LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Details on Ubuntu's UEFI secure boot plan

Details on Ubuntu's UEFI secure boot plan

Posted Jun 22, 2012 20:43 UTC (Fri) by raven667 (subscriber, #5198)
In reply to: Details on Ubuntu's UEFI secure boot plan by dbruce
Parent article: Details on Ubuntu's UEFI secure boot plan

This bit sounded like mistaken reasoning to me. The GPLv3 never requires distribution of private keys, that is just a bad meme that keeps going around. If the manufacturer pre-loads a machine then they are the ones distributing the software, just like other software where the manufacturer gets a license to distribute from the OS vendor. If, by some mistake, they don't provide a way to load user-customized software, by breaking key installs or preventing secure boot from being disabled, then they are in violation of their distribution license.

In this hypothetical case I think it would make sense for the manufacturer to RMA or refund the bad equipment. I think the talk about disclosing private keys is ludicrous.

(Log in to post comments)

Details on Ubuntu's UEFI secure boot plan

Posted Jun 22, 2012 21:21 UTC (Fri) by bronson (subscriber, #4806) [Link]

The GPLv3 requires the ability to load user software. If the only way to do that requires disclosing the signing keys, then so be it, that's what must happen.

Remember that it's Microsoft who set this whole UEFI mess up, not Ubuntu.

Why does this sound so far fetched to you? Seems like a perfectly reasonable reading to me.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 23, 2012 21:25 UTC (Sat) by rich0 (guest, #55509) [Link]

Yes, but that duty only falls on whoever is distributing the code to the user in question. If a computer requires a signed GPL image to boot, then whoever distributed the computer with the GPL software on it has to provide the key. Nobody else is a party to this. If a vendor distributes GPL code and requires it to be signed by a key they don't have, then they've exposed themselves to legal liability with no remedy short of issuing new hardware.

How is Ubuntu a party to what some hardware vendor does with their software, unless they paid them to do it?

Details on Ubuntu's UEFI secure boot plan

Posted Jun 27, 2012 1:28 UTC (Wed) by bronson (subscriber, #4806) [Link]

Ubuntu distributed the soft are to the vendor. You don't think the vendor will kick lawsuits their way if at all possible?

> How is Ubuntu a party to what some hardware vendor does with their software, unless they paid them to do it?

Ubuntu can enter into a valid contract with a hardware vendor with no money changing hands. And they can even get paid to do it! In fact, one would expect that this is their intent.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 27, 2012 8:13 UTC (Wed) by dgm (subscriber, #49227) [Link]

> Ubuntu distributed the soft are to the vendor.

But, as long as Ubuntu is not the one holding the keys, they will be in the clear regarding GPL compliance.

> You don't think the vendor will kick lawsuits their way if at all possible?

They can sue anybody they want, but that's frivolous litigation, and they may be fined for that.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 27, 2012 18:38 UTC (Wed) by bronson (subscriber, #4806) [Link]

> But, as long as Ubuntu is not the one holding the keys, they will be in the clear regarding GPL compliance.

Exactly. And Ubuntu is the only one holding their key. Did you think somebody else would have it?

> that's frivolous litigation

It's not frivolous if it's the only way for the white box distributor to to comply with GPLv3.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 28, 2012 10:29 UTC (Thu) by jschrod (subscriber, #1646) [Link]

OK, so if the hardware vendor is obliged to deliver the key, and Canonical plans to convince hardware vendors to use their key -- where does the vendor get the key from, if not from Canonical?

It's not of practical relevance that "user demand => Canonical commitment" does not happen. The thing that might happen is "user demand => vendor commitment => vendor demand => Canonical commitment", and that's what the fuzz is about, AFAIU.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 28, 2012 13:54 UTC (Thu) by dgm (subscriber, #49227) [Link]

I think you're assuming that:
- providing some key is the only way to allow modified software to run.
- that key can only be Canonical's.

Instead, the hardware vendor can:
- provide other means (disable secureboot).
- provide vendor's specific keys.
- provide means to install (additional) customer keys.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 28, 2012 14:14 UTC (Thu) by jschrod (subscriber, #1646) [Link]

> I think you're assuming that:
> - providing some key is the only way to allow modified software to run.
> - that key can only be Canonical's.

That's what this sub-thread is about. Read bronson's post (http://lwn.net/Articles/503072/) where it started. There it's argued that even under the assumptions cited by you above, this is OK. Then rich0 came in and told bronson that this won't matter for Canonical. And my contribution was to point out the fallacy in his thinking.

> Instead, the hardware vendor can:
> - provide other means (disable secureboot).
> - provide vendor's specific keys.
> - provide means to install (additional) customer keys.

These are other scenarios. It's about an hypothetical scenario where the end user can demand the keys. My contribution to the discussion is that then, in this case, a hardware vendor will not shield Canonical from that demand.

Please also note that the FSF seems to agree that the situation, that keys must be supplied, is plausibel, as Nate notes in the Security feature article. I wouldn't discard their opinion on the GPLv3's meaning as fast as many here are ready to do. And if I would be responsible for due diligence in a company and would receive such warning from the FSF, I would make sure that my company pays attention to it.

Btw, FTR: We use neither Ubuntu nor Fedora and will probably turn off secure boot on our systems, when it arrives. So I consider myself impartial concerning the different factions in this discussion.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 28, 2012 17:11 UTC (Thu) by dgm (subscriber, #49227) [Link]

Let's put some context, then:

raven667: In this hypothetical case I think it would make sense for the manufacturer to RMA or refund the bad equipment. I think the talk about disclosing private keys is ludicrous.
bronson: The GPLv3 requires the ability to load user software. If the only way to do that requires disclosing the signing keys, then so be it, that's what must happen.

> My contribution to the discussion is that then, in this case, a hardware vendor will not shield Canonical from that demand.

In my opinion (IANAL), you're wrong. Those are the facts:

* The customer has received a device from a device vendor, with some software covered by the GPL v3.
* The device vendor can distribute this software only as long as it complies with the terms of the license. These terms include allowing the customer to run modified versions of the software.
* The device vendor cannot comply with the license terms, because they do not posses the signing keys, and cannot offer any alternative method.
* Thus they have been distributing the software without a proper license.
* Canonical is distributing the software to the vendor, and they fully comply with the requirements of the GPL. Their customer (the device vendor) would not have any problem loading any modified versions, because they control which keys are loaded.

So, to sum it up, the vendor would be distributing a pirated copy of Ubuntu. It's their fault, and they are the ones that have to pay for it.

To prevent this from happening, device vendors should provide means to load alternative keys or disable secure boot.

Details on Ubuntu's UEFI secure boot plan

Posted Jun 25, 2012 0:00 UTC (Mon) by dgm (subscriber, #49227) [Link]

> If the only way to do that requires disclosing the signing keys

Sure there are a few options before they get at that. Released a "fixed" version of the UEFI firmware being much easier for everyone.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds