Fedora, secure boot, and an insecure future

Overall great article, but two things:

1) It's worth noting that Matthew's plan is still simply a proposal at this stage. It's not yet been voted on by FESCo or the like. Perhaps something will change before that happens (although I doubt it), or FESCo could decide to reject the idea.

2) Additionally the article didn't touch on it, but hopefully there will be documentation and tools to allow any Fedora user to sign their own stuff. This way you could enable Secure Boot, but not use only your own keys signing your own bootloader shim/grub2/kernel. These tools and docs will of course be free and open.

An evolving resource with information on this for Fedora users:

https://fedoraproject.org/wiki/Secureboot

Maybe there is an upside to MS mandating secure boot.

It means that Linux users cannot use MS-Windows-8 certified hardware, so instead of just grumbling about paying a "windows tax" they will be more motivated to petition vendors to provide MS-Windows-free systems.

Presumably a vendor could easily sell two versions on the one hardware, one with an MS-Windows sticker and secure boot enabled, one with no sticker (or maybe a "Your Freedom Respected" sticker) and secure boot disabled. They would just need a modest probability of sales to justify the small effort.

I'm sure we have the buying power to support vendors who agree to support our freedom, but as yet the motivation to use it hasn't been strong enough. Maybe secure-boot will change that.

Let's assume that I have a dual boot machine ( I don't ), then after running windows I find that the fedora key has been revoked. So that now means I must get an updated boot chain installed. How am I going to do that? I can't boot into linux to run yum update? Am I supposed to do that from windows? Downloading a livecd or temporarily disabling secure boot is just as confusing for "the fedora userbase" as disabling secure boot in the first place.

I wish fedora would figure out who their users are. You can't be bleeding edge and for newbies all at the same time. In my opinion, it's just not working.

1) Having seen this in the past, I am wondering how many UEFI's will be shipped with no way to turn off the secureboot. I don't see vendors getting a no you can't if they don't ship it and it will be one less thing for them to have to put in the interface.

2) The push for secure boot will be coming from more than just Microsoft, I expect it will be required for PCI and various other compliances which will mean the majority of systems bought (eg enterprise systems) will require it. That will shift the systems that do not have security boot to being a very very small minority if at all.

3) My limited understanding is that the cost for designing any motherboard is in the 10-100k range these days depending on the things people want on the board (and all the patent licenses, cross licenses, etc needed).

4) What of the other commercial vendors? What are their plans when dealing with the first two above?

It seems to me that we need to push for hardware vendors to install easy way of allowing non-microsoft controlled access. For example, a second key controlled by some foundation, either enabled by default, or with a simple yes/no question in the BIOS.

So, what is the procedure for rescuing a system under secure boot? IIUC there is no way one can fix the operating system, file system, or bootloader after something goes wrong. Maybe not a problem for perfect operating systems such as Windows, but what if I misconfigured my Linux box?

In a comment by mjg in [1], he pointed out that on systems that have a secure boot firmware you will not even be able to swap out the firmware for freer alternatives like coreboot:

> The move to secure boot means that firmware updates are signed, because otherwise you could disable secure boot simply by pushing out a fake firmware update.

Now my fear is that, in few years, it will be practically impossible to buy an x86 mainboard that allow you to disable secure boot or to re-flash it with coreboot. This is scary.

[1] http://news.ycombinator.com/item?id=4064868

Why can't we pay (once) for a signed bootloader which just boots Grub. Then Grub can chainload anything it wants. After all, a signed copy of Windows can still run unsigned applications from within Windows, so why not have a signed bootloader running an unsigned kernel.

From a UEFI perspective, that would be a major "security hole", but who gets to decide when a key is revoked? If there is a microsoft vulnerability for a particular signature, doesn't MS get to be the one to decide to revoke the key?

This whole issue is being blown out of the water, Fedora users would be no less free to do what they want to their machines, they only need to disable secure boot. The actions taking place are to help people who don't want to do that, and that is not the kind of person that would boot a custom kernel, or run SystemTap.

The unfortunate reality is that in order to make your distribution work on a machine that was built for Windows 8 without disabling secure boot you will have to do the same thing. I would expect to hear Ubuntu and others to come to the same conclusion.

If the idea of secure boot is to much to deal with just by a computer from a Linux supporting company like EmperorLinux or System76.

I can not possibly see how a system that does not leave the owner of a system firmly in charge can make any sort of sense.

If you aren't installing the keys into UEFI that you trust and remove/revoking the keys that you don't trust this is in no sense
limiting a system to it's desired function by the owner of the device.

Frankly the proposed system would make the computer completely unworkable to me.

There might be an excuse for doing something like this after the distribution has been reengineered such that all of the needed policy and controls are in place to make the guarantees you want to make and
the only thing that would change in the magic UEFI secure boot mode would
be the key you sign the bootloader with. Making using UEIF with the
microsoft key as a fallback solution for those days when you just can't
install a key of the administrators choosing.

However doing this simply to get the hands of more people doing a half backed job of locking down the software is ridiculous. If you don't give people freedom to run the software of their choosing when being evangelical about free software and instead stick them with the a system where they can only run fedoras latest bugs I hardly see how that will improve the user experience.

I would like to point out that at the moment the "Fedora project" hasn't decided anything, this is a proposal put forward by one developer that happens to work for Red Hat. To be accepted into Fedora this has to be proposed as a feature first and approved by FESCO, and possibly the board.

"There may also be resistance from users who see a switch saying "turn off security" and don't want to flip it."

Well, from my experience, the situation is probably quite the opposite. Users anticipate any "security" feature to be an inconvenience for them and may well be willing to act to deactivate it at first confirmation of such inconvenience.
And well, when you think about it, maybe they are not so wrong about the overall situation. When you look at them in more detail, most recent security mechanisms do not adress final customers needs. They have been made to protect network operators, commercial software vendors, gaming companies, content distributors, etc. Being technically savy on computer security [1] may prevent us from asking us the right question about this secure boot security mechanism: should we accept it or reject it (you know, like that patch for the kernel)?

With restect to these recent evolution, it seems to me I'd like to have a different mechanism on my computers. IMHO, if I take this one, I will not have any other in the near future so; maybe I'll go in the users camp in fact and turn off that switch initially at least to show my desaprobation.

Anyway, this is just a mechanism; maybe it does not even fit my security needs... but that is another and more important question.

[1] I (should) be... :-)

lLts of erudite discussion here, but I can't find anything relating to the immediate practical problem. Are there any currently available motherboards which implement UEFI but also provide a BIOS way to disable secure boot for linux?

From my attempted discussions with Gigabyte and ASUS the answer from both of these appears to be 'no', although it was conducted in English text with folk who may have missed the point.

Amoungst our community, does anyone have higher-level contacts than just their generic web interface to get some answers? - or at least discuss the issue?

The company where I work has recently migrated from Windows XP to Windows 7 as the standard corporate desktop for its entire workforce. Its taken them a long time and a lot of money to do this. I doubt they will be rushing out to buy Windows 8/secure boot hardware for a few years to come. I've also read in the IT press how Windows 8 is likely to flop like Vista. I suspect there's going to be a lot of Windows 7 desktops around for quite some time to come in the corporate world. Which means corporate PC suppliers (HP etc) must sell PCs that can have this feature disabled if they want the corporate business. I am imagining a little switch at the back, turning secure boot on and off, like the little piece of plastic on 3 1/2 inch floppies to toggle the read-only. Worse for the casual user would be a jumper on the motherboard (if motherboards still have jumpers nowadays)

Another question raised in the comments was 'who would step up and manage a key independently of Microsoft'. What about a big PC vendor? They surely have in interest in it, and might get a competitive advantage - as long as its OK to have 2 keys on the same machine, then why wouldn't they? (apart from risking Microsofts ire). They could even charge something for a 'free software key'. I'd be happier paying that, than a Microsoft tax.

That said, the whole scheme is a recipe for abuse by commercial interests. Some entity has to manage the keys, and hence has power over the hardware owner. Power corrupts etc. Who would you trust - Microsoft? HP? Verisign? Your government? Redhat board of directors? Those Debian fanatics? FSF? Pick your poison!

Time and time again, it was even said by Linus himself. Linux should be focusing on pre-installed systems.

The user who knows how to download Linux, put it onto a USB stick or USB, restart their computer (potentially have to press the boot menu key for their computer) and run or install Linux. They know or will know how to disable secure boot and it would not deter them from using Linux if they could do. The user that Fedora and Gnome 3 are tailoring their user friendliness to does not exist. 99% of people if it does not come pre-installed they will not change. How do you think people find about Linux? Is there any T.V. Advertising? This kind of attitude is ridiculous. Paying $99 is just supporting and putting Microsoft in a better position than they are now... which currently is failing in every market. Some of these guys are so old and stuck in the 90's thinking that Microsoft on desktop is still the relevant target. The Tablet and Mobile market and some lesser extent Mac is where it is all concentration is at the moment, and you guys are ignoring ARM (which may be a waste of time or it may overtake x86). Secure boot and Windows 8 are aimed for high-end systems currently (e.g. ultrabooks), and these are going to be direct competition with MacBookPros and iPads.... if you were an un-informed consumer, who could not disable secure boot which one would you buy?

Also I have no idea why you cannot see that Secure Boot is supportive of a DRM system. Sure if you are talking proper access control, with a crypto module and tamper resistance, and remote attestation. Yes it does not support that. But what sort of DRM do we have at the moment? Well it is software based, and can be circumvented by say, using software to dump the memory or effectively installing your own root kit. Well what happens if Windows supports software DRM at the kernel level and prevents memory dumping of a certain application? You have to edit the kernel to circumvent the DRM for your system. What happens if at the kernel level it requires the user space code to be signed by Microsoft and downloaded from the Microsoft store. Well we just edit the kernel... but hang on that windows update last week meant I can no longer disable secure boot.... I cannot boot if I try to circumvent the DRM... Okay so I will have to flash the hardware manually... wait a minute the manufacturer has hard coded their certificate into the chip... crap DMCA territory.

This is exactly how the iPhone works and jailbreaking iPhones has a specific exception granted to it that might or might not be granted if secure boot was one day disallowed from being disabled.
Sure their are ways around certain aspects, the system does not have any real unique identifier that cannot be faked, but as it stands currently windows advantage or whatever uses a bunch of ridiculous random hashes of bios, cpu, driver information. The uniqueness required for DRM is included in the software key, which will disable windows update, etc. if it detects it is circumvented already.
Companies want DRM at any level, they would even accept obfuscation as a form of DRM if they thought it would stop even 1 person from pirating their stuff. All it takes it one person to go.... hey wait a minute if we stop people from disabling secure boot we could be in a better place than we are now.... this would trump whatever anti-trust people would through our way.

Sure you could install pirated software on a pirated copy of windows on a computer without secure boot. But in 5 years time you will be stuck with old hardware, as everything you want to buy will come with secure boot.

I mean another example could be on a system with windows 8 starter, black list the signatures for windows 8 home, and premium, ultimate etc. then if they purchase the upgrade you use windows update and the manufacturer's key to un-blacklist the version of windows they purchased. How can you say this is not DRM...

Coreboot support and linux on pre-installs is the way forward. That $99 could be spent elsewhere. Save the pennies and the dollars will look after themselves

Actually it is more than $99.

It is also the wasted time and red hat or community money and resources making a secure boot compatible kernel... this is $100,000's of work and man hours.