Announcement

Collapse
No announcement yet.

Linux Group Files Complaint With EU Over SecureBoot

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #21
    Originally posted by duby229 View Post
    Except that it is MS that issues keys. If I can use... say Redhats key (that was issued from MS).... for a livedvd that I publish, what would prevent a bootloader virus from using the exact same key?

    And that is my point. It isnt speculation. Its fact.
    This isn't entirely correct, as you can create keys that bear no relation to Microsoft yourself. Redhat is choosing however to have Microsoft sign their keys, which is a *convenience*, but arguably politically problematic as people have pointed out - Microsoft could revoke the certificate for Redhat afterwards.

    But you can really, really remove all control that Microsoft has over your own system. That would make that bootloader virus also not work.

    Comment


    • #22
      Originally posted by sofar View Post
      This isn't entirely correct, as you can create keys that bear no relation to Microsoft yourself. Redhat is choosing however to have Microsoft sign their keys, which is a *convenience*, but arguably politically problematic as people have pointed out - Microsoft could revoke the certificate for Redhat afterwards.

      But you can really, really remove all control that Microsoft has over your own system. That would make that bootloader virus also not work.
      But then it is just a matter of building a list of keys.. Much like how Bluray has been hacked. Bob Homegrown trying to Install Ubuntu on his new Dell laptop isnt going to have the knowledge to do what you suggest he should be able to do. But there is a large hacker community hard at work even as we speak. A large hacker community that wouldnt have anything to do had Secureboot not given them something to target. The problem with shit like Secureboot is that all it effectively does is get in the way of the end user that doesnt have the skill to know any better and provides a target for individuals with the skill to target it.

      The point still holds.
      Last edited by duby229; 26 March 2013, 07:28 PM.

      Comment


      • #23
        Originally posted by frign View Post
        - No hardware vendor goes Linux only (and I am not talking about sporadic Linux-machines)
        now that's a problem I'd like to see solved.... :^)

        Originally posted by frign View Post
        Talking of userspace, this is where Microsoft lacks today: Windows didn't change fundamentally in regards to their security: I guess, instead of working on security more thoroughly they rather focus on cementing their monopoly in the interest of a feigned "security" to shut the users up.
        I hear you.

        While UEFI Secure Boot doesn't make (windows) more secure (because it's full of holes), nothing says that it can't help make (linux) more secure by allowing people to prevent their systems from booting unauthorized OS's.

        Comment


        • #24
          Originally posted by duby229 View Post
          But then it is just a matter of building a list of keys.. Much like how Bluray has been hacked. Bob Homegrown trying to Install Ubuntu on his new Dell laptop isnt going to have the knowledge to do what you suggest he should be able to do.

          The point still holds.
          If you know one of microsoft's keys, you can own many systems, yes. But you still won't be able to own the systems that has Microsoft's keys removed altogether.

          Comment


          • #25
            Originally posted by sofar View Post
            This is complete nonsense, and factually incorrect. Please stop spreading FUD, you are completely wrong here.
            Is personal computer architecture same to proprietary console? No, its not. Hence constant fear - first IBM, then MS, to be caught at monopoly. Personal computers uphold special place.

            Does secure boot give control to hardware owner?... No, it gives control to manufacturer to decide what is allowed or what not. The proof is that microsoft primary uses secure boot to bind its OS to hardware as a form of anti-piracy and, at same time, to make it much more difficult for people to try or install other OS, because w8 is a failure (Gaben). One is also required to sign up with microsoft in order to get any boot keys for own kernels.

            In order to secure the boot process, the secure cards and TPM chips with according interfaces were long available and are under full control of the user of hardware, unlike "secure boot".

            Comment


            • #26
              Originally posted by sofar View Post
              If you know one of microsoft's keys, you can own many systems, yes. But you still won't be able to own the systems that has Microsoft's keys removed altogether.
              I edited my post with additional information after you quoted me. Just saying that If someone that didnt have the knowledge to do what you suggest wanted to do it, they would be SOL. And that is the problem with Secureboot. It doesnt help average computer users. It doesnt effectively do anything for most folks except lock them in to MS issued keys. Those folks that have the knowledge to do something about it are. Its just like any other Restriction management system.

              It impedes the end user from doing what they have the right to do, and does nothing at all to prevent unwanted usage scenarios by people with questionable scruples that have the knowledge to do what they want..
              Last edited by duby229; 26 March 2013, 07:41 PM.

              Comment


              • #27
                SecureBoot for Linux?

                Originally posted by sofar View Post
                now that's a problem I'd like to see solved.... :^)



                I hear you.

                While UEFI Secure Boot doesn't make (windows) more secure (because it's full of holes), nothing says that it can't help make (linux) more secure by allowing people to prevent their systems from booting unauthorized OS's.
                Now please tell me when this case would apply in the GNU/Linux-world.
                Unless you really have direct, immediate access to the computer, there is no real way to modify the MBR, because it would require the attacker to use a variety of 0day-exploits (if existent) to actually access the file system.
                This model in combination with the little market share and _high_ security of un*x-systems renders the pain of SecureBoot-licensing too high and inefficient and rather encourages to remove this abomination to human kind as soon as possible.

                Comment


                • #28
                  Originally posted by sofar View Post
                  I'm sure this is a legitimate complaint. There will be many users with this problem. Bottom line is that you succeeded.

                  What system was this? Did the vendor provide documentation to you? Did you contact the vendor support line?
                  The vendor support will say - we support windows only.
                  Windows only support means - microsoft certification is required.
                  Microsoft certification means - need secure boot.
                  Secure boot means - we control what you can boot.

                  To prove me wrong, try to boot what you own on "secure boot" enabled system without contacting or contracting microsoft.

                  True secure boot would mean - user is able to dictate firmware the CRC for any piece of software he uses, as well that chain loading process is good documented and transparent.
                  Currently UEFI is a mess and microsoft controls what user can boot.

                  Comment


                  • #29
                    adelante cabrones fuck them in their microsoft asses





                    it actually can amount to something because we all broke in europe now and I bet the EU commission would welcome the chance to get some more m$ dollars

                    if they can get 700 million euros for the browser thing they can probably get a couple of million for secure boot


                    and you all just shut the fuck up... microsoft using this uefi shit for security is like a aids ridden diseased crackwhore that raw dogs for $10 asking for a clean needle before injecting

                    Comment


                    • #30
                      Originally posted by phoronix View Post
                      Phoronix: Linux Group Files Complaint With EU Over SecureBoot

                      The Hispalinux Spanish Linux association has filed a complaint against Microsoft with the European Union over the UEFI SecureBoot...

                      http://www.phoronix.com/vr.php?view=MTMzNjc

                      Why are these cases always fought in the EU and never the US? Doesn't America have anti-competitive laws too?

                      Comment

                      Working...
                      X