Announcement

Collapse
No announcement yet.

Linux Group Files Complaint With EU Over SecureBoot

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • phoronix
    started a topic Linux Group Files Complaint With EU Over SecureBoot

    Linux Group Files Complaint With EU Over SecureBoot

    Phoronix: Linux Group Files Complaint With EU Over SecureBoot

    The Hispalinux Spanish Linux association has filed a complaint against Microsoft with the European Union over the UEFI SecureBoot...

    http://www.phoronix.com/vr.php?view=MTMzNjc

  • blackiwid
    replied
    EDIT2:

    your argument, that companies that are partners are the same as would microsoft build the pcs themself, is just stupid, whats next? Intel and amd have windows 8 recommend prozessors, or they get that logo from microsoft and maybe only windows boots on this prozessors if they sign to that, and to get that they also get such feature so that only windows work with them, except you hack them 1000hours per prozessor?

    So whats then the way, build your own prozessors, yes lets take 1000 redhat programmers and some other programmers, and build a prozessor thats even nearly as fast and cheap than a normal pc.


    And then, if microsoft makes some programm with powercompanies, that sell you power, that their pc will only boot up, if they get the right frequency modulation over the network, what they only get from microsoft when they shut you down the power if you want to use another pc, yes something like that would be technicaly possible in theory.

    So then whats next if you want to use linux on a pc, go ahead build for yourself a complete power plant?

    wtf...

    total garbage argument, you could argue why apple can do such stuff and microsoft not, first apple dont does the same, at least they sell their pcs, to forbit 3rd party companies to sell pcs is also a bad thing, but its not the same, so even tehy are not allowed to dictate every other pc-sell-company whatever they want, only that they are not allowed to preinstall their pc-os.

    But even if you think thats nearly the same, (what is not, if microsoft trys to do the same, we have many companies that sell than pcs with linux, and most likely they would win the fight and nearly nobody would use windows in 5 years from now).

    But again even if you compare it, its not the market leader, there are anti-trust laws in the world in america in europe and everywhere.

    https://en.wikipedia.org/wiki/Competition_law

    and we have them for a good reason, because competition on a field where competition is possible, if its really competition and not only secret price agrements, leeds to at least cheaper products and maybe better products, at least in the product live cycle.

    In reality at least it gives you cheap stuff and more diversity and if you invest much time into digging around, maybe even to quality, of course for the mass most of the time it doesnt lead to quality, but at least for the bad quality they dont have to pay much, like it happens with windows.

    Leave a comment:


  • blackiwid
    replied
    Originally posted by johnc View Post
    Microsoft should have every right to secure their systems as they see fit. This endless whining over SecureBoot is getting ridiculous.
    If microsoft as company sells pcs, you could maybe agree to what you are saying. But in most cases, companies like as example dell sell pcs, and just because they preinstall windows on it, dont makes this systems Microsofts systems.l

    Its like you would say, Tolkin or the company that made the lord of the rings movies should be able to tell cinemas in which color they paint their cinemas, because its teir cinemas because their movies had most sucess in the last years.

    EDIT:

    I dont get how this fanboyism works, it seems to completly shut-down the brain of the affected people... they would find it ok if the company murders because they love them and if it helps the company it should be allowed.

    Leave a comment:


  • nomadewolf
    replied
    Originally posted by mjg59 View Post
    So stop talking.
    And i did. About what i don't know.

    EDIT:
    Secure Boot is not secure!!!
    Secure Boot is not secure!!!
    Secure Boot is not secure!!!

    Leave a comment:


  • dee.
    replied
    Originally posted by mjg59 View Post
    In a secure variable that can't be accessed from outside the firmware.

    Whoever has a key that your machine has in KEK. For most machines, that means Microsoft.
    And that's still a one source of trust model, which is flawed.

    Why trust microsoft? Everyone who has ever trusted microsoft has gotten their fingers burned.

    And so doesn't match the whitelist hash that the LF loader has installed for you, so still doesn't boot.
    So... there's a whitelist for what the LF loader can load? So what if I make a Linux distro, do I have to go and apply to get my distro whitelisted for it before I can use the bootloader? Does every new version of the distro have to apply for a new whitelisting?

    ie, me.
    Oh, you're that guy. Figures.

    There's no such thing as "The UEFI key", and you've misunderstood that conversation.
    Oh you know what I mean. What have I misunderstood then?

    You and Linus don't have to take responsibility for ensuring that distributions remain installable.
    But wait! Secure boot can be switched off! And there's no way the bootloader can be used maliciously, as you've been saying all the time! Make up your mind now...

    Also I agree 100% with Linus. Trying to bend over backwards just to satisfy some kind of microsoft scheme is stupid, we shouldn't let microsoft control Linux. Nothing good comes from giving microsoft control, they're the plague of computing. If we can only increase Linux market share by caving in to microsoft and letting them dictate how to develop Linux, then it's better to stay obscure. But I don't think Linux even needs to do that - microsoft is on it's way out and secure boot is a temporary, it will pass eventually, when people and OEM's see how flawed it is.

    Leave a comment:


  • mjg59
    replied
    Originally posted by nomadewolf View Post
    Already admited that i don't know, and won't dispute.
    Also, 2 lazy to find out...
    So stop talking.

    Leave a comment:


  • duby229
    replied
    I really like Torvalds! The guy is awesome. There are very few people as bluntly honest as he is. Its good stuff

    Leave a comment:


  • Gps4l
    replied
    Originally posted by bridgman View Post
    Put a post somewhere on an internet forum telling people they can get 5% better graphics performance by loading <xxx> using the bootloader, that they should expect the following warning messages, and that they should ignore them all
    lmao, I noticed this to be true, with the tux for Linux on steam.

    People weer blindly giving some program 100% acces.

    Leave a comment:


  • nomadewolf
    replied
    Originally posted by mjg59 View Post
    Yes. You don't know what you're talking about.

    No, that's not how it works.
    Already admited that i don't know, and won't dispute.
    Also, 2 lazy to find out...

    Originally posted by mjg59 View Post
    No, it's much easier to blacklist the hash - 256 bits against 2048.
    In a simplistic perspective: blacklisting 256 bits is easier than blacklisting 2048
    But...
    Those 2048 would already be in memory. With just 1 extra bit, we could control if it's good or bad. Whilst adding the 256 bits of the malware, would be 255 extra bits.
    Also, since the process of creating a new key, and distributing it is slower and more complex, much less would be created. Would it be enough to make a difference? One can only speculate, i admit.


    Originally posted by mjg59 View Post
    How many signed pieces of malware are there going to be?
    This i know for sure.
    It's not the malware that is going to be signed. It's the Linux Foundations' bootloader. None of the genuine Linux kernels will be signed. The malware won't have to also.
    Writing this i just realized the following:
    I thought that it would the the keys that would be blacklisted. But you say that is the malware. I was having trouble understanding how exactly that would work, but now i think i get it.
    What you mean that will be blacklisted is the software that is signed, correct? Since what the Linux Foundation will be distributing is a signed bootloader, which in turn can be used to boot whatever software(Linux)/malware you want.
    This means that i wouldn't even have to re-write malware, since the bootloader is what would be blacklisted.

    Which brings a new problem: even the Linux Foundations' bootloader is not malware, it will be blacklisted and forced to be modified, without any need for it...

    YES, this means that Linux won't be taking advantage of the UEFI 'security' features.

    Originally posted by mjg59 View Post
    And what would be the point? You're still going to have to socially engineer people into wanting to install your OS, which I think you're going to have trouble with.
    What is the point with all the malware around? Isn't that how virtually every piece of malware spreads? 'My OS' is just a suggestion of the top of my head.


    Bottom line is:
    Secure Boot is not secure!!!
    Secure Boot is not secure!!!
    Secure Boot is not secure!!!

    Leave a comment:


  • mjg59
    replied
    Originally posted by dee. View Post
    Ok, so where are the grub hashes stored
    In a secure variable that can't be accessed from outside the firmware.

    and where do blacklist updates to grub hashes come from?
    Whoever has a key that your machine has in KEK. For most machines, that means Microsoft.

    Are they stored and updated the same way as the UEFI keys
    Yes.

    or are they just stored in the bootloader itself, and blacklisting the grub hash requires updating the bootloader itself?
    No.

    Also, self-modifying code. Polymorphic viruses. Malware whose hash never stays the same...
    And so doesn't match the whitelist hash that the LF loader has installed for you, so still doesn't boot.

    Also also: at least according to what I read on the LKML, Matthew Garret himself
    ie, me.

    - the main UEFI proponent in the Linux camp - seems to be worried that malware authors could abuse Linux bootloaders (or Linux itself) which would cause MS to revoke the UEFI key.
    There's no such thing as "The UEFI key", and you've misunderstood that conversation.

    This, to me, is pure idiocy. Linux is all about user control. Linux doesn't need any "trusted computing" features that disallows the user from using their software in whatever way we please. It's not the kernel's job to prevent the kernel from being used maliciously, just to satisfy some kind of microsoft trust model that is malicious to Linux in the first place. Thankfully, Linus seems to agree with me.
    You and Linus don't have to take responsibility for ensuring that distributions remain installable.

    Leave a comment:

Working...
X