| |||||||||||||
'You have to divulge your private key' meme'You have to divulge your private key' memePosted Jul 2, 2012 19:25 UTC (Mon) by raven667 (subscriber, #5198)In reply to: 'You have to divulge your private key' meme by davidescott Parent article: The FSF's advice to distributors on UEFI secure boot
> Am I misreading?
There is no divulging of keys, there is nothing that the manufacturer needs from Canonical to satisfy the GPLv3 anti-Tivoization clause so there is no legal liability that is being shoved off. The vendor just needs to provide an on/off switch or key management via the firmware to the end user which should not be difficult, it is part of the UEFI standard.
(Log in to post comments)
'You have to divulge your private key' meme Posted Jul 2, 2012 22:22 UTC (Mon) by blitzkrieg3 (subscriber, #57873) [Link]
> The vendor just needs to provide an on/off switch or key management via the firmware to the end user which should not be difficult, it is part of the UEFI standard.
Yes but in the event that they _don't_ provide either of these things, the manufacturer needs to have a way to let people back into their hardware. The only way this is possible is by distributing the private key.
'You have to divulge your private key' meme Posted Jul 2, 2012 23:15 UTC (Mon) by raven667 (subscriber, #5198) [Link]
If they can update the firmware then they can still make a good faith effort and resolve the issue. If they can't do that for some contrived reason then I guess the copyright holder, whose software the vendor is distributing without a license, could sue for an injunction against further sales and ask for some kind of relief. The GPLv3 is on pretty solid legal ground so I really don't see it coming to that as a practical matter, I'm not sure what vendor would willing to back themselves into a corner that way. It should go without saying that the license doesn't need to protect vendors who are acting in bad faith from their customers and suppliers.
'You have to divulge your private key' meme Posted Jul 3, 2012 0:22 UTC (Tue) by mjg59 (subscriber, #23239) [Link]
Every firmware vendor has implemented support for modifying the key database. A hardware vendor would need to explicitly disable this in order to lose the feature, and if they did then they could produce another firmware build that had it enabled again. I can't see any real way that a vendor could accidentally sell a machine that had no way of complying with GPLv3 other than Canonical providing private keys.
'You have to divulge your private key' meme Posted Jul 3, 2012 9:15 UTC (Tue) by NAR (subscriber, #1313) [Link] Every firmware vendor has implemented support for modifying the key database.And what happens if a there comes a new vendor tomorrow who doesn't implement support for this in order to save $0.02 per unit?
'You have to divulge your private key' meme Posted Jul 3, 2012 12:29 UTC (Tue) by nye (guest, #51576) [Link]
>And what happens if a there comes a new vendor tomorrow who doesn't implement support for this in order to save $0.02 per unit?
Then they would *potentially* have a GPL3 problem, and they wouldn't be able to get Windows certification.
In that case, saving $0.02 per unit doesn't seem like such a great trade-off, since the resulting machine would have a target audience closely resembling (if not actually equal to) the empty set.
'You have to divulge your private key' meme Posted Jul 3, 2012 15:21 UTC (Tue) by mjg59 (subscriber, #23239) [Link]
They'd be starting from the reference implementation, which also includes support for modifying the key database, so they'd need to actively spend time removing the functionality. That seems like a strange way to save money, especially since they'd then be unable to sell into the Windows 8 market.
'You have to divulge your private key' meme Posted Jul 3, 2012 16:34 UTC (Tue) by robdinn (guest, #30753) [Link]
Hardware vendors of budget laptops have already shown that they are willing to go to the effort of adding anti-features to their products to, say, disable hardware virtualization. I am second guessing why, but one reason might be that they want you to purchase a higher spec model with a higher purchase price if you want to use such features. (Shenanigans like this are nothing to do with Microsoft).
Could the hardware vendors to the same thing with locked keys. They (the hardware vendor) makes a choice that they are only going to support a restricted set of Microsoft Operating Systems on some of their products. They might believe that this would reduce their support costs because they don't have to deal with returned machines where the user has wiped the microsoft keys, bricking the device. It would also provide them with an opportunity to sell the customer a different model where the keys are not locked down, at a price premium of course.
You say that Microsoft's current rules would forbid such activity. That's welcome but Microsoft could change the rules in the future.
The vendor is choosing not to ship any free software so free software licences are moot.
I am trying to think of ways for the hardware vendor to do evil things.
'You have to divulge your private key' meme Posted Jul 3, 2012 16:53 UTC (Tue) by mjg59 (subscriber, #23239) [Link]
Could a hardware vendor produce a device that only boots operating systems the hardware vendor approves of? Clearly, yes. Vendors can be evil if they want to be evil.
Vendors can be evil if they want to be evil. Posted Jul 3, 2012 19:38 UTC (Tue) by hummassa (subscriber, #307) [Link]
... only if you are evil-er and buy from them.
:-D
'You have to divulge your private key' meme Posted Jul 4, 2012 13:10 UTC (Wed) by pboddie (subscriber, #50784) [Link]
Despite assertions of paranoia by those who either have a short memory or deliberately want us to ignore the history of the industry, there are various malign reasons why companies might disable or intentionally obscure the ability to install different keys, all to give the impression that things were done "by mistake" and to let everyone point the finger at everyone else, leaving the customer without redress as usual.
If only there were the equivalent of the ITC patent "witchfinder" courts that Apple and friends hold so dear, whose purpose rather than acting to uphold monopolies on behalf of multinationals would be to act in the public interest and ban products from companies who treat their legal obligations with contempt.
'You have to divulge your private key' meme Posted Jul 5, 2012 9:02 UTC (Thu) by etienne (subscriber, #25256) [Link]
> there are various malign reasons why companies might disable or intentionally obscure the ability to install different keys
You mean, like changing all the time which keyboard key you have to press to enter the BIOS menu, displaying which key it is for too short a time, removing the PS2 keyboard plug, and delaying the USB initialisation so that it is very difficult to find the right time to press the key on a USB keyboard before the black-listed OS is booted and then refused and then power off the machine?
'You have to divulge your private key' meme Posted Jul 8, 2012 1:40 UTC (Sun) by zlynx (subscriber, #2285) [Link]
I've read about a trick to fix the USB keyboard problem although I have never tried it myself. I wanted to, but couldn't find the right sort of device.
Anyway the trick was the find a USB device that takes a while to process so as to keep the USB initialization BIOS busy long enough to press the keyboard keys. Or a buggy device that locks it up until removed. Then you can press the BIOS entry key and remove the device to continue.
|
|||||||||||||