EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.02.13

UEFI Restricted Boot: Torvalds Asks Developers Not to “Please Microsoft by Doing Idiotic Crap Approach”, Petition Set Up to Nail Microsoft for This Antitrust Abuse

Posted in Antitrust, FSF, GNU/Linux, Kernel, Microsoft at 6:03 am by Dr. Roy Schestowitz

Photo by Alex Dawson, 2002

Linus

Summary: “Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules,” Torvalds explains

THE MAN who habitually dismisses some Microsoft critics proves his older statements to be somewhat hypocritical. He too treats Microsoft exceptionally.

Torvalds recently made headlines by using strong language and addressing a controversial subject. It is about UEFI with restricted boot and here is some more relevant coverage he generated, helping to raise awareness of the issue:

  • Torvalds blasts Howells, Garrett over secure boot

    A push by Red Hat kernel developer David Howells and ex-Red Hat developer Matthew Garrett to get code supporting secure boot merged into the mainline kernel to meet some of Microsoft’s requirements has led to a sharp rebuke from Linux creator Linus Torvalds.

    Howell made a request for a patchset to be pulled into the mainline kernel last Thursday, writing, “It (the patchset) provides a facility by which keys can be added dynamically to a kernel that is running in secure-boot mode.

  • Linus Torvalds blasts Microsoft in sweary tirade

    Linux guru Linus Torvalds is at it again. After telling Nvidia to go forth and multiply, the outspoken Torvalds has decided to share some of his thoughts on Microsoft’s signing techniques in a heated online argument with fellow Linux developers.

    The developers were discussing ways of improving the Linux kernel with a bit of code that makes it easier to boot on Windows 8 PCs. The process of booting Linux on PCs shipped with Windows 8 has been complicated due to the widespread use of UEFI firmware with Secure Boot feature enabled. Red Hat developers emailed Torvalds to discuss the addition of new keys to the Linux kernel, which should get around the issue.

  • No Microsoft certificate support in Linux kernel says Torvalds

    Red Hat’s Secure Boot support is a case of the company wanting to “deep-throat Microsoft”, according to a forthright posting from Linus Torvalds on the Linux kernel developer mailing list. Torvald’s comments were made in response to plans by a Red Hat developer to extend Linux support for Secure Boot. The comments have given rise to an ongoing discussion, during which several prominent kernel developers have shared their thoughts on Secure Boot support in Linux.

Moreover, as it turns out, US citizens can now sign this petition calling for the White House to get involved to tackle the antitrust abuse (reports suggest that Microsoft’s fine for antitrust abuses in Europe is only weeks away).

James Bottomley wrote about this in his blog, but being former Novell staff who had worked on Microsoft projects, we expect no strong opposition from him. Steven J. Vaughan-Nichols, a Novell-sympathetic writer, wrote this followup:

No one, but no one, in the Linux community likes Microsoft’s mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs. But, how Linux should handle the fixes required to deal with this problem remains a hot-button issue. Now, as the debate continues hot and heavy, Linus Torvalds, Linux’s founder and de facto leader, spells out how he thinks Linux should deal with Secure Boot keys.

Swapnil Bhartiya, not a strong critic of Novell because he likes SUSE, sure isn’t a fan of what Microsoft is doing here. He is in good company when he writes along the same lines of Torvalds, whom he interviewed last year:

There is a heated (heat is a bit colder word) debate going on within the Linux community over how should Linux handle the Microsoft’s secure boot keys.

In an ongoing discussing Linus Torvalds has made some suggestions which he believes put users in control of their system and not Microsoft.

Torvalds was sarcastic when saying, “let’s please Microsoft by doing idiotic crap approach.”

This attitude is not exactly news (Torvalds alleges that so-called Secure Boot has nothing to do with security). “Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules,” Linus Torvalds believes. He basically agrees with Richard Stallman and the FSF then.

Dr. Garrett, on the other hand, continues to push for the agenda that Microsoft hoped for, facilitating its control over Linux, Here is part of this whole long discussion where Torvalds says:

So instead of pleasing microsoft, try to see how we can add real security:

- a distro should sign its own modules AND NOTHING ELSE by default. And it damn well shouldn’t allow any other modules to be loaded at all by default, because why the f*ck should it? And what the hell should a Microsoft signature have to do with *anything*?

- before loading any third-party module, you’d better make sure you ask the user for permission. On the console. Not using keys. Nothing like that. Keys will be compromised. Try to limit the damage, but more importantly, let the user be in control.

– encourage things like per-host random keys – with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead. Encourage people to do their own (random) keys, and adding those to their UEFI setups (or not: the whole UEFI thing is more about control than security), and strive to do things like one-time signing with the private key thrown out entirely. IOW try to encourage *that* kind of “we made sure to ask the user very explicitly with big warnings and create his own key for that particular module” security. Real security, not “we control the user” security.

Sure, users will screw that up too. They’ll want to load crazy nvidia binary modules etc crap. But make it *their* decision, and under
*their* control, instead of trying to tell the world about how this should be blessed by Microsoft.

Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules.

Quite frankly, *you* are what he key-hating crazies were afraid of. You peddle the “control, not security” crap-ware. The whole “MS owns your machine” is *exactly* the wrong way to use keys.

Sam Varghese, consistently an opposer of restricted boot, says that it would put “Linux is at Microsoft’s mercy”:

Linux companies or organisations that have paid for, and obtained, keys from Microsoft to ensure that their distributions can be booted on secure boot-enabled devices, have to abide by the terms of a contract or else may have their keys revoked.

Whatever some Linux developers with past in Novell may say, at least we know Torvalds’ approach is perhaps more similar to the FSF’s than his employer’s.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New

  1. Links 28/9/2016: Alpine Linux 3.4.4, Endless OS 3.0

    Links for the day

  2. Cementing Autocracy: The European Patent Office Against Democracy, Against Media, and Against the Rule of Law

    The European Patent Office (EPO) actively undermines democracy in Europe, it undermines the freedom of the press (by paying it for puff pieces), and it undermines the rule of law by giving one single tyrant total power in Eponia and immunity from outside Eponia (even when he breaks his own rules)

  3. Links 28/9/2016: New Red Hat Offices, Fedora 25 'Frozen'

    Links for the day

  4. Team Battistelli Intensifies the Attack on the Boards of Appeal Again

    The lawless state of the EPO, where the rule of law is basically reducible to Battistelli's ego and insecurities, is again demonstrated with an escalation and perhaps another fake 'trial' in the making (after guilt repeatedly fails to be established)

  5. After the EPO Paid the Financial Times to Produce Propaganda the Newspaper Continues to Produce UPC Puff Pieces, Just Ahead of EU Council Meeting

    How the media, including the Financial Times, has been used (and even paid!) by the EPO in exchange for self-serving (to the EPO) messages and articles

  6. Beware the Patent Law Firms Insinuating That Software Patents Are Back Because of McRO

    By repeatedly claiming (and then generalising) that CAFC accepted a software patent the patent microcosm (meta-industry) hopes to convince us that we should continue to pursue software patents in the US, i.e. pay them a lot more money for something of little/no value

  7. The US Supreme Court Might Soon Tighten Patent Scope in the United States Even Further, the USPTO Produces Patent Maximalism Propaganda

    A struggle brewing between the patent 'industry' (profiting from irrational saturation) and the highest US court, as well as the Government Accountability Office (GAO)

  8. Patent Trolling a Growing Problem in East Asia (Software Patents Also), Whereas in the US the Problem Goes Away Along With Software Patents

    A look at two contrasting stories, one in Asia where patent litigation and hype are on the rise (same in Europe due to the EPO) and another in the US where a lot of patents face growing uncertainty and a high invalidation rate

  9. The EPO's Continued Push for Software Patents, Marginalisation of Appeals (Reassessment), and Deviation From the EPC

    A roundup of new developments at the EPO, where things further exacerbate and patent quality continues its downward spiral

  10. The Battistelli Effect: “We Will be Gradually Forced to File Our Patent Applications Outside the EPO in the Interests of Our Clients”

    While the EPO dusts off old files and grants in haste without quality control (won't be sustainable for more than a couple more years) the applicants are moving away as trust in the EPO erodes rapidly and profoundly

  11. Links 27/9/2016: Lenovo Layoffs, OPNFV Third Software Release

    Links for the day

  12. The Moral Depravity of the European Patent Office Under Battistelli

    The European Patent Office (EPO) comes under heavy criticism from its very own employees, who also seem to recognise that lobbying for the UPC is a very bad idea which discredits the European Patent Organisation

  13. Links 26/9/2016: Linux 4.8 RC8, SuperTux 0.5

    Links for the day

  14. What Insiders Are Saying About the Sad State of the European Patent Office (EPO)

    Anonymous claims made by people who are intimately familiar with the European Patent Office (from the inside) shed light on how bad things have become

  15. The EPO Does Not Want Skilled (and 'Expensive') Staff, Layoffs a Growing Concern

    A somewhat pessimistic look (albeit increasingly realistic look) at the European Patent Office, where unions are under fire for raising legitimate concerns about the direction taken by the management since a largely French team was put in charge

  16. Patents Roundup: Accenture Software Patents, Patent Troll Against Apple, Willful Infringements, and Apple Against a Software Patent

    A quick look at various new articles of interest (about software patents) and what can be deduced from them, especially now that software patents are the primary barrier to Free/Libre Open Source software adoption

  17. Software Patents Propped Up by Patent Law Firms That Are Lying, Further Assisted by Rogue Elements Like David Kappos and Randall Rader (Revolving Doors)

    The sheer dishonesty of the patent microcosm (seeking to bring back software patents by misleading the public) and those who are helping this microcosm change the system from the inside, owing to intimate connections from their dubious days inside government

  18. Links 25/9/2016: Linux 4.7.5, 4.4.22; LXQt 0.11

    Links for the day

  19. Patent Quality and Patent Scope the Unspeakable Taboo at the EPO, as Both Are Guillotined by Benoît Battistelli for the Sake of Money

    The gradual destruction of the European Patent Office (EPO), which was once unanimously regarded as the world's best, by a neo-liberal autocrat from France, Benoît Battistelli

  20. Bristows LLP's Hatred/Disdain of UK/EU Democracy Demonstrated; Says “Not Only Will the Pressure for UK Ratification of the UPC Agreement Continue, But a Decision is Wanted Within Weeks.”

    Without even consulting the British public or the European public (both of whom would be severely harmed by the UPC), the flag bearers of the UPC continue to bamboozle and then pressure politicians, public servants and nontechnical representatives

  21. Released Late on a Friday, EPO Social 'Study' (Battistelli-Commissioned Propaganda) Attempts to Blame Staff for Everything

    The longstanding propaganda campaign (framing staff as happy or framing unhappy staff as a disgruntled minority) is out and the timing of the release is suspicious to say the least

  22. Links 23/9/2016: Latest Microsoft and Lenovo Spin (Now in ‘Damage Control’ Mode)

    Links for the day

  23. White Male-Dominated EPO Management Sinks to New Lows, Again

    Benoît Battistelli continues to make the EPO look like Europe's biggest laughing stock by attempting to tackle issues with corny photo ops rather than real change (like SUEPO recognition, diverse hiring, improved patent quality, and cessation of sheer abuses)

  24. Journalism 102: Do Not Become Like 'Managing IP' or IAM 'Magazine' (the Megaphones of the EPO’s Management)

    Another look at convergence between media and the EPO, which is spending virtually millions of Euros literally buying the media and ensuring that the EPO's abuses are scarcely covered (if ever mentioned at all)

  25. Journalism 101: Do Not Believe Anything That Benoît Battistelli and the EPO's Management Say (Also Don't Fall for the UPC Hype)

    A survey/review (or an overview) of recent articles about the EPO and why they're wrong (mostly because they parrot the official lies from Battistelli's department)

  26. Patent Law Firms, David Kappos, and IAM 'Magazine' Still Shelter Software Patents by Cherry-Picking and Lobbying

    Amid the gradual collapse of software patents in the United States there are disingenuous efforts to bring them back or maintain a perception that these patents are still potent

  27. Microsoft-Connected Patent Trolls Going Places and Suing Microsoft Rivals, Microsoft Wants More 'Linux Patent Tax'

    Microsoft-connected patent trolls like Larry Horn's MobileMedia are still attacking Microsoft rivals and Microsoft wants more money from Korea, after it attacked Linux with software patents over there (notably Samsung and LG)

  28. Links 22/9/2016: Linux Professional Institute Redesign, Red Hat Upgraded

    Links for the day

  29. Links 22/9/2016: Red Hat's Latest Results, GNOME 3.22 Released

    Links for the day

  30. The Patent Law Firms in the US Relentlessly Lobby for Software Patents Resurgence by Placing Emphasis Only on Rare Outcomes

    Decisions against software patents continue to be ignored or intentionally overlooked by patent law firms, which instead saturate the media with the few cases where courts unexpectedly rule in favour of software patents

CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts