Garrett: Don't like Secure Boot? Don't buy a Chromebook

Posted Feb 5, 2013 9:53 UTC (Tue) by Fowl (subscriber, #65667)
In reply to: Garrett: Don't like Secure Boot? Don't buy a Chromebook by nhippi
Parent article: Garrett: Don't like Secure Boot? Don't buy a Chromebook

I think "most" is a bit of an overstatement. I know none of the laptops I ever had in that time period had one.

Garrett: Don't like Secure Boot? Don't buy a Chromebook

Posted Feb 5, 2013 10:43 UTC (Tue) by nhippi (subscriber, #34640) [Link] (9 responses)

It could be an exaggeration - just that all the Thinkpads and Dell/HP laptops passed by my desk seem to have had them.

But the basic points remains - Very few people are interested in secure booting of Linux. Even when for many it would already be possible to do so.

Root sector attacks on Linux?

Posted Feb 5, 2013 12:11 UTC (Tue) by man_ls (guest, #15091) [Link] (8 responses)

It is not surprising: there are very few attacks on Linux that would be stopped with secure booting. Unless the whole platform is secure from end to end (kernel signing, module signing and binary signing) secure boot is not going to make a difference, and I seem to remember that most of this infrastructure is not in place or has just got there recently. Without binary signing then secure boot would only stop rootkits that are loaded as a module. And without module signing, secure boot would only stop malicious kernels (which AFAIK are not a real threat). In short: too much hassle for the benefit.

Apparently for Microsoft secure booting is a very important defense to rootkits. I don't know if this is real or just some Microsoft excuse for messing with our bootloaders.

In fact this post is full of conjecture; it would be nice if someone knowledgeable could give us a more informed opinion.

It's an excuse

Posted Feb 5, 2013 15:12 UTC (Tue) by pboddie (guest, #50784) [Link] (7 responses)

Of course it is an excuse for Microsoft to mess with our bootloaders. Microsoft's traditional response to security concerns has always involved promoting itself as an essential part of the solution - to a problem the company had a large role in creating - while at the same time advocating measures that just happen to further undermine competition in the industry.

So in this case the problem is that malware runs rampant on Microsoft platforms, so the "solution" is to make Microsoft the gatekeeper for all software on hardware that is capable of running Microsoft products. I don't think many of us would regard that as the only solution, let alone the most desirable one, but market regulators seem to have an endless supply of second chances for Microsoft.

The "best case" objective for Microsoft is to make the claim that such hardware is only ever meant to run Windows, just like Apple manages to do with the iPad, but instead of turning our attention to the more blatant case of the iPad and going easy on Microsoft (as some people would apparently prefer), we need to prevent anyone passing general-purpose hardware off as an appliance that is tied to their software portfolio.

It's an excuse

Posted Feb 5, 2013 17:37 UTC (Tue) by raven667 (subscriber, #5198) [Link] (6 responses)

> Of course it is an excuse for Microsoft to mess with our bootloaders.

While you might find plenty of like-minded individuals here I don't think your anti-MS trolling really has a place. The worst that anyone can accuse MS of is benign neglect due to the size of their presence in the industry. If you have a chance you should listen to the engineers who design this stuff and see what their thoughts and motivations actually are, I think you would find them substantially different than your assumptions. Their engineers have gone out of their way to be courteous, helpful and inclusive and are not the villans you make them out to be. SecureBoot is a small piece of a large puzzle to try and reduce the security and integrity issues associated with the modern Internet environment.

It's an excuse

Posted Feb 5, 2013 18:50 UTC (Tue) by man_ls (guest, #15091) [Link]

Yes, at least I was expecting something more fact-based. My comment was already too filled with speculation.

It's an excuse

Posted Feb 5, 2013 19:15 UTC (Tue) by pboddie (guest, #50784) [Link] (3 responses)

I think you will find documents in the public record, some of which having been made public as part of legal proceedings, that show Microsoft's behaviour in various circumstances as being something other than "benign neglect". And while I can easily accept that the engineers are good, honest, upstanding individuals who cooperate with others, one cannot rely on their good behaviour as an indication of corporate policy.

If you really regard criticism of Microsoft's based on that company's record as "trolling", you should reacquaint yourself with that record. The mainstream computing press from the 1990s onwards is one long tale of uncritical promotion of Microsoft products punctuated by crises for which the more reasonable solution may well have been the use of other products instead. The consequence of this cycle of indulgence and forgiveness was a security crisis that even Microsoft acknowledged and did actually lead to a reported improvement in product quality.

SecureBoot may very well be a useful tool, but it has applications that happen to be very convenient to a company that "due to the size of their presence in the industry" has historically acted to take advantage of this position. As a result, it is hardly out of place to point it out.

But then again, perhaps we should be giving second chances to unreformed corporate offenders and hoping for the best, right?

It's an excuse

Posted Feb 5, 2013 19:23 UTC (Tue) by raven667 (subscriber, #5198) [Link] (2 responses)

I'm interested in the facts in this case, not presumption based different events which happend over a decade ago. Do you think nothing in the tech world or in the engineering and leadership of MS has changed since the 1990s ?

It's an excuse

Posted Feb 5, 2013 20:40 UTC (Tue) by mpr22 (subscriber, #60784) [Link]

I do indeed not believe that Microsoft's senior-management culture is significantly more ethical now than it was five or ten or fifteen or twenty years ago.

It's an excuse

Posted Feb 6, 2013 10:43 UTC (Wed) by pboddie (guest, #50784) [Link]

Do you really think you have to go all the way back to the 1990s to find examples? Given Microsoft's consistency, I fully expect people to be excusing Microsoft's behaviour in the year 2030 because the bad behaviour of this decade, once people have had the opportunity to document it fully, is "over a decade ago" and that things must somehow be different.

Oh, and is there a reason why one shouldn't be pointing out the blatant conflict of interest involved here? Make no mistake about this: Microsoft's influence already makes it difficult for vendors to design, manufacture and offer hardware that deviates from Microsoft's criteria (without a huge pile of cash to go against the flow), and this vision which puts Microsoft in a position of additional control is just another way for the company to raise the barrier to new entrants and make alternatives less attractive.

It is, of course, legitimate and necessary to point out the deficiency of the Google-powered product that is the subject of the referenced article, but I imagine that a large amount of any fuss being made is likely to be done to serve other interests. Of course, Microsoft wouldn't dream of bashing Google to shore up their own position because they're different now, obviously, so I guess we get to thank them for being our faithful watchdog and keeping product quality high in the marketplace.

It's an excuse

Posted Feb 6, 2013 18:40 UTC (Wed) by jthill (subscriber, #56558) [Link]

I'm not sure anyone believes Microsoft's engineering staff are responsible for any objectionable behavior on the part of Microsoft.