EditorsAbout the SiteComes vs. MicrosoftUsing This Web SiteSite ArchivesCredibility IndexOOXMLOpenDocumentPatentsNovellNews DigestSite NewsRSS

03.02.13

UEFI Restricted Boot: Torvalds Asks Developers Not to “Please Microsoft by Doing Idiotic Crap Approach”, Petition Set Up to Nail Microsoft for This Antitrust Abuse

Posted in Antitrust, FSF, GNU/Linux, Kernel, Microsoft at 6:03 am by Dr. Roy Schestowitz

Photo by Alex Dawson, 2002

Linus

Summary: “Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules,” Torvalds explains

THE MAN who habitually dismisses some Microsoft critics proves his older statements to be somewhat hypocritical. He too treats Microsoft exceptionally.

Torvalds recently made headlines by using strong language and addressing a controversial subject. It is about UEFI with restricted boot and here is some more relevant coverage he generated, helping to raise awareness of the issue:

  • Torvalds blasts Howells, Garrett over secure boot

    A push by Red Hat kernel developer David Howells and ex-Red Hat developer Matthew Garrett to get code supporting secure boot merged into the mainline kernel to meet some of Microsoft’s requirements has led to a sharp rebuke from Linux creator Linus Torvalds.

    Howell made a request for a patchset to be pulled into the mainline kernel last Thursday, writing, “It (the patchset) provides a facility by which keys can be added dynamically to a kernel that is running in secure-boot mode.

  • Linus Torvalds blasts Microsoft in sweary tirade

    Linux guru Linus Torvalds is at it again. After telling Nvidia to go forth and multiply, the outspoken Torvalds has decided to share some of his thoughts on Microsoft’s signing techniques in a heated online argument with fellow Linux developers.

    The developers were discussing ways of improving the Linux kernel with a bit of code that makes it easier to boot on Windows 8 PCs. The process of booting Linux on PCs shipped with Windows 8 has been complicated due to the widespread use of UEFI firmware with Secure Boot feature enabled. Red Hat developers emailed Torvalds to discuss the addition of new keys to the Linux kernel, which should get around the issue.

  • No Microsoft certificate support in Linux kernel says Torvalds

    Red Hat’s Secure Boot support is a case of the company wanting to “deep-throat Microsoft”, according to a forthright posting from Linus Torvalds on the Linux kernel developer mailing list. Torvald’s comments were made in response to plans by a Red Hat developer to extend Linux support for Secure Boot. The comments have given rise to an ongoing discussion, during which several prominent kernel developers have shared their thoughts on Secure Boot support in Linux.

Moreover, as it turns out, US citizens can now sign this petition calling for the White House to get involved to tackle the antitrust abuse (reports suggest that Microsoft’s fine for antitrust abuses in Europe is only weeks away).

James Bottomley wrote about this in his blog, but being former Novell staff who had worked on Microsoft projects, we expect no strong opposition from him. Steven J. Vaughan-Nichols, a Novell-sympathetic writer, wrote this followup:

No one, but no one, in the Linux community likes Microsoft’s mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs. But, how Linux should handle the fixes required to deal with this problem remains a hot-button issue. Now, as the debate continues hot and heavy, Linus Torvalds, Linux’s founder and de facto leader, spells out how he thinks Linux should deal with Secure Boot keys.

Swapnil Bhartiya, not a strong critic of Novell because he likes SUSE, sure isn’t a fan of what Microsoft is doing here. He is in good company when he writes along the same lines of Torvalds, whom he interviewed last year:

There is a heated (heat is a bit colder word) debate going on within the Linux community over how should Linux handle the Microsoft’s secure boot keys.

In an ongoing discussing Linus Torvalds has made some suggestions which he believes put users in control of their system and not Microsoft.

Torvalds was sarcastic when saying, “let’s please Microsoft by doing idiotic crap approach.”

This attitude is not exactly news (Torvalds alleges that so-called Secure Boot has nothing to do with security). “Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules,” Linus Torvalds believes. He basically agrees with Richard Stallman and the FSF then.

Dr. Garrett, on the other hand, continues to push for the agenda that Microsoft hoped for, facilitating its control over Linux, Here is part of this whole long discussion where Torvalds says:

So instead of pleasing microsoft, try to see how we can add real security:

- a distro should sign its own modules AND NOTHING ELSE by default. And it damn well shouldn’t allow any other modules to be loaded at all by default, because why the f*ck should it? And what the hell should a Microsoft signature have to do with *anything*?

- before loading any third-party module, you’d better make sure you ask the user for permission. On the console. Not using keys. Nothing like that. Keys will be compromised. Try to limit the damage, but more importantly, let the user be in control.

– encourage things like per-host random keys – with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead. Encourage people to do their own (random) keys, and adding those to their UEFI setups (or not: the whole UEFI thing is more about control than security), and strive to do things like one-time signing with the private key thrown out entirely. IOW try to encourage *that* kind of “we made sure to ask the user very explicitly with big warnings and create his own key for that particular module” security. Real security, not “we control the user” security.

Sure, users will screw that up too. They’ll want to load crazy nvidia binary modules etc crap. But make it *their* decision, and under
*their* control, instead of trying to tell the world about how this should be blessed by Microsoft.

Because it really shouldn’t be about MS blessings, it should be about the *user* blessing kernel modules.

Quite frankly, *you* are what he key-hating crazies were afraid of. You peddle the “control, not security” crap-ware. The whole “MS owns your machine” is *exactly* the wrong way to use keys.

Sam Varghese, consistently an opposer of restricted boot, says that it would put “Linux is at Microsoft’s mercy”:

Linux companies or organisations that have paid for, and obtained, keys from Microsoft to ensure that their distributions can be booted on secure boot-enabled devices, have to abide by the terms of a contract or else may have their keys revoked.

Whatever some Linux developers with past in Novell may say, at least we know Torvalds’ approach is perhaps more similar to the FSF’s than his employer’s.

Share this post: These icons link to social bookmarking sites where readers can share and discover new web pages.
  • Digg
  • del.icio.us
  • Reddit
  • co.mments
  • DZone
  • email
  • Google Bookmarks
  • LinkedIn
  • NewsVine
  • Print
  • Technorati
  • TwitThis
  • Facebook

If you liked this post, consider subscribing to the RSS feed or join us now at the IRC channels.

Pages that cross-reference this one

What Else is New


  1. Appalling Patent Quality at the European Patent Office, More Lies About the Unified Patent Court (UPC), and Assault on Those Who Warned About It All Along

    The EPO's management prioritises the litigation 'industry' and promotes its interests at the expense of those of science, technology, health and so on; in the meantime it also attacks scientists whom it employs or employed as examiners while severely harming their health



  2. Germany Likes EPO in Munich, Litigation Factory in Düsseldorf and Mannheim (Like Eastern District of Texas)

    The architectural design of Germany as Europe's patents capital, with billions of euros flowing into the pockets of German law firms, more so with a defunct and unjust Unitary Patent (UPC), which is unconstitutional



  3. Links 19/11/2018: Linux 4.20 RC3, New Fedora ISO, GNU OrgaDoc 1.0

    Links for the day



  4. A Fresh Look at Recent 35 U.S.C. § 101 Cases Reveals Rapid Demise of Software Patents Even in District (Lower) Courts

    Contrary to narratives that are being spread by the patents and litigation 'industry', there's anything but a resurgence of patents on algorithms; in the United States they're almost always rejected by courts at all levels



  5. All the Usual Suspects Are Still Working Hard to Harm the Legitimacy if Not Existence of Patent Quality Control

    With David Ruschke out of his role and other former judges leaving the Office one wonders if the new Office leadership is just scheming to hide a decline in patent quality by simply removing quality assessors



  6. The U.S. Patent and Trademark Office Must Be Based on Justice, Not Profits

    With obviousness grounds, prior art and tests for how abstract ideas may be, there's no excuse left for patent maximalism; will patent offices listen to courts or defy caselaw (in pursuits of fulfilling greed)?



  7. The European Patent Office is Attracting Patent Trolls

    Enforcement of software patents in Europe by the large patent troll (disguised as a pool) MPEG-LA means that European software developers cannot develop software with full multimedia support (not without sudden disruption to their peace)



  8. Patent Maximalists Are Still Upset at the US Supreme Court (Over Alice) and the US Patent Office Carries on As Usual

    In spite of the courts’ continued rejection of software patents — perfectly in line with what the high courts are saying — abstract ideas are still being covered by newly-granted patents



  9. Links 18/11/2018: Cucumber Linux 2.0 Alpha and Latest Outreachy

    Links for the day



  10. The European Patent Office Comes up With a Plethora of New Buzzwords by Which to Refer to Software Patents

    The permissive attitude towards software patents in Europe is harmful to software developers in Europe; the officials, who never wrote a computer program in their entire life, pretend this is not the case by adopting marketing techniques and surrogate terms



  11. Patent Maximalists in Europe Keep Mentioning China Even Though It Barely Matters to European Patents

    EPO waves a "white flag" in the face of China even though Chinese patents do not matter much to Europe (except when the goal is to encourage low patent quality, attracting humongous patent trolls)



  12. Team UPC Has Been Reduced to Lies, Lies, and More Lies about the Unified Patent Court Agreement

    With the Unified Patent Court Agreement pretty much dead on arrival (an arrival that is never reached, either) the UPC hopefuls -- those looking to profit from lots of frivolous patent litigation in Europe -- resort to bald-faced lying



  13. Links 17/11/2018: Mesa 18.3 RC3, Total War: WARHAMMER II, GNOME 3.31.2

    Links for the day



  14. Links 16/11/2018: Red Hat Enterprise Linux 8 Beta, Mesa 18.2.5, VirtualBox 6.0 Beta 2

    Links for the day



  15. Berkheimer or No Berkheimer, Software Patents Remain Mostly Unenforceable in the United States and the Supreme Court is Fine With That

    35 U.S.C. § 101, which is based on cases like Alice and Mayo, offers the 'perfect storm' against software patents; it doesn't look like any of that will change any time soon (if ever)



  16. Ignoring and Bashing Courts: Is This the Future of Patent Offices in the West?

    Andrei Iancu, who is trying to water down 35 U.S.C. § 101 while Trump ‘waters down’ SCOTUS (which delivered Alice), isn’t alone; António Campinos, the new President of the EPO, is constantly promoting software patents (which European courts reject, citing the EPC) and even Australia’s litigation ‘industry’ is dissenting against Australian courts that stubbornly reject software patents



  17. Patent Maximalists Are Still Trying to Figure Out How to Stop PTAB or Prevent US Patent Quality From Ever Improving

    Improvements are being made to US patents because of the Patent Trial and Appeal Board (PTAB), which amends/culls/pro-actively rejects (at application phases) bad patents; but the likes of Andrei Iancu cannot stand that because they're patent maximalists, who personally gain from an over-saturation of patents



  18. Links 15/11/2018: Zentyal 6.0, Deepin 15.8, Thunderbird Project Hiring

    Links for the day



  19. A Question of Debt: António Campinos, Lexology, Law Gazette, and Sam Gyimah

    Ineptitude in the media which dominates if not monopolises UPC coverage means that laws detrimental to everyone but patent lawyers are nowadays being pushed even by ministers (not just those whose clandestine vote is used/bought to steal democracy overnight)



  20. Science Minister Sam Gyimah and the EPO Are Eager to Attack Science by Bringing Patent Trolls to Europe/European Union and the United Kingdom

    Team UPC has managed to indoctrinate or hijack key positions, causing those whose job is to promote science to actually promote patent trolls and litigation (suppressing science rather than advancing it)



  21. USF Revisits EPO Abuses, Highlighting an Urgent Need for Action

    “Staff Representation Disciplinary Cases” — a message circulated at the end of last week — reveals the persistence of union-busting agenda and injustice at the EPO



  22. Links 14/11/2018: KDevelop 5.3, Omarine 5.3, Canonical Not for Sale

    Links for the day



  23. Second Day of EPOPIC: Yet More Promotion of Software Patents in Europe in Defiance of Courts, EPC, Parliament and Common Sense

    Using bogus interpretations of the EPC — ones that courts have repeatedly rejected — the EPO continues to grant bogus/fake/bunk patents on abstract ideas, then justifies that practice (when the audience comes from the litigation ‘industry’)



  24. Allegations That António Campinos 'Bought' His Presidency and is Still Paying for it

    Rumours persist that after Battistelli had rigged the election in favour of his compatriot nefarious things related to that were still visible



  25. WIPO Corruption and Coverup Mirror EPO Tactics

    Suppression of staff representatives and whistleblowers carries on at WIPO and the EPO; people who speak out about abuses are themselves being treated like abusers



  26. Links 13/11/2018: HPC Domination (Top 500 All GNU/Linux) and OpenStack News

    Links for the day



  27. The USPTO and EPO Pretend to Care About Patent Quality by Mingling With the Terms “Patent” and “Quality”

    The whole "patent quality" propaganda from EPO and USPTO management continues unabated; they strive to maintain the fiction that quality rather than money is their prime motivator



  28. Yannis Skulikaris Promotes Software Patents at EPOPIC, Defending the Questionable Practice Under António Campinos

    The reckless advocacy for abstract patents on mere algorithms from a new and less familiar face; the EPO is definitely eager to grant software patents and it explains to stakeholders how to do it



  29. The U.S. Chamber of Commerce is Working for Patent Trolls and Patent Maximalists

    The patent trolls' propagandists are joining forces and pushing for a patent system that is hostile to science, technology, and innovation in general (so as to enable a bunch of aggressive law firms to tax everybody)



  30. Team UPC, Fronting for Patent Trolls From the US, is Calling Facts “Resistance”

    The tactics of Team UPC have gotten so tastelessly bad and its motivation so shallow (extortion in Europe) that one begins to wonder why these people are willing to tarnish everything that's left of their reputation


CoPilotCo

RSS 64x64RSS Feed: subscribe to the RSS feed for regular updates

Home iconSite Wiki: You can improve this site by helping the extension of the site's content

Home iconSite Home: Background about the site and some key features in the front page

Chat iconIRC Channel: Come and chat with us in real time

CoPilotCo

Recent Posts