User: Password:
|
|
Subscribe / Log in / New account

Preparing the kernel for UEFI secure boot

Preparing the kernel for UEFI secure boot

Posted Sep 7, 2012 16:21 UTC (Fri) by apoelstra (subscriber, #75205)
In reply to: Preparing the kernel for UEFI secure boot by robertm
Parent article: Preparing the kernel for UEFI secure boot

> And so we see the tentacles of this control scheme worming their way deeper into (so-called) free software. Signed bootloaders, signed kernels, now killing useful functionality and forcing developers of kernel modules to jump through hoops just to run their own code? Where does this madness end?

Suppose you replaced secure boot with physical keys, bootloaders and kernels with doors and windows, Microsoft with some popular lock company, manufacturers with locksmiths (who have a special relationship with lock companies), and attackers with burglars.

It would then be clear who the real enemies are, and why we can't stop them just by making stronger doors or crazier legislation.

Your statement would then become
> And so we see the tentacles of this control scheme worming their way deeper into (so-called) private property. Locked doors, locked windows, forcing builders of doorknobs to jump through hoops just to enter their own homes? Where does this madness end?

Still correct, yet somehow life goes on, and few people argue that locks should be stopped.


(Log in to post comments)

Preparing the kernel for UEFI secure boot

Posted Sep 7, 2012 22:54 UTC (Fri) by pboddie (guest, #50784) [Link]

Sometimes you can't just bring in an analogy and hope to make a point with it alone. This is all about removing the right of the end-user to install the software of their choosing, which is part of a trend to take away any ownership rights people have for the things they have paid for, claiming that the owner is really just renting or licensing everything and has no say over what they can do with their own property.

I think Wookey made the only good argument for having this kind of restriction: you could deploy something out of your own physical control and still hope that no-one could subvert that device by installing some other software on it. But the crucial point is this: *you* as the owner would decide which software can be installed on your property, not the device manufacturer.

That a company with at least two decades of experience of seeing one security scare line up after another around their products is pushing for technical measures of control in the name of security either shows the generosity of the media in accepting such a supposed solution in the face of that company's track record, or it shows the generosity of that company itself in cultivating such favourable opinion.

Preparing the kernel for UEFI secure boot

Posted Sep 8, 2012 1:43 UTC (Sat) by robertm (subscriber, #20200) [Link]

Suppose you replaced secure boot with physical keys, bootloaders and kernels with doors and windows, Microsoft with some popular lock company, manufacturers with locksmiths (who have a special relationship with lock companies), and attackers with burglars.
No, I think a much better analogy would be the "votor ID" laws that several states have been enacting, which are supposedly to combat electoral fraud. In both cases, the threat (boot-time malware, non-registered people voting) is effectively nonexistent and, in view of that, the "protection" is clearly designed for some other purpose (preventing the owner of hardware from running software the vendor does not approve of on the one hand, suppressing "undesired" voters on the other).

Preparing the kernel for UEFI secure boot

Posted Sep 8, 2012 12:15 UTC (Sat) by khim (subscriber, #9252) [Link]

In both cases, the threat (boot-time malware, non-registered people voting) is effectively nonexistent

I'm not sure about non-registered people voting, but boot-time malware is alive and well in Windows world. Is it the most common type of malware (as it was 20 years ago)? No, not anymore. Does is exit? Oh, yeah. It's no longer used as a sole distribution venue (in networked world it's not the most effective way), but it's regularly used to hide the rest of the stuff from AV software.

Preparing the kernel for UEFI secure boot

Posted Sep 9, 2012 10:00 UTC (Sun) by kleptog (subscriber, #1183) [Link]

Dead people voting is absolutely an issue, although it's obviously dependant on how good the death records are maintained:

http://ballotpedia.org/wiki/index.php/Dead_people_voting

Boot time malware is also back from the dead:

http://www.f-secure.com/weblog/archives/00001393.html

I do agree the whole registration issue is weird and quite possibly typically American. Everyone over 18 should be registered automatically by virtue of being alive. In Australia prior to each election volunteers throughout the country go door to door to check everyone is registered correctly, providing all the necessary info/forms to fix any issues on the spot.

(I'm learning a lot about the American electoral systems in the Coursera Digital Democracy course. America definitely has enfranchisement problems in some areas.)

Anyway, back on topic: boot time signatures is something I'm definitely watching. We sometimes have to place machines in untrusted environments and it would be really nice to be able to ensure that no-one can boot the system from any other media.

Preparing the kernel for UEFI secure boot

Posted Sep 8, 2012 10:09 UTC (Sat) by spaetz (subscriber, #32870) [Link]

> Suppose you replaced secure boot with physical keys,...
> Your statement would then become
> > And so we see the tentacles of this control scheme worming their way deeper into (so-called) private property. Locked doors, locked windows, forcing builders of doorknobs to jump through hoops just to enter their own homes? Where does this madness end?

Right, but you forgot to mention, that you can only buy your keys from one vendor which might or not might sell you one, depending on if he likes your house. The key vendor also has the ability to revoke your keys validity anytime, because someone else (from a different house) lost his key somewhere.

You also neglected to mention that *all* houses need to be locked, and for some (ARM) he does not need to sell you a key at all. A tad annoying if you can't get into your office because you can't get a key for it.

Your analogy isn't really appropriate on so many levels :-)...

Preparing the kernel for UEFI secure boot

Posted Sep 10, 2012 6:08 UTC (Mon) by eru (subscriber, #2753) [Link]

Suppose you replaced secure boot with physical keys,

You know, I would be happy to do this! Having the computer supplied with a physical lock that electrically prevents replacing the boot loader, unless the owner turns a key would keep the control with the owner of the machine!

Preparing the kernel for UEFI secure boot

Posted Sep 10, 2012 8:27 UTC (Mon) by ekj (guest, #1524) [Link]

Indeed. "turn this key to automatically certify the next thing that boots" would be fine -- and I strongly suspect that if that was the mechanism, people *wouldn't* accept machines that where sold without keys, and for which MS and others hold keys, but where the owner does NOT get keys.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds