LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

'You have to divulge your private key' meme

'You have to divulge your private key' meme

Posted Jul 3, 2012 15:21 UTC (Tue) by mjg59 (subscriber, #23239)
In reply to: 'You have to divulge your private key' meme by NAR
Parent article: The FSF's advice to distributors on UEFI secure boot

They'd be starting from the reference implementation, which also includes support for modifying the key database, so they'd need to actively spend time removing the functionality. That seems like a strange way to save money, especially since they'd then be unable to sell into the Windows 8 market.

(Log in to post comments)

'You have to divulge your private key' meme

Posted Jul 3, 2012 16:34 UTC (Tue) by robdinn (guest, #30753) [Link]

Hardware vendors of budget laptops have already shown that they are willing to go to the effort of adding anti-features to their products to, say, disable hardware virtualization. I am second guessing why, but one reason might be that they want you to purchase a higher spec model with a higher purchase price if you want to use such features. (Shenanigans like this are nothing to do with Microsoft).

Could the hardware vendors to the same thing with locked keys. They (the hardware vendor) makes a choice that they are only going to support a restricted set of Microsoft Operating Systems on some of their products. They might believe that this would reduce their support costs because they don't have to deal with returned machines where the user has wiped the microsoft keys, bricking the device. It would also provide them with an opportunity to sell the customer a different model where the keys are not locked down, at a price premium of course.

You say that Microsoft's current rules would forbid such activity. That's welcome but Microsoft could change the rules in the future.

The vendor is choosing not to ship any free software so free software licences are moot.

I am trying to think of ways for the hardware vendor to do evil things.

'You have to divulge your private key' meme

Posted Jul 3, 2012 16:53 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

Could a hardware vendor produce a device that only boots operating systems the hardware vendor approves of? Clearly, yes. Vendors can be evil if they want to be evil.

Vendors can be evil if they want to be evil.

Posted Jul 3, 2012 19:38 UTC (Tue) by hummassa (subscriber, #307) [Link]

... only if you are evil-er and buy from them.
:-D

'You have to divulge your private key' meme

Posted Jul 4, 2012 13:10 UTC (Wed) by pboddie (subscriber, #50784) [Link]

Despite assertions of paranoia by those who either have a short memory or deliberately want us to ignore the history of the industry, there are various malign reasons why companies might disable or intentionally obscure the ability to install different keys, all to give the impression that things were done "by mistake" and to let everyone point the finger at everyone else, leaving the customer without redress as usual.

If only there were the equivalent of the ITC patent "witchfinder" courts that Apple and friends hold so dear, whose purpose rather than acting to uphold monopolies on behalf of multinationals would be to act in the public interest and ban products from companies who treat their legal obligations with contempt.

'You have to divulge your private key' meme

Posted Jul 5, 2012 9:02 UTC (Thu) by etienne (subscriber, #25256) [Link]

> there are various malign reasons why companies might disable or intentionally obscure the ability to install different keys

You mean, like changing all the time which keyboard key you have to press to enter the BIOS menu, displaying which key it is for too short a time, removing the PS2 keyboard plug, and delaying the USB initialisation so that it is very difficult to find the right time to press the key on a USB keyboard before the black-listed OS is booted and then refused and then power off the machine?
Hopefully shops will sell for a very long time those PC with windows 7 and a cheap offer to upgrade to Windows 8.

'You have to divulge your private key' meme

Posted Jul 8, 2012 1:40 UTC (Sun) by zlynx (subscriber, #2285) [Link]

I've read about a trick to fix the USB keyboard problem although I have never tried it myself. I wanted to, but couldn't find the right sort of device.

Anyway the trick was the find a USB device that takes a while to process so as to keep the USB initialization BIOS busy long enough to press the keyboard keys. Or a buggy device that locks it up until removed. Then you can press the BIOS entry key and remove the device to continue.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds