Announcement

Collapse
No announcement yet.

New Group Calls For Boycotting Systemd

Collapse
This topic is closed.
X
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • The answer to that might be not to buy ARM for handling your data

    Originally posted by jbernardo View Post
    As it was too late to edit my post, here is the rest of it:

    "We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular)." (http://0pointer.net/blog/revisiting-...x-systems.html)

    With this, we will no longer have linux. We'll have a tivo, that only runs something mandated by the hardware seller, and that the user can't change. Right now, I can replace the firmware on my routers with DD-WRT, or Tomato, or whatever else. I can install plain linux on a chromebook. I can install linux on a laptop. With this? Possibly the only linux allowed will redhat, and all ARM devices will become non-upgradeable/customisable appliances, to throw away every year as they become "obsolete".
    Am I the only one who is scared of this "tivoisation" by design? Apparently for the lennart-fans here, this is a "good thing"(tm).
    If manufacturers go this route, the counter is obvious: boycott their hardware, the same way I refuse to buy a smartphone because I distrust not only their software but also their firmware. Some will be hacked and jailbroken, some will get mod chips, but why bother so long as hardware that can be freely used exists, even if you have to buy it used. There are enough Linux users who don't like walled gardens to make a "RHEL-only" device a dud on the sales floor, and if they want to use Linux moving any part of the kernel that they simply HAVE to use to GPL 3 would shut them down outright. Too bad relicensing the entire kernel under GPL3 would be such a quagmire...

    Comment


    • Originally posted by Luke View Post
      If manufacturers go this route, the counter is obvious: boycott their hardware, the same way I refuse to buy a smartphone because I distrust not only their software but also their firmware. Some will be hacked and jailbroken, some will get mod chips, but why bother so long as hardware that can be freely used exists, even if you have to buy it used. There are enough Linux users who don't like walled gardens to make a "RHEL-only" device a dud on the sales floor, and if they want to use Linux moving any part of the kernel that they simply HAVE to use to GPL 3 would shut them down outright. Too bad relicensing the entire kernel under GPL3 would be such a quagmire...
      Yep. Almost the only way the Linux community have any influence on the hardware is by "wallet voting". The hardware vendors doesn't care about online pleas or open source, they only care about money and competitive advantages over their competitors.

      Back in the old days there was very limited Linux hardware support, that meant Linux buyers just had to buy from a limited selection; but when Linux adoption grew, that suddenly meant substantial extra sales of certain hardware, that again meant more vendor Linux support in order to gain market shares etc.

      The bad thing is that some of the "lock down" mechanisms are mandated by Microsoft, the hardware vendors have no choice but to support secure UEFI boot if they want to run MS software.
      So traditional "wallet voting" doesn't help against the concept as a whole since it isn't a consumer choice, but decided by business contracts.

      I think the Linux community needs to discuss the concept of signed booting and trusted computing. My own take on the subject is, that since we can no longer avoid it on the hardware, boycotting the concept doesn't work. We may as well use the good parts for our benefit and see if we can pressure hardware vendors and standard committees to support the Linux way of using it.

      While the technical details may be many, I think most Linux users (and computer users in general), would say, that whatever the solution is, it should leave the end user in total control whether to use the secure facilities or not.

      Comment


      • If a machine can't be unlocked, that means it's bricked to me

        Originally posted by interested View Post
        Yep. Almost the only way the Linux community have any influence on the hardware is by "wallet voting". The hardware vendors doesn't care about online pleas or open source, they only care about money and competitive advantages over their competitors.

        Back in the old days there was very limited Linux hardware support, that meant Linux buyers just had to buy from a limited selection; but when Linux adoption grew, that suddenly meant substantial extra sales of certain hardware, that again meant more vendor Linux support in order to gain market shares etc.

        The bad thing is that some of the "lock down" mechanisms are mandated by Microsoft, the hardware vendors have no choice but to support secure UEFI boot if they want to run MS software.
        So traditional "wallet voting" doesn't help against the concept as a whole since it isn't a consumer choice, but decided by business contracts.

        I think the Linux community needs to discuss the concept of signed booting and trusted computing. My own take on the subject is, that since we can no longer avoid it on the hardware, boycotting the concept doesn't work. We may as well use the good parts for our benefit and see if we can pressure hardware vendors and standard committees to support the Linux way of using it.

        While the technical details may be many, I think most Linux users (and computer users in general), would say, that whatever the solution is, it should leave the end user in total control whether to use the secure facilities or not.
        The only products that lack an option to say NO are food and water. if industry requires all computers to be locked so well we can't crack them, we still have the options to buy used or buy nothing. Just like I choose not to have a smartphone and not to be on Facebook, I can also choose not to have a computer if I can't get one that works for me instead of working for Hollywood and the FBI.

        For me, it's OK to have to crack the BIOS/UEFI or even have to force-flash new firmware with a Bus Pirate, but not OK to have a machine that can't be cracked by any means unless it's the test subject for the cracking research itself. It must either have the option to disable secure boot, the option to use my keys, or a crack against it-one of the three. If any machine that can run Linux without having to be actively cracked is on the market, that renders all that require cracking uncompetitive in my book as well. I do not demand support, but I DO demand tolerance and no active interference, such as that code in one vendor's UEFI implementation that looks for a boot image named either for Windows or RHEL. That code will run any bootloader given the correct string name, but I would not pay a penny for the board on the grounds of not rewarding active interference.

        The day Microsoft announces that it will be required for motherboards to be hard-locked against any other OS to be able to boot Windoze is the day I stockpile the last generation of AMD hardware not to support that requirement. Since I don't play pay games, watch pay movies, or deal in 4K content, there is no reason for me to ever need new hardware unless what I have is stolen in a police raid or by burglars, or dies from electromigration. There should be plenty of Bulldozer, Piledriver, and Phenom II stuff on Ebay for years to come, so Microsoft and Apple can go to hell. With luck the locked boards get cracked and remain usable, but I'm not betting anything important on that.

        I don't need to connect to a new style "secure Internet" since I don't bank online or use paid services like Netflix. In fact, over a decade ago there was a bill that went nowhere in the US Congress to require secure boot to a drm-supporting, approved OS as a condition of legal connection to the Internet. That would have been defeated by dial-up services over voice lines, faster services tunneled as encrypted packets through "approved" machines treated as untrusted routers and looking like a corporate VPN to the telcos, and of course by good old fashioned flash drive filesharing: Hollywood's old digital audio tape nightmare returning.

        There are good reasons I never throw away operable Pentium 4 or later hardware, and the current industry talk of walled gardens is one of them.
        Luke
        Senior Member
        Last edited by Luke; 15 September 2014, 08:35 PM.

        Comment


        • Originally posted by michal View Post
          For me it's simple - I don't like german cars, I don't own any and I don't give a shit about them. I don't waste my life on whining on german motorization
          What's wrong with german cars? I guess everyone has a preference, but seems odd to exclude based on country of origin.

          Comment


          • Originally posted by jbernardo View Post
            I was more hoping for something from the "systemd cabal" (as they called themselves in that blog post) stating clearly that the machine owner will always have the keys, and will be able to sign, build and install his own packages. They are the ones pushing for this "all signed tamper proof" OS, so something more specific would be nice.
            They cannot. To be secure, the signing verification has to be done from the hardware up, so it depends on the hardware provider if you own the keys or not.

            But locked bootloaders have existed for linux for ages (android phones), so the situation cannot go worse. On the other hand, knowing cryptographically, as a consumer, what you run on your computer is still pretty difficult sometimes, so the situation can certainly get better.

            Comment


            • Originally posted by torsionbar28 View Post
              What's wrong with german cars?
              Nothing. They are the best cars in the world, unlike US cars which nobody likes (US motor industry is dead for a reason).
              And soon non-systemd distros become Detroit.

              Comment


              • Systemd can't turn open source into closed source and is itself FOSS

                Originally posted by jbernardo View Post
                As it was too late to edit my post, here is the rest of it:

                "We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular)." (http://0pointer.net/blog/revisiting-...x-systems.html)

                With this, we will no longer have linux. We'll have a tivo, that only runs something mandated by the hardware seller, and that the user can't change. Right now, I can replace the firmware on my routers with DD-WRT, or Tomato, or whatever else. I can install plain linux on a chromebook. I can install linux on a laptop. With this? Possibly the only linux allowed will redhat, and all ARM devices will become non-upgradeable/customisable appliances, to throw away every year as they become "obsolete".
                Am I the only one who is scared of this "tivoisation" by design? Apparently for the lennart-fans here, this is a "good thing"(tm).
                Keep in mind, any distro with open source, even one of "signed filesystem images," could be rebuilt from the source to ignore signatures or replace keys with the uses, for use on unlocked hardware. It would be like having the source code for the firmware of a locked system, plus a Bus Pirate to forcibly reflash it with your hacked version. I suspect even an iPhone could be unlocked if the source code for the firmware was leaked.

                I do believe that as a community FOSS software authors should refuse to assist in the development of locked throwaway junk, anything likely to be desired for such a system should be licensed under GLP3 to explicitly forbid its use by these OEMs. If they are going to treat the owners of devices as black hats, than we should treat the makers of tivoised hardware as freeloading, code-mooching parasites.

                Speaking of that, I just thought of a way to prevent use of the kernel by the makers of tivoised devices without relicensing it: move some key functionality needed to start it to GRUB and copy it into all other Linux bootloaders willing to be licensed under the GPL3. Only that code would have to be relicensed. Make enough changes that cutting and pasting GPL 2 code from an older version won't work.

                Comment


                • Originally posted by Luke View Post
                  I suspect even an iPhone could be unlocked if the source code for the firmware was leaked.
                  It would still need to be properly signed once compiled in order to get it past the existing bootloader and/or firmware checks.

                  Originally posted by Luke View Post
                  Speaking of that, I just thought of a way to prevent use of the kernel by the makers of tivoised devices without relicensing it: move some key functionality needed to start it to GRUB and copy it into all other Linux bootloaders willing to be licensed under the GPL3. Only that code would have to be relicensed. Make enough changes that cutting and pasting GPL 2 code from an older version won't work.
                  Has Linus ever personally spoke out against tivoization? From what I gather, preventing such things has never been one of his goals, but I can't speak to that with any confidence.

                  Comment


                  • Originally posted by TheBlackCat View Post
                    It would still need to be properly signed once compiled in order to get it past the existing bootloader and/or firmware checks.


                    Has Linus ever personally spoke out against tivoization? From what I gather, preventing such things has never been one of his goals, but I can't speak to that with any confidence.
                    Linus says in debconf 2014 that he personaly does not like tivoization. But the social contract he pretends for the kernel is giving and receiving the source code. The trivoization clause seams to prevent that.

                    https://www.youtube.com/watch?v=1Mg5_gxNXTo#t=2841

                    Comment


                    • I was talking about the FIRMWARE source code

                      Originally posted by TheBlackCat View Post
                      It would still need to be properly signed once compiled in order to get it past the existing bootloader and/or firmware checks.
                      If it was iPhone firmware being hacked, recompiled from leaked source, and force-flashed by an external "bus pirate" device, the firmware checks would be what was removed, allowing any bootloader to be used that supported the processor in question, thus any operating system compiled to that architecture. Actually, the compiler might be a bigger problem: does anyone know exactly what architecture (presumably some kind of ARM) Apple is using?

                      Comment

                      Working...
                      X