Bonum Certa Men Certa

GNU/Linux Users Infuriated by Microsoft's Lennart Poettering Attacking Linux Freedom

Related: Microsoft is Trying to Hire (Read: Pay Salaries to) Matthew Garrett

Did you join Microsoft to attack Linux?



Summary: Microsoft's Lennart Poettering didn't take long to show his true colours... (and agenda)

AS just noted in Daily Links (or here), Lennart Poettering is being bossed by the NSA's foremost tentacle (Microsoft) and he acts accordingly. He says "I would go as far as saying that SecureBoot on Linux distributions is mostly security theater at this point, if you so will." (It is in general the case, not just in Linux)



But he wishes to go further with the security theater.

Although LWN lacks comments on this matter and Phoronix is, as usual, just Microsoft-friendly fluff these days, we need to examine comments in Phoronix. Here are some:

And of course, the UKI must include systemd, that will take over as a UEFI payload and control everything in the system!



Responding to the above:

Next year's new systemd plugin, same old story.



More:



Great. Some of the reasons I can't stand Windows.



How about no, especially if it makes it harder to build your own kernels or to make changes to the initrd



Responding to the above:

That's the fly in the ointment. The whole trusted boot and execution system requires end users to be able to load their own keys into the UEFI boot key store. Not all hardware allows that. For that matter not all PC hardware even allows for it. The only way this works is if there's some way to require OEMs to allow third party keys other than those signed by a megacorp. Apple and Microsoft will fight that with every dirty trick, lawsuit, and just plain underhandedness they can - and not enough users will even notice to bother to protest - so it's unlikely there would be any effective regulatory process to stop it. Think of the kids. Think of the corporate bottom lines. Think of national security. Think of...



To which the reply was:

That is not enough -- if there is a way to enroll user keys, evil maid can use it to inject her own. There are some solutions, but they are super complex in comparison to just fuse corpo-keys. Anyhow, all this requires user to fully trust the motherboard firmware, which is not verifiable.



More:

No, thanks. I'll opt to continue configuring and building my kernels (and initramfs) locally. Unsigned, very true. Trusted by .... me And yes, running an OpenRC system here.



Bureaucracy has arrived at Linux. Every bit needs a form and a signature before it can be flipped.


This is ridiculious. Securtity has nothing to do with signing if there is not trust in that chain. You must trust the parties involved in signing - and in case of Microsoft one would be crazy to trust it (we got lots of proofs). All those pseudo security features made the computers much less trust worthy - using minix to spy on users (Intel) - the stupid boot signatures which are more for making GNU/Linux more inconvenient or broken than making anything more secure. And the big binary monster of systemd may be nice to improve boot time and avoid race conditions, but the killing of processes and other things configuered in disguise does not make the situation better but much worse. Trust comes if you understand your system - and if other use reasonable defaults. Init scripts were easy - systemd is a monster in comparison. So while not against a trusted boot process in general, the authority must be trustworthy - and I am not aware of anything which would provide the necessary level of trust. And if big companies are involved it comes with a necessity of matching agendas - and not concerning security but more to the contrary. So this is just a Trojan Horse ... and a realy obvious one.



Bureaucracy came to Linux decades ago.
No, it was optional and so has not arrived, but was only lurking in the shadow. A bit like you.

The way I see it is this corporate FUD - the type of features corporations create when they have become too large to fail, and need to trick customers to get them to believe they need something they do not. And who is he working for now? Right, Microsoft ... I did not need a secure boot process in 25 years and I did not need Microsoft, and this is not going to change.


And? It's generated locally which makes it 1000 time more trusted than being generated remotely by who knows on what server run by who knows who! Why the fuck would I want it to be built and signed by someone who I don't know and trust? Lennart, get lost with your Microsoft infested ideas that can only think on how to infest more computers with its spyware! From all the employers you couldn't work for another one? I'm starting to feel more and more disgusted about this attitude and thinking that we are so stupid to want thing built by somebody else, especially by Microsoft!



Reply:

If it's reproducible, it kinda doesn't matter who signs it. If it also makes it 1000x harder for anyone to sign images that aren't reproducible, then most end-users have avoided plethora of attacks - quite unattainable for malware makers and most bad actors.

I'm starting to feel more and more annoyed how I can't give regular people an hardened Linux setup resistant to most ab- and misuse. All because of some pointless feet-dragging all while the actual threats to computing freedom fly past unnoticed.



More:

You are simply not save from mega corporations. They will try to cash in on every bit of fear, uncertainty and doubt you may have. They want you to need them and to buy from them. First they tell you it is 'locally generated', then it is 'generated', and then to best buy it from them for a price...



Uhu, so we all need to pay someone else to give us a f* rng nft: “hey daddy, can you please sign my initrd?, here are some bucks for your efforts”, to use whenever it actually matters because, yes, I bet everyone would be able to sign their own stuff, but of course, we would need certified signatures from some megacorp *cough, Microsoft, cough* to use our own things anywhere outside our home lab.

We have seen this sh* with secure boot or web certificates to name two from the top of my mind; good intentions on paper, implementation faulted by design to maximize profit for a selected few.





I have not lost time or work to an attack which would be hindered by secure boot and don't know anyone else who has either. I have repaired and recovered data from computers for myself and others by booting external media of my own contrivance. I gain substantial benefit from external media Linux installations where my usb stick or SSD carries a useful environment to most any machine.

I see zero benefit, only pain as the boot process gets locked down like a cell phone, game console or Windows. It is about security, not user security, not my security, not your security. Who is Lennart working for now? Who is putting up the money? There is a good place to start looking.


"How on earth that now would work" you say... So you do not know and have got no idea. At least are you not hiding your ignorance. You must think all this encryption can be disabled or worked around easily. It is like you expect nightclubs to have two entrances, one with a bouncer and one without, where you can choose one or the other in case the bouncer does not let you in. You seem to be missing the basic principle here. It has to be mandatory at every link and layer, or it will be as weak as the weakest point. So it is either a useless feature or a guaranteed source of trouble for admins and anyone who wants their freedom.



Seems like this is the biggest problem: Asshole vendors that don't allow the user to sign their own shit. Funny how the whole "Trust" issue requires me to trust corporations who have done the wrong things in the past that hire people I've never met and vetted that run closed source code that isn't audited or vetted by a greater community at large.

Am I the weird one for thinking that I don't like being forced to trust them and that it's fucked up that I'm not allowed to trust myself or those that I deem trustworthy? I feel like the phrase "Protect and Serve" comes to mind.

Since you're at Microsoft, how about getting them to flex their muscles into strong-arming vendors and BIOS makers into making a method that allows the user to add their own keys so the initrd can be added to the secure chain and mitigate all the systmed madness...Or have you taken too many Soma Tabs, Linus.

Systemd is great, but it doesn't have to be the solution to every problem. It can be A solution, but it sucks when it's THE solution.



Ah yes, another dubious "security feature" that is just another thinly veiled excuse for big corpos to control the open source ecosystem.

Never forget "Embrace, extend, and extinguish"!



Is Lennart Poettering the Klaus Schwab of linux world? Honest question.



There will be more to come for sure. Maybe even a bunch of Microsoft AstroTurfers.

Recent Techrights' Posts

Twitter (X) is Dying, Now It's Just Like a Mafia-Type Operation of the Man Who Does Nazi Salutes in Public
a form of extortion
The Price of Exposing Corruption in Poland (and Elsewhere)
It's easier to participate in corruption than to merely do the right thing and oppose it
Abuse Inside the Polish Patent Office (UPRP) - Part IX: Minimum Wages For You (Experienced Scientist), Alicante/EU Paydays For Me (Unproductive, Corrupt Official)
Does UPRP maladministration extend to the false belief that qualified and experienced scientists can play the role of circus clowns?
"The Liberating Power of Simply Telling People the Truth."
'polite' bullying
Who Imitates Who? Plagiarist as Client (From Microsoft), 'Plagiarism' at the Law Firm?
let's revisit the subject
 
Links 13/06/2025: US Reduces Nonessential Staff at Baghdad Embassy Ahead of Strikes in Iran, Invasion of California Debated
Links for the day
X11 is Free Software
Whether you agree (e.g. on politics) with the person/s forking it doesn't matter
The More Time Passes, the Better Our Advice on Social Control Media Seems
At the end of the day, any platform you do not control yourself is working for someone else
UK High Court Blasts Brett Wilson LLP for Misusing "GDPR" After Failed Efforts to Censor Critics Using 'Libel' Claims
No wonder this firm is rapidly shrinking
Recent Blunders in Microsoft GitHub (e.g. Slop-Generated Bug Reports or GPL Violations 'as a Service') Taking Their Toll?
Put bluntly, if you still use Microsoft GitHub, then you're slave to Microsoft
American Imperialism and Microsoft Plagiarism
Techrights will therefore do what Microsoft does not want it to do: it'll write even more about Microsoft
When They Have Nothing Left to Help Advance Abusive Litigation for Microsoft People... Other Than Throwing ~500 Pages of Someone Else's Work Into a PDF
Microsoft is having a very tough year
Slopwatch and Yet More Holes in 'Secure Boot' (as Usual!), Promoted Inside Linux by the Man We Are Suing
Today's Slopwatch will be short
Gemini Links 13/06/2025: People You've Left Behind, Life Update and OS Changes
Links for the day
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, June 12, 2025
IRC logs for Thursday, June 12, 2025
Links 12/06/2025: Portland Homeless Deaths Quadruple, COVID Cases Surge in Asia
Links for the day
EPO's Gareth Lord Asked About "Quality and Productivity" or, Put Another Way, Why the EPO Keeps Granting So Many Invalid/Illegal Patents
letter to Lord
EPO's Central Staff Committee (CSC) Scrutinises the Man Who Illegally Grants (and Forces Others to Illegally Participate in Granting) Software Patents in Europe
EPO compels examiners to break the law in the name of obeying illegal "rules" or "orders"
The Latest Rumour Says The Next (as Correctly Predicted Before) Wave of Layoffs at Microsoft is 3 Weeks Away, "Larger Than the First Wave"
Step 2
TV Licensing Used to SPAM Your Postbox, Now It Does the Same to E-mail
First they ask for your E-mail address; then they start nagging you via E-mail
The Toxic Playbook
Either you support Prince Mohammed bin Salman or you're a nazi
It's Possible That BetaNews Got Cracked, But Nobody Talks About It, The Site Contains an Outdated Old Image, No Activity
It's possible that they will never explain what happened to the site and users' accounts
Links 12/06/2025: Beach Boys’ Brian Wilson Dies
Links for the day
Gemini Links 12/06/2025: Video Game Diegesis and Steam Next Fest
Links for the day
Why the Militants Have Lost Every Battle Since 2022 (When Attacking My Wife and I in Various Ways, Even Attacking Our Employers)
This takes patience, sure, but at the end most evildoers face the consequences for their actions
Our Priority is Still Tackling Software Patents and Corruption in Patent Offices
Meanwhile we got compliments on our recent articles, which means that they are effective
Politics Will Impact Software Choices
Will those systems respect users' freedom?
EPO: Neglecting Children to Promote American Monopolies by Shielding Them From European Competition
Yesterday the Central Staff Committee at the EPO spoke about another "reform" at the Office
Slopwatch: Another Day, Another Slopfest, LLM Slop Scrapers Slow Down Our Site
We too have some slop issues; this past day this site and the sister site had to answer about 2.5 million requests (not counting Gemini Protocol) and it's slowing things down for everybody
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, June 11, 2025
IRC logs for Wednesday, June 11, 2025
Links 11/06/2025: More Vulnerabilities Found in 'Smart' Phones, China Extends Reach in the Pacific
Links for the day
Gemini Links 11/06/2025: Grain and Steam Next Fest
Links for the day
Links 11/06/2025: "Quantum" Hype From IBM, US Closer to Martial Law, and “The Nation” Celebrates Milestone
Links for the day
IBM's CEO Roasted, Sizzled and Grilled for Dumb and Inconsistent Vapourware Promises
It looks like being a chronic liar is what it takes to lead the company once synonymous with computing
IBM's Goal Is Not (and Never Was) Computer Users' Freedom
More than 1.5 decades ago I found IBM to be an "ally of convenience" because of OpenDocument Format (ODF)
Wayland Shows the IBM/Red Hat Way of Doing Things
IBM is trying to 'kill' X
GitHub is Proprietary, Controlled by Microsoft, and GPL Violation Warehouse
"IRS tax filing software [will be] released to the people as free software" ... In general this is good news
Slopfarm Catastrophe
Seems like BetaNews (or BetaNoise) has just suffered a major data loss and restored the site from a week-old backup
Abuse Inside the Polish Patent Office (UPRP) - Part VIII: Illegal Working Conditions
How many people need to die for these people to get their massive salaries?
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, June 10, 2025
IRC logs for Tuesday, June 10, 2025