windows XP Profesional (64bit edition) driver and module signing has been mandatory for any hardware vendor who makes peripherals for the dominant operating system. While you can drive a bus through the numerous security holes present in the 32-bit version of Windows XP, the same cannot be said for XP 64-bit and its successors, Vista and Win 7. Sure they do have their own set of flaws but malware entering the system via compromised drivers are largely unheard of nowadays.

Now, let's assume that Microsoft's harsh stance on mandating driver signing is successful in eliminating the threat of rogue drivers being used as a vehicle for malware to attack the operating system. Logically, the next aspect of Windows Microsoft will want to secure is the boot process, because malware can easily bypass a variety of safeguards if it is able to inject itself into the Windows booting process. Since most motherboard and notebooks that are being sold in the past 2 - 3 years are now UEFI capable, and the UEFI specification provides for an un-utilized feature known as Secure Boot that is reportedly capable of safeguarding the boot process from malware, it makes sense that Microsoft will want to make full use of it, if only so that it can save on R&D costs in figuring out how to do the same thing should Secure Boot not exist.

Think about it: Secure Boot safeguarding the boot process + running Windows with a Limited account and UAC enabled + mandatory driver signing means that the number of attack vectors malware can strike at Windows is significantly reduced.

And I don't believe for 1 second any conspiracy theories claiming that Microsoft cooked up Secure Boot just to lock users out from installing alternative operating systems. The fact that it has the unintended consequence of actually doing so is just a bonus for Redmond; remember that Microsoft makes money selling its operating systems.IF we assume that Windows 8 does not do well on launch, people are going to buy Windows 7 DVDs (or pirate, if they have no respect of copyright or proprietary intellectual property) and downgrade their Windows 8 installation to Windows 7. And if Secure Boot is too draconian, downgrading to Windows 7 will be impossible and Microsoft will lose money from potential Windows 7 sales, not to mention that it will garner considerable ill will from its customers (do not forget that Microsoft provides downgrade clauses in its contract with OEMs for certain licenses), hence the requirement that any x86 computer sold with Windows (which is virtually 99% of all non-Apple OEMs) must feature some option to disable Secure Boot so that the downgrade can take place.

In the end, Microsoft is just covering its bases to ensure that its CUSTOMERS can do what they want with their x86 computers, and that its hardware partners can offer WINDOWS USERS a choice where Secure Boot is concerned. Leave Secure Boot on and run Windows 8, or disable it and downgrade to Windows 7, it's their choice. Linux users were never part of Microsoft's customer base, so as cynical as it may sound, Microsoft has no obligation to cater to them.

Anti-competitive? Definitely not; they are not putting a gun to your head and demanding that you use Windows. And indeed, with Secure Boot disabled, a user can install virtually any operating system he/she desires on his/her computer. But if it makes you feel better, you can blame Microsoft for being a dick and needlessly accelerating the adoption of an established but unused specification.

*Don't bother bringing in Windows 8 tablets into the discussion; there's a very good reason these are locked with no chance to disable Secure Boot. You can thank (or curse) Apple and Google (Android) and the non-universal/standardized nature of ARM hardware for setting the precedents in locked-down tablet computing.

As ironical it may sound, but if you have to buy a computer with Windows (thank Bob that we don't need to do that here in Germany) then you should look around and only buy hardware with Windows 8 logo. One of the requirements for getting the Windows 8 logo for x86 hardware is that there has to be the possibility to disable Secure Boot and also the possibility for the end user to add own custom keys.

I saw this linked from groklaw.net, it is secureboot in practice: https://plus.google.com/112648813199...ts/Z2ntB81QEG4.

Sorry about the double post, but it was too late to edit the other one. Here is a English language article about it: http://www.h-online.com/open/news/it...t-1635893.html.