EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.02.13

UEFI Restricted Boot: Torvalds Asks Developers Not to “Please Microsoft by Doing Idiotic Crap Approach”, Petition Set Up to Nail Microsoft for This Antitrust Abuse

Posted in Antitrust, FSF, GNU/Linux, Kernel, Microsoft at 6:03 am by Dr. Roy Schestowitz

Photo by Alex Dawson, 2002

Linus

Summary: “Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules,” Torvalds explains

THE MAN who habitually dismisses some Microsoft critics proves his older statements to be somewhat hypocritical. He too treats Microsoft exceptionally.

Torvalds recently made headlines by using strong language and addressing a controversial subject. It is about UEFI with restricted boot and here is some more relevant coverage he generated, helping to raise awareness of the issue:

  • Torvalds blasts Howells, Garrett over secure boot

    A push by Red Hat kernel developer David Howells and ex-Red Hat developer Matthew Garrett to get code supporting secure boot merged into the mainline kernel to meet some of Microsoft’s requirements has led to a sharp rebuke from Linux creator Linus Torvalds.

    Howell made a request for a patchset to be pulled into the mainline kernel last Thursday, writing, “It (the patchset) provides a facility by which keys can be added dynamically to a kernel that is running in secure-boot mode.

  • Linus Torvalds blasts Microsoft in sweary tirade

    Linux guru Linus Torvalds is at it again. After telling Nvidia to go forth and multiply, the outspoken Torvalds has decided to share some of his thoughts on Microsoft’s signing techniques in a heated online argument with fellow Linux developers.

    The developers were discussing ways of improving the Linux kernel with a bit of code that makes it easier to boot on Windows 8 PCs. The process of booting Linux on PCs shipped with Windows 8 has been complicated due to the widespread use of UEFI firmware with Secure Boot feature enabled. Red Hat developers emailed Torvalds to discuss the addition of new keys to the Linux kernel, which should get around the issue.

  • No Microsoft certificate support in Linux kernel says Torvalds

    Red Hat’s Secure Boot support is a case of the company wanting to “deep-throat Microsoft”, according to a forthright posting from Linus Torvalds on the Linux kernel developer mailing list. Torvald’s comments were made in response to plans by a Red Hat developer to extend Linux support for Secure Boot. The comments have given rise to an ongoing discussion, during which several prominent kernel developers have shared their thoughts on Secure Boot support in Linux.

Moreover, as it turns out, US citizens can now sign this petition calling for the White House to get involved to tackle the antitrust abuse (reports suggest that Microsoft’s fine for antitrust abuses in Europe is only weeks away).

James Bottomley wrote about this in his blog, but being former Novell staff who had worked on Microsoft projects, we expect no strong opposition from him. Steven J. Vaughan-Nichols, a Novell-sympathetic writer, wrote this followup:

No one, but no one, in the Linux community likes Microsoft’s mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs. But, how Linux should handle the fixes required to deal with this problem remains a hot-button issue. Now, as the debate continues hot and heavy, Linus Torvalds, Linux’s founder and de facto leader, spells out how he thinks Linux should deal with Secure Boot keys.

Swapnil Bhartiya, not a strong critic of Novell because he likes SUSE, sure isn’t a fan of what Microsoft is doing here. He is in good company when he writes along the same lines of Torvalds, whom he interviewed last year:

There is a heated (heat is a bit colder word) debate going on within the Linux community over how should Linux handle the Microsoft’s secure boot keys.

In an ongoing discussing Linus Torvalds has made some suggestions which he believes put users in control of their system and not Microsoft.

Torvalds was sarcastic when saying, “let’s please Microsoft by doing idiotic crap approach.”

This attitude is not exactly news (Torvalds alleges that so-called Secure Boot has nothing to do with security). “Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules,” Linus Torvalds believes. He basically agrees with Richard Stallman and the FSF then.

Dr. Garrett, on the other hand, continues to push for the agenda that Microsoft hoped for, facilitating its control over Linux, Here is part of this whole long discussion where Torvalds says:

So instead of pleasing microsoft, try to see how we can add real security:

- a distro should sign its own modules AND NOTHING ELSE by default. And it damn well shouldn’t allow any other modules to be loaded at all by default, because why the f*ck should it? And what the hell should a Microsoft signature have to do with *anything*?

- before loading any third-party module, you’d better make sure you ask the user for permission. On the console. Not using keys. Nothing like that. Keys will be compromised. Try to limit the damage, but more importantly, let the user be in control.

– encourage things like per-host random keys – with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead. Encourage people to do their own (random) keys, and adding those to their UEFI setups (or not: the whole UEFI thing is more about control than security), and strive to do things like one-time signing with the private key thrown out entirely. IOW try to encourage *that* kind of “we made sure to ask the user very explicitly with big warnings and create his own key for that particular module” security. Real security, not “we control the user” security.

Sure, users will screw that up too. They’ll want to load crazy nvidia binary modules etc crap. But make it *their* decision, and under
*their* control, instead of trying to tell the world about how this should be blessed by Microsoft.

Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules.

Quite frankly, *you* are what he key-hating crazies were afraid of. You peddle the “control, not security” crap-ware. The whole “MS owns your machine” is *exactly* the wrong way to use keys.

Sam Varghese, consistently an opposer of restricted boot, says that it would put “Linux is at Microsoft’s mercy”:

Linux companies or organisations that have paid for, and obtained, keys from Microsoft to ensure that their distributions can be booted on secure boot-enabled devices, have to abide by the terms of a contract or else may have their keys revoked.

Whatever some Linux developers with past in Novell may say, at least we know Torvalds’ approach is perhaps more similar to the FSF’s than his employer’s.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Links 25/3/2019: Linux 5.1 RC2, Nano 4.0, PyPy 7.1

    Links for the day



  2. Links 24/3/2019: Microsoft Does Not Change; Lots of FOSS Leftovers

    Links for the day



  3. Just Published: Irrational Ignorance at the Patent Office

    Iancu and his fellow Trump-appointed "swamp" at the USPTO are urged to consult academics rather than law firms in order to improve patent quality in the United States



  4. Microsoft Paid the Open Source Initiative. Now (a Year Later) Microsoft is in the Board of the Open Source Initiative.

    The progression of Microsoft entryism in FOSS-centric institutions (while buying key "assets" such as GitHub) isn't indicative of FOSS "winning" but of FOSS being infiltrated (to be undermined)



  5. Jim Zemlin's Linux Foundation Still Does Not Care About Linux Desktops

    We are saddened to see that the largest body associated with Linux (the kernel and more) is not really eager to see GNU/Linux success; it's mostly concerned about its bottom line (about $100,000,000 per annum)



  6. Links 23/3/2019: Falkon 3.1.0 and Tails 3.13.1

    Links for the day



  7. The Unified Patent Court is Dead, But Doubts Remain Over the EPO's Appeal Boards' Ability to Rule Independently Against Patents on Nature and Code

    Patents used to cover physical inventions (such as engines); nowadays this just isn't the case anymore and judges who can clarify these questions lack the freedom to think outside the box (and disobey patent maximalists' dogma)



  8. Patent Law Firms Still Desperate to Find New Ways to Resurrect Dead Software Patents in the United States

    There's no rebound and no profound changes that favour software patents; in fact, judging by caselaw, there's nothing even remotely like that



  9. Links 22/3/2019: Libinput 1.13 RC2 and Facebook's Latest Security Scandal

    Links for the day



  10. Why the UK Intellectual Property Office (UK-IPO) Cannot Ignore Judges, Whereas the EPO Can (and Does)

    The European Patent Convention (EPC) ceased to matter, judges' interpretation of it no longer matters either; the EPO exploits this to grant hundreds of thousands of dodgy software patents, then trumpet "growth"



  11. The European Patent Office Needs to Put Lives Before Profits

    Patents that pertain to health have always posed an ethical dilemma; the EPO apparently tackled this dilemma by altogether ignoring the rights and needs of patients (in favour of large corporations that benefit financially from poor people's mortality)



  12. “Criminal Organisation”

    Brazil's ex-President, Temer, is arrested (like other former presidents of Brazil); will the EPO's ex-President Battistelli ever be arrested (now that he lacks diplomatic immunity and hides at CEIPI)?



  13. Links 21/3/2019: Wayland 1.17.0, Samba 4.10.0, OpenShot 2.4.4 and Zorin Beta

    Links for the day



  14. Team UPC (Unitary Patent) is a Headless Chicken

    Team UPC's propaganda about the Unified Patent Court (UPC) has become so ridiculous that the pertinent firms do not wish to be identified



  15. António Campinos Makes Up Claims About Patent Quality, Only to be Rebutted by Examiners, Union (Anyone But the 'Puff Pieces' Industry)

    Battistelli's propagandistic style and self-serving 'studies' carry on; the notion of patent quality has been totally discarded and is nowadays lied about as facts get 'manufactured', then disseminated internally and externally



  16. Links 20/3/2019: Google Announces ‘Stadia’, Tails 3.13

    Links for the day



  17. CEN and CENELEC Agreement With the EPO Shows That It's Definitely the European Commission's 'Department'

    With headlines such as “EPO to collaborate on raising SEP awareness” it is clear to see that the Office lacks impartiality and the European Commission cannot pretend that the EPO is “dafür bin ich nicht zuständig” or “da kenne ich mich nicht aus”



  18. Decisions Made Inside the European Patent Organisation (EPO) Lack Credibility Because Examiners and Judges Lack Independence

    The lawless, merciless, Mafia-like culture left by Battistelli continues to haunt judges and examiners; how can one ever trust the Office (or the Organisation at large) to deliver true justice in adherence or compliance with the EPC?



  19. Team UPC Buries Its Credibility Deeper in the Grave

    The three Frenchmen at the top do not mention the UPC anymore; but those who promote it for a living (because they gambled on leveraging it for litigation galore) aren't giving up and in the process they perpetuate falsehoods



  20. The EPO Has Sadly Taken a Side and It's the Patent Trolls' Side

    Abandoning the whole rationale behind patents, the Office now led for almost a year by António Campinos prioritises neither science nor technology; it's all about granting as many patents (European monopolies) as possible for legal activity (applications, litigation and so on)



  21. Where the USPTO Stands on the Subject of Abstract Software Patents

    Not much is changing as we approach Easter and software patents are still fool's gold in the United States, no matter if they get granted or not



  22. Links 19/3/2019: Jetson/JetBot, Linux 5.0.3, Kodi Foundation Joins The Linux Foundation, and Firefox 66

    Links for the day



  23. Links 18/3/2019: Solus 4, Linux 5.1 RC1, Mesa 18.3.5, OSI Individual Member Election Won by Microsoft

    Links for the day



  24. Microsoft and Its Patent Trolls Continue Their Patent War, Including the War on Linux

    Microsoft is still preying on GNU/Linux using patents, notably software patents; it wants billions of dollars served on a silver platter in spite of claims that it reached a “truce” by joining the Open Invention Network and joining the LOT Network



  25. Director Iancu Generally Viewed as a Lapdog of Patent Trolls

    As Director of the Office, Mr. Iancu, a Trump appointee, not only fails to curb patent trolls; he actively defends them and he lowers barriers in order to better equip them with bogus patents that courts would reject (if the targets of extortion could afford a day in court)



  26. Links 17/3/2019: Google Console and IBM-Red Hat Merger Delay?

    Links for the day



  27. To Team UPC the Unified Patent Court (UPC) Has Become a Joke and the European Patent Office (EPO) Never Mentions It Anymore

    The EPO's frantic rally to the very bottom of patent quality may be celebrated by obedient media and patent law firms; to people who actually produce innovative things, however, this should be a worrisome trend and thankfully courts are getting in the way of this nefarious agenda; one of these courts is the FCC in Germany



  28. Links 16/3/2019: Knoppix Release and SUSE Independence

    Links for the day



  29. Stopping António Campinos and His Software Patents Agenda (Not Legal in Europe) Would Require Independent Courts

    Software patents continue to be granted (new tricks, loopholes and buzzwords) and judges who can put an end to that are being actively assaulted by those who aren't supposed to have any authority whatsoever over them (for decisions to be impartially delivered)



  30. The Linux Foundation Needs to Speak Out Against Microsoft's Ongoing (Continued) Patent Shakedown of OEMs That Ship Linux

    Zemlin actively thanks Microsoft while taking Microsoft money; he meanwhile ignores how Microsoft viciously attacks Linux using patents, revealing the degree to which his foundation, the “Linux Foundation” (not about Linux anymore, better described as Zemlin’s PAC), has been compromised


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts