Loading keys from Microsoft PE binaries
The work done at Red Hat, SUSE, the Linux Foundation, and elsewhere is sufficient to enable a distributor to ship a binary distribution that will boot on a secure-boot-enabled system. Such distributions are often built so that they will only load kernel modules that have been signed by a trusted key, normally the distributor's own key. That restriction naturally causes problems for companies that ship binary-only modules; such modules will not be loadable into a secure-boot system. Many developers in the kernel community are not overly concerned about this difficulty; many of them, being hostile to the idea of binary-only modules in the first place, think this situation is just fine. Distributors like Red Hat, though, are not so sanguine.
One solution, of course, would be for those distributors to just sign the relevant binary modules directly. As Matthew Garrett points out, though, there are a number of practical difficulties with this approach, including the surprisingly difficult task of verifying the identity and trustworthiness of the company shipping the module. There's also the little problem that signing binary-only modules might make Red Hat look bad in various parts of our community and give strength to those claiming that such modules have no GPL compliance problems. So Red Hat would like to find a way to enable proprietary modules to be loaded without touching them directly, allowing the company to pretend not to be involved in the whole thing.
Red Hat's solution is to convince the kernel to trust any signing key that has been signed by Microsoft. Binary module vendors could then go to Microsoft to get their own key signed and present it to the kernel as being trustworthy; the kernel would then agree to load modules signed with this key. This only works, of course, if the kernel already trusts Microsoft's key, but that will be the case for all of the secure boot solutions that exist thus far. There is one other little problem in that the only thing Microsoft will sign is a PE binary. So Red Hat's scheme requires that the vendor's key be packaged into a PE binary for Microsoft to sign. Then the kernel will read the binary file, verify Microsoft's signature, extract the new key, and add that key to the ring of keys it trusts. Once that is done, the kernel will happily load modules signed by the new key.
This solution seems almost certain not to find its way into the mainline kernel. In retrospect, it is unsurprising that a significant patch that is seen as simultaneously catering to the wishes of Microsoft and binary module vendors would run into a bit of resistance. That is even more true when there appear to be reasonable alternatives, such as either (1) having Red Hat sign the modules directly, or (2) having Red Hat sign the vendor keys with its own key. Such solutions are unpopular because, as mentioned above, they reduce Red Hat's plausible deniability; they also make revocation harder and almost certainly require vendors to get a separate signature for each distribution they wish to support.
Linus has made it clear that he is not worried about those problems, though. Security, he says, should be in the control of the users; it should not be a mechanism used to strengthen a big company's control. So, rather than wiring Microsoft's approval further into the kernel, he would rather that distributors encourage approaches that educate users, improve their control, and which, he says, would ultimately be more secure. Loading a module in this environment, he said, would be a matter of getting the user to verify that the module is wanted rather than verifying a signing key.
The other reason that this patch is running into resistance is that there is widespread skepticism of the claim that the loading of unsigned modules must be blocked in the first place. Proponents claim that module signing (along with a whole set of other restrictions) is needed to prevent Linux from being used as a way to circumvent the secure boot mechanism and run compromised versions of Windows. Microsoft, it is said, will happily blacklist the Linux bootloader if Linux systems are seen as being a threat to Windows systems. Rather than run that risk, Linux, while running under secure boot, must prevent the running of arbitrary kernel code in any way. That includes blocking the loading of unsigned kernel modules.
It seems that not all kernel developers are worried about this possibility. Greg Kroah-Hartman asserted that module signature verification is not mandated by UEFI. Ted Ts'o added that Microsoft would suffer public relations damage and find itself under antitrust scrutiny if it were to act to block Linux from booting. It also seems unlikely to some that an attacker could rig a system to boot Linux, load a corrupted module, then chain-boot into a corrupted Windows system without the user noticing. For all of these reasons, a number of developers seem to feel that this is a place where the kernel community should maybe push back rather than letting Microsoft dictate the terms under which a system can boot on UEFI hardware. But some of Red Hat's developers, in particular, seem to be genuinely afraid of the prospect of a key revocation by Microsoft; Dave Airlie put it this way:
Others counter that, if Microsoft can revoke keys for any reason, there is little to be done to protect the kernel in any case.
In the end, this does not appear to be an easy disagreement to resolve,
though some parts are easy enough: Linus has refused to accept the
key-loading patch, so it will not be merged. What may well happen is that the patch will drop out of
sight, but that distributors like Red Hat will quietly include it in their
kernels. That will keep this particular disagreement from returning to the
kernel development list, but it does little to resolve the larger question
of how much Linux developers should be driven by fear of Microsoft's power
as they work to support the UEFI secure boot mechanism.
| Index entries for this article | |
|---|---|
| Kernel | Security/UEFI secure boot |
Posted Feb 28, 2013 6:20 UTC (Thu)
by jreiser (subscriber, #11027)
[Link] (20 responses)
Posted Feb 28, 2013 12:22 UTC (Thu)
by k3ninho (subscriber, #50375)
[Link] (18 responses)
In the past, there's been a trickle-down solution where the more-technical people build their own platform and community and it slowly becomes something that less-technical people can do. In this case, that doesn't apply: security is intended to be a blocker to access, and being on the wrong side of that divide must be enforced or it's not security.
For this problem, the Linux Foundation should be paying for a technical advisor to go round the mainboard manufacturers enrolling them in the Linux UEFI Certification Program and supplying them with a signing key which is used in addition to the MS one. The program is created to allow for corporations to build system images with their own platform keys under which they control the entire secure environment. That should be the real motivation for this, with desktop users being secondary beneficiaries. Thus is no extra burden on the non-technical user and such a setup allows UEFI Secure Boot to work as intended.
K3n.
Posted Feb 28, 2013 17:26 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (17 responses)
It's a kind of logical insanity, since logic seems to get one to a place where MS/Verisign is the only signing authority.
Posted Feb 28, 2013 21:39 UTC (Thu)
by Lennie (subscriber, #49641)
[Link] (6 responses)
So how much money does it take to maintain a selfsigned CA ?
You don't need an organisation like Verisign to sign the CA.
Posted Feb 28, 2013 21:45 UTC (Thu)
by dlang (guest, #313)
[Link] (1 responses)
you need to have processes in place to keep the bad guys out, this probably means that it takes more work to do the signing
you need redundancy
you need to spend time figuring out if you should sign things (unless you are a commercial CA, in which case you just need to see if the credit card accepts the charge)
That being said, the cost of running the CA itself is trivial compared to the cost of getting your cert accepted and in the various places it needs to be to do any good.
Posted Feb 28, 2013 22:33 UTC (Thu)
by Lennie (subscriber, #49641)
[Link]
Posted Feb 28, 2013 22:14 UTC (Thu)
by mjg59 (subscriber, #23239)
[Link] (3 responses)
Posted Feb 28, 2013 22:59 UTC (Thu)
by Lennie (subscriber, #49641)
[Link] (2 responses)
Doing a secure custom CA needs these things, I guess ?
If you get yourself some cheap netbooks with a builtin TPM and install Linux on it you can then store two copies of your keys in two seperate safes possibly in different buildings. Then you have 3 things solved.
An east european TLD does this for their DNSSEC keysigning keys if I remember correctly. The zone singing keys are on a machine behind a firewall which is used to push updates to the publicly visible servers.
In DNSSEC the zone signing keys are used to sign the DNS data and key signing keys are used to sign the zone signing keys every couple of months.
Posted Feb 28, 2013 23:36 UTC (Thu)
by raven667 (subscriber, #5198)
[Link] (1 responses)
http://www.webtrust.org/homepage-documents/item27839.aspx
Posted Feb 28, 2013 23:45 UTC (Thu)
by Lennie (subscriber, #49641)
[Link]
I know if that is what you want, you need a lot of stuff done because I've been following what CAcert is doing.
Posted Mar 4, 2013 11:51 UTC (Mon)
by Max.Hyre (subscriber, #1054)
[Link] (9 responses)
Posted Mar 4, 2013 15:16 UTC (Mon)
by raven667 (subscriber, #5198)
[Link] (8 responses)
Posted Mar 5, 2013 17:07 UTC (Tue)
by ortalo (guest, #4654)
[Link] (7 responses)
The only thing that made me doubt of the inutiliy of UEFI "security" up to now and eventually consider *not* deactivating secure boot is the involvement of people like Matthew Garret (and co.)...
Maybe I am concluding to fast and getting old. Or maybe not...
Posted Mar 5, 2013 17:20 UTC (Tue)
by raven667 (subscriber, #5198)
[Link] (4 responses)
I'm not sure how that's supposed to work, uEFI isn't TPM and provides no way to validate a license key or enforce DRM, it's really only useful for preventing malware from modifying the boot process.
It would have been nice if mjg59's proposal for automatic key enrollment would have gotten some traction because that could have been the mechanism to become independent of the MS signing infrastructure. IIUC the problem here is that the key signing through MS is made to fit MS existing tooling for signing PE binaries, which is understandable, but it seems to me the solution is to build an alternate signing infrastructure that works the way we want, within the constraints of the uEFI standard. Maybe it would be even better to modify the uEFI SecureBoot standard to do more exactly what we want but it might be too late for that as the current standard is now widely shipping and can't be changed. Maybe can't be changed for 20+ years.
Posted Mar 6, 2013 8:47 UTC (Wed)
by ortalo (guest, #4654)
[Link] (3 responses)
Linux users in this game are just the troublemakers who made apparent that M$ was grabbing control of OS instances. I am speculating yes, but I suspect this is more due to licensing reasons and monetary interest rather than security reasons and moral issues...
The actual full details may not be perfect, but that would not be the first a commercial security mechanism has design vulnerabilities... Furthermore, the objective is to increase the bill, not block the customer system.
Posted Mar 6, 2013 16:42 UTC (Wed)
by mjg59 (subscriber, #23239)
[Link] (2 responses)
No, it doesn't. You're able to disable the signature checking and you're able to install your own keys. Having done that, you're then free to lie to the OS about whether or not it booted a signed binary.
Posted Mar 6, 2013 18:42 UTC (Wed)
by raven667 (subscriber, #5198)
[Link] (1 responses)
Do I have that right, mjg59? 8-)
Posted Mar 6, 2013 18:50 UTC (Wed)
by mjg59 (subscriber, #23239)
[Link]
Posted Mar 5, 2013 17:21 UTC (Tue)
by mjg59 (subscriber, #23239)
[Link] (1 responses)
Posted Mar 6, 2013 8:57 UTC (Wed)
by anselm (subscriber, #2796)
[Link]
Also it's not as if piracy was keeping Microsoft up at night. People have been stealing Microsoft software for nearly 40 years and the company is still doing great. Bill Gates is still #2 on the Forbes list, so there doesn't seem to be an obvious problem.
Microsoft is doing little things here and there to make life harder for pirates (think »activation«), but actually getting rid of piracy altogether isn't that high up on their agenda. If they wanted to, they could certainly stamp out piracy nearly completely but (a) this would also inconvenience legitimate users, in particular »enterprise« users, which would be counterproductive – these users might get silly ideas like looking at operating systems that make for less hassle, such as Linux –, and (b) a certain level of piracy ensures that anybody who wants Windows badly enough will be able to get it, which is way better than encouraging them to look at icky free alternatives like Linux.
Posted Feb 28, 2013 12:24 UTC (Thu)
by keeperofdakeys (guest, #82635)
[Link]
You also can view a talk with James explaining it in detail. http://mirror.linux.org.au/linux.conf.au/2013/mp4/Making_...
Posted Feb 28, 2013 9:07 UTC (Thu)
by stevan (guest, #4342)
[Link] (1 responses)
S
Posted Mar 6, 2013 9:02 UTC (Wed)
by ortalo (guest, #4654)
[Link]
The other precedent is in the mobile phone space with network-operator locking of (subsidized) mobile phones, but not with open source software (and usually relying on the SIM smart card as a security kernel - which is probably a much better idea IMO).
Posted Feb 28, 2013 11:41 UTC (Thu)
by paulj (subscriber, #341)
[Link] (14 responses)
There are huge, powerful interests out there that would very, very much welcome consumer hardware being locked down. They've been lobbying hard for more than a decade, and achieved significant success in getting legislation favourable to them passed across the world (EU, US, etc). They've managed to persuade technology hardware vendors to implement ever more capable, cryptographically-backed locking-down of compute hardware - they give such hardware a boost in the market by favouring such devices in their own products (e.g. with better quality, or even by /only/ supporting such devices). In some jurisdictions, the interests pushing for this include large, state-owned and otherwise venerated institutions - such as the BBC.
The PC is the last redoubt. The only open, user-controlled compute platform that is sufficiently ubiquitous that the powerful interests can not afford to restrict their product from it and widely available. The powerful interests would very, very much like that to change.
These powerful interests are of course the media industries, audio and video. They would, without a doubt, strongly support the locking-down of PCs. It is naïve to think that the issue would be seen solely as one of MS anti-trust. Naïve to think MS would automatically be slapped down. Many, besides MS, want PCs to be locked-down and control taken away from users and instead be in the hands of a large corporate. It is naïve to think they will not work long (as they have already) and fight very hard to make it come true.
Posted Feb 28, 2013 12:29 UTC (Thu)
by keeperofdakeys (guest, #82635)
[Link] (13 responses)
Posted Feb 28, 2013 12:45 UTC (Thu)
by paulj (subscriber, #341)
[Link] (11 responses)
These same interests also "want"[1] to get rid of open PCs (either by getting rid of PCs, or by locking them down). There is no reason to doubt they would not lobby as hard and effectively for such, if it came down to legal questions, as they have done in the past for changes to copyright law (criminalisation of what used to be civil matters, the criminalisation of making anything that defeats copyright "protection" technologies, etc).
No conspiracy needed, just the continuation of widely documented prior practice.
1. For a definition of "want" == that it is very much in their interests, and consistent with their previous behaviour.
Posted Mar 1, 2013 7:11 UTC (Fri)
by kleptog (subscriber, #1183)
[Link] (10 responses)
It does surprise me that media companies have had an effect way above their weight but that's because the IT industry has traditionally not used its clout. No unions, for example. The tendency to route around problems rather than fixing them. It's changing though, as large tech companies like Google are getting involved in the political side of things.
That's not to say there won't be rough times ahead, but I think it will turn out ok.
Posted Mar 1, 2013 10:35 UTC (Fri)
by paulj (subscriber, #341)
[Link] (9 responses)
E.g., the media industry has a very direct financial stake in having restrictive copyright laws, and closed hardware that allows media to be controlled. The more control they have, the fewer alternatives there are to them, the more they can charge and profit. Thus, there is a clear, strong financial incentive for them to work tirelessly and continuously to further these goals.
The technology industry on the other hand does not have a clear financial stake. It has, at best, political biases (e.g. towards freedom) and woolly, vague, speculative, long-term reasons as to why it might prefer more open platforms - in general. However, there are some technology companies who *also* support closed platforms, as they *also* see themselves as content providers and/or curators, through things like iTunes and app stores. So the technology industry is fragmented, and further, those who are against the closing of technology do not have clear financial incentives to do so - which means they can easily lose interest in the issue, or not pursue it as aggressively as a media company might pursue the other side.
History is the only guide we have to the future, and the history over the last 15 years has been that computing platforms are becoming ever *more* closed. The PC may not yet be closed, but it too has now had the technological *capability* to be closed down added to it.
I'm far less optimistic than you are. I'm sure we'll always still be able to buy unlocked PCs, but I wonder if they'll be like specialist developer platforms, costing far more than standard PCS...
Posted Mar 5, 2013 17:19 UTC (Tue)
by ortalo (guest, #4654)
[Link] (8 responses)
Furthermore, I have also noticed with some surprise in recent years that law enforcement people (including judges) are starting to listen when you speak of potential legal deficiencies [1]. Communication is still pretty difficult because both cultural background are very different (engineering and legalese) but that's probably not so desperate. They are getting burnt by computer security failures too and they will react with their own tools too.
[1] Usually reformulated as law enforcement (applicability) issues rather than core legal issues btw. But IANAL of course and they were so do not even trust my reformulation... ;-)
Posted Mar 13, 2013 17:42 UTC (Wed)
by nye (subscriber, #51576)
[Link] (7 responses)
It is however a closed platform on which it happens to be possible to run Linux in a co-processor with help from the proprietary boot loader and platform firmware.
Posted Mar 13, 2013 19:32 UTC (Wed)
by dlang (guest, #313)
[Link] (6 responses)
except that the documentation is out there for you to develop your own bootloader (you just get the broadcom SDK for the chip)
Posted Mar 14, 2013 12:01 UTC (Thu)
by nye (subscriber, #51576)
[Link] (5 responses)
Really not even remotely the same. The RPi is an exceptionally closed platform; in order to do anything with it you need to use Broadcom's binaries. Bear in mind that the main processor is actually the GPU; the processor that Linux treats as the CPU is in fact completely controlled by the graphics firmware.
> except that the documentation is out there for you to develop your own bootloader (you just get the broadcom SDK for the chip)
To the best of my knowledge, that's untrue. It's a question that gets asked pretty frequently though, so if you know better than anyone else, you could do many people a favour by posting that information on the RPi forum.
In general, I think the RaspberryPi is a textbook example of where we don't want things to go if we want open systems under the user's control.
Personally I consider many of the foundation's public statements to be borderline fraudulent, and have a hard time with continuing to assume good faith given their behaviour and response to criticism thus far.
I recommend that nobody buy an RPi, for any purpose; it is an enemy of Free Software.
Posted Mar 14, 2013 16:18 UTC (Thu)
by Jonno (subscriber, #49613)
[Link] (1 responses)
> Bear in mind that the main processor is actually the GPU; the processor that Linux treats as the CPU is in fact completely controlled by the graphics firmware.
To my mind, the only thing that makes the Pi "worse" than the competition is that the binaries are located in a FAT FS on an SD-card, rather than in on-board flash, and thus more obvious to the casual observer. That it simplifies fw upgrades (and downgrades, making a PS3-like bait-and-switch by Broadcom impossible), seems to be ignored.
The Pi situation is by no means "good" from a user freedom perspective, but it's not really any worse than any other arm, x86 or ppc system in existence.
Posted Mar 14, 2013 17:24 UTC (Thu)
by johill (subscriber, #25196)
[Link]
I believe this is a misrepresentation, Linux/OtherOS was/is running in a hypervisor, not on the bare metal other CPU. The SPUs couldn't control the main CPU anyway, they're pretty much just signal processing units.
Posted Mar 14, 2013 19:14 UTC (Thu)
by dlang (guest, #313)
[Link] (2 responses)
show me anything along the lines of the following tutorial
Also, since the broadcom chip is sold for embedded uses, you can get everything you need from broadcom to develop your own code to replace the Pi foundation provided (note, not broadcom provided) bootloader binaries.
Frankly, I wish that the source for this was available, but given the current patent mess, the choice is betwen providing this bootloader as a binary, or having to pay patent licensing fees for the video codecs in every Pi sold. And in this situation I prefer keeping the price down to given money to the patent extortionists like MPEG-LA.
And since this is on the SD card, it's always possible for this to change in the future. Either the patent mess could change, or someone else could write a replacement bootloader and make it available.
While I fully understand the feeling that this is not ideal, calling something that has put over a million devices running Linux into people's hands "and enemy of Free Software" is cutting off your nose to spite your face.
Posted Mar 18, 2013 13:02 UTC (Mon)
by nye (subscriber, #51576)
[Link] (1 responses)
If that were the only criterion, we would laud TiVo as a far greater force for free software.
Regardless, the thing that really upsets me about the RPi is the level of double-speak that comes from the foundation. If they were to acknowledge how closed their platform is in comparison to a standard PC that would be one thing, but to keep beating the drum about how open and amazing they are leaves a bitter taste.
Also, they've been pretty unpleasant to people who have anything critical to say about the project (and I don't mean me; I mean people who are more polite). The effect has been to give me a very powerful impression that they don't really care about openness at all except as far as it can be used for marketing purposes.
Posted Mar 18, 2013 23:29 UTC (Mon)
by dlang (guest, #313)
[Link]
Second, the Pi allows you to run with everything running in the Linux space being open source, this is FAR better than most computers with reasonable graphics do.
If you are so worried about how the binary blob in the GPU can access the memory that the Linux kernel uses, then you had better not have any PCI cards (especially not any PCI graphics cards) in your desktop PC, because the binary blob firmware running on any PCI attached device can access any memory in the system (unless you are using IOMMU and the device driver has been written to limit the hardware)
Would it be better if the bootloader/GPU firmware was open? of course it would be.
As for the reaction from the people at the Pi foundation to 'polite' criticism, given the abuse that they have suffered, I think it's a matter of the well being poisoned, after being abused by so many obnoxious people, their patience is long gone and they don't react well to anyone. This doesn't mean that they don't care about openess, it's just part of human nature.
> If they were to acknowledge how closed their platform is in comparison to a standard PC that would be one thing
I don't believe that their system is closed compared to a standard PC, so I can easily see how they don't either.
Posted Feb 28, 2013 17:06 UTC (Thu)
by Aliasundercover (guest, #69009)
[Link]
Posted Feb 28, 2013 12:14 UTC (Thu)
by dgm (subscriber, #49227)
[Link]
One can agree that having the option to trust Microsoft is not the same as actually doing so, but users will obviously follow the path of least resistance (how has the resources to do otherwise?)
So, do you agree that it's in out best interest do act like that?
Posted Mar 2, 2013 18:49 UTC (Sat)
by cesarb (subscriber, #6266)
[Link]
Adding support for a new kernel module format (even if it is just a simple wrapper around the ELF binary) might be more acceptable than the proposed key importing scheme.
Posted Mar 7, 2013 2:36 UTC (Thu)
by kevinm (guest, #69913)
[Link]
Specifically, Microsoft's CA is designed to sign PE binaries that can be loaded as part of the UEFI boot process. This proposal involves wrapping an X.509 certificate inside a "false flag" UEFI binary in order to have it signed - as far as Microsoft is aware, they're signing a UEFI binary, but that's not how the file is going to be used - instead, it's going to be used as a container for an X.509 certificate that Linux will trust.
Say the private key for one of these embedded certificates escapes into the wild, or more simply the legitimate owner of the certificate uses it for nefarious purposes - will we really be able to convince Microsoft to revoke that signature or blacklist the PE binary? Remember that the PE binary that Microsoft signed can't itself be used to directly subvert the UEFI boot process - the executable portion of it is only a stub - but it *can* be used to subvert Linux systems. Will Microsoft care, or will they just say that the bug is in the fact that we're loading a certificate from that binary, when that isn't what it's for?
As a further objection, there's no reason why the Microsoft signature should be trusted by the Linux kernel for loading modules. Yes - anyone who can get a Microsoft-signed certificate can have their bootloader trusted, but that presupposes that they were able to install their own malicious bootloader in the first place. It's a much lower bar to be able to attempt to load a module into a running kernel than rewrite the bootloader, so I don't think it's a good idea that anyone who can create a trusted bootloader should also be able to create trusted kernel modules.
Posted Mar 10, 2013 16:36 UTC (Sun)
by lipak (guest, #43911)
[Link]
There are times when (upon reading Linus' comments) one feels that he is
just good at coding and making wise-cracks --- often
using language that would "make a sailor
blush". Then there are times when one realises that he has a
really clear vision
of what role he sees for Linux. This is one of those latter times. Linux is about empowering users, about giving them a chance to take
control of their own machines. It is not about getting users to trust
some Big Brother --- be it Microsoft or someone else --- who will tell
them that such trust will simplify their life. That is what the recent instructions from James Bottomley
are about. That is what Linus is echoing in his own way. Users should be
able to use UEFI to take control of their machines. As developers, we
should make it possible for users to do so by providing well-documented
code and procedures.
According to UEFI Secure Boot, Microsoft says "systems certified for Windows 8 [on non-ARM machines] must allow secure boot to enter custom mode or be disabled." Then in theory the user can enter any key in custom mode, and secure boot will honor that key. Apparently current UEFI instances require the user to type the long custom key, but instead UEFI could read the key from a USB device or filesystem and display it to the user for approval. Is there more to the brouhaha than just a user interface issue?
Just a user interface issue?
Just a user interface issue?
Just a user interface issue?
Just a user interface issue?
Just a user interface issue?
Just a user interface issue?
Just a user interface issue?
Just a user interface issue?
- processs/time/people
- physical security
- key security
- redundancy of the physical security - and key security solution
Just a user interface issue?
Just a user interface issue?
So why not get them the money?
The problem is that the Linux Foundation doesn't have the money to be a CA [....]
Sounds like a perfect case for a Kickstarter project. I'd certainly pay a significant (to me) amount of cash to get a native Linux UEFI key built into most machines. I suspect I'm not alone.
So why not get them the money?
So why not get them the money?
Personnally, I would prefer to pay *him* directly to design an alternative security BIOS for Linux rather than reuse the one from M$...
So why not get them the money?
So why not get them the money?
What I am questioning is the true objective of this thing. What I am questioning too is whether bills will increase or not btw... At least, we have an occasion to demonstrate that servers running linux do not pay... anything!
So why not get them the money?
So why not get them the money?
So why not get them the money?
So why not get them the money?
So why not get them the money?
Just a user interface issue?
Third party approval unique?
Third party approval unique?
Precedents with similarity are TCPA and TPM chipsets, but those explicitly allowed user-generation of secret keys. Analogy can be made with older things too (like the "Clipper chip"). But none of these were scheduled for generalization. None of these were under control of a single company.
The idea of a secure BIOS/ROM itself is pretty old btw. M$ applied it already more or less to the XBox. But personally, I view it as unapplicable in practice outside of niche markets because it involves centralized control of the signing key - and that is nearly impossible to do realistically (we are starting to see it... then you'll have revocation, compromise of keys, etc. Imagine how all this will collapse when the ONLY secret key will be attacked. ;-).
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Sure, just as you need to use «Motherboard-Manufacturer»'s binaries (eg. BIOS and/or EFI firmware) to do anything on a regular x86 PC...
That is true. To my knowledge, the only other common system where Linux were run on a co-proessor and completely at the mercy of another OS the original PS3 (where the system was under the control of OtherOS running at one of the SPU's, while the PPC core and remaining SPU's was allocated to Linux, with a limited fw interface to OtherOS to access the HDD and display hardware). As I recall, the PS3 was lauded for it's comparative openness at the time (well, until they removed OtherOS from the firmware)...
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
http://www.cl.cam.ac.uk/freshers/raspberrypi/tutorials/os/
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries
Why not sign the kernel module directly?
Loading keys from Microsoft PE binaries
Loading keys from Microsoft PE binaries