As it was too late to edit my post, here is the rest of it:

"We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular)." (http://0pointer.net/blog/revisiting-...x-systems.html)

With this, we will no longer have linux. We'll have a tivo, that only runs something mandated by the hardware seller, and that the user can't change. Right now, I can replace the firmware on my routers with DD-WRT, or Tomato, or whatever else. I can install plain linux on a chromebook. I can install linux on a laptop. With this? Possibly the only linux allowed will redhat, and all ARM devices will become non-upgradeable/customisable appliances, to throw away every year as they become "obsolete".
Am I the only one who is scared of this "tivoisation" by design? Apparently for the lennart-fans here, this is a "good thing"(tm).

launchd

+1
I am still waiting for Open Launchd.

There was not a fight. Maybe in your head there is, but there might be an entire battle going on we only do not know about. It simply was decided by a few to ship it out with many distros. Until then did hardly anyone care for what a few developers do in their time.

People are protesting for various reasons. They are protesting against the lack of choice, because it was adopted by so many distros at once and without giving an alternative. They are protesting, because it does not solve problems, which also do not exist for everyone, but it cures symptoms, which come from problems caused by many years of neglect and short-sightedness in the designs of software packages, or I could just call it an excessive abuse of freedom. In most parts are these problems being created by the distros themselves, who are constantly trying to cram too much under one hat, making compromises everywhere, until they need to grasp for a solution like a drowning man grasps for a straw. There is nothing desirable about this, and it is not in the responsibility of the users to offer a solution to the problems created by the distros themselves.

Is it getting better with systemd? A few seconds faster boot up and shutdown times seem to indicate an answer for many users, but to anyone with a bit of knowledge of software design and who is capable of looking deeper does immediately show the old problems it is going to bring back.

Is it worth protesting? It is worth for those who do not wish to end up with yet another monopolist or only hate having twisted and compromising software on their computers. To those who cannot care for it or to whom it is of no meaning is a protest certainly of no value whatsoever. All they can protest against is the protest itself. In this sense are we all united.

Relax. For normal PC's and servers, this would mean another level of defence against getting the machines compromised by malware and hackers. The machine owner owns the signing keys too. This is fully blessed by Linus Torvalds himself.

Regarding embedded devices. It has been possible the last decade or so, to lock down any embedded device so that Linux won't run on it. I believe many Android phones comes with a bootloader lock already, so that only signed OS's can boot from the device. Such hardware could easily make it impossible to install Linux or other unsanctioned OS's on the hardware.
These days many manufacturers doesn't bother, or makes it possible to disable the bootloader lock, simply because it sells better that way it appear.

It won't change a thing in that regard that Linux will have better support for cryptographically signed OS.

Regarding upgrading such a cryptographically signed Linux, then remember that system updates still works as usual, including OS upgrades.

So nothing will really change from today; if the hardware manufacturer won't let you run another unsanctioned OS on their hardware, they can easily make it so. (like the xbox etc.).

A cryptographically signed Linux OS however, will be of tremendous benefit for all who cares about privacy, surveillance, and security.

If both of this statements (in particular the first) are true, then my fears are mitigated - for now. Do you have any verifiable source on this?

Here is an old mail from 2006 where he says "Because digital signatures and cryptography aren't just "bad DRM". They very much are "good security" too." :


Here is the release notes from an old 2.6.12 kernel, where a new feature is support for Trusted Computing (TPM):


You can find other statements like this about trusted computing etc. The point is, that he thinks it is great to for the device owner to have the signing keys so that the system can be locked down and be very secure. Of course he also thinks it is fine that Debian signs their own packages and that no one gets that key. That is just good security.

On the other hand, Linus is of course totally uncompromising against supporting hardware signed keys were the device owner doesn't own the keys too: (warning: Linus giving the finger photo and strong language)

I was more hoping for something from the "systemd cabal" (as they called themselves in that blog post) stating clearly that the machine owner will always have the keys, and will be able to sign, build and install his own packages. They are the ones pushing for this "all signed tamper proof" OS, so something more specific would be nice.

I didn't specifically address the first question about always having the key:
It is probably quite possible to use TPM to lock down a Linux system so that only the device manufacturer can modify the OS (the end user doesn't won the keys). But this has been possible for a very long time and Lennart's suggestion for re-organising the Linux OS layout doesn't change a bit about this.

Linus' suggestion is to never buy such locked down hardware, vote with your feets so to say.
That strategy seems to work somewhat, in that enough people only buys smartphones that allows a Cyanogenmod version to be installed, so many phone makers allows disabling the bootloader lock, even though it is trivially for them to lock down the system completely. Several router vendors also acknowledge third party firmware.

Given the choice, Linus will never endorse or allow support for third party vendor hardware locks in the kernel.

So for all end user devices that allows the installation of Linux, the owner will always own the keys for locking it down or not.

They can't guarantee that, but it is has nothing with their proposal, that is an effect of having a TPM framework in the hardware; if the hardware vendor only allows a certain signed OS to boot, then there is nothing one can do than avoid buying the product. The present framework allows for the end user to have the final say and having the final "key" for locking the system and this is what people want and the only really viable solution for the general pc/workstation/server market.

So if the hardware allows for the end user to having the final key for locking the system down, then it allows for a very secure OS with everything regarding boot and base system having signed keys. As it is now, we experience all the down sides of having TPM frameworks with hardware like the xbox and PS4 being locked down, but doesn't benefit from its upsides that allows for a secure Linux OS installation.

It would be commercial suicide for any general Linux distro to make a locked down OS that didn't allow for running third party unsigned software. Seriously, who would want that? The paying costumers all tend to run such third party software, or use Linux to develop stuff, all of which would be impossible on such a locked down system.

A trustable TPM is main weak link in securing own systems

I've actually thought of using this sort of system to allow verification of my own kernel and initramfs without having to boot them and compare after the fact to a stored hash, as a defense against boot time software keyloggers. The problem is almost all attackers I am concerned about are state-level attackers, so I have to assume they can bypass a TPM as trivially as the FBI is known to be able to bypass an ATA security lock on a hard drive. Thus I would need either a covert place to stash the signing keys or a TPM that could be trusted. I don't have the resources to manufacture a TPM myself. Naturally, the only key I would ever trust to verify images I have made myself is my own, as that's the only way I can guarantee that nobody else has the private key.

The main disadvantage of pre-boot authentication is having to trust the TPM, the main advantage is not having to trash your passphrase and LUKS keys if an attack is detected. The main advantage of post-boot authentication is not having to trust any commercial cryptgraphic device, the main disadvantage is having to make a new passphrase and rekey everything if an attack is detected. Both can be defeated by a really skillful opponent even without backdoors, so they are but layers in a larger defense.

BTW, to use a hash of the whole system partition (not just /boot) for a pre-boot check would be time consuming, it takes long enough to take a hash of a boot partition used for cryptsetup. When hash values rather than signatures are used, a file could be renamed, a new file run, and the last step being to remove the new file and restore the original name. This won't change the timestamp in many cases, but will change the partition hash due to changed bits.