AS just noted in Daily Links (or here), Lennart Poettering is being bossed by the NSA's foremost tentacle (Microsoft) and he acts accordingly. He says "I would go as far as saying that SecureBoot on Linux distributions is mostly security theater at this point, if you so will." (It is in general the case, not just in Linux)
And of course, the UKI must include systemd, that will take over as a UEFI payload and control everything in the system!
Next year's new systemd plugin, same old story.
Great. Some of the reasons I can't stand Windows.
How about no, especially if it makes it harder to build your own kernels or to make changes to the initrd
That's the fly in the ointment. The whole trusted boot and execution system requires end users to be able to load their own keys into the UEFI boot key store. Not all hardware allows that. For that matter not all PC hardware even allows for it. The only way this works is if there's some way to require OEMs to allow third party keys other than those signed by a megacorp. Apple and Microsoft will fight that with every dirty trick, lawsuit, and just plain underhandedness they can - and not enough users will even notice to bother to protest - so it's unlikely there would be any effective regulatory process to stop it. Think of the kids. Think of the corporate bottom lines. Think of national security. Think of...
That is not enough -- if there is a way to enroll user keys, evil maid can use it to inject her own. There are some solutions, but they are super complex in comparison to just fuse corpo-keys. Anyhow, all this requires user to fully trust the motherboard firmware, which is not verifiable.
No, thanks. I'll opt to continue configuring and building my kernels (and initramfs) locally. Unsigned, very true. Trusted by .... me And yes, running an OpenRC system here.
Bureaucracy has arrived at Linux. Every bit needs a form and a signature before it can be flipped.
This is ridiculious. Securtity has nothing to do with signing if there is not trust in that chain. You must trust the parties involved in signing - and in case of Microsoft one would be crazy to trust it (we got lots of proofs). All those pseudo security features made the computers much less trust worthy - using minix to spy on users (Intel) - the stupid boot signatures which are more for making GNU/Linux more inconvenient or broken than making anything more secure. And the big binary monster of systemd may be nice to improve boot time and avoid race conditions, but the killing of processes and other things configuered in disguise does not make the situation better but much worse. Trust comes if you understand your system - and if other use reasonable defaults. Init scripts were easy - systemd is a monster in comparison. So while not against a trusted boot process in general, the authority must be trustworthy - and I am not aware of anything which would provide the necessary level of trust. And if big companies are involved it comes with a necessity of matching agendas - and not concerning security but more to the contrary. So this is just a Trojan Horse ... and a realy obvious one.
Bureaucracy came to Linux decades ago.No, it was optional and so has not arrived, but was only lurking in the shadow. A bit like you.
The way I see it is this corporate FUD - the type of features corporations create when they have become too large to fail, and need to trick customers to get them to believe they need something they do not. And who is he working for now? Right, Microsoft ... I did not need a secure boot process in 25 years and I did not need Microsoft, and this is not going to change.
And? It's generated locally which makes it 1000 time more trusted than being generated remotely by who knows on what server run by who knows who! Why the fuck would I want it to be built and signed by someone who I don't know and trust? Lennart, get lost with your Microsoft infested ideas that can only think on how to infest more computers with its spyware! From all the employers you couldn't work for another one? I'm starting to feel more and more disgusted about this attitude and thinking that we are so stupid to want thing built by somebody else, especially by Microsoft!
If it's reproducible, it kinda doesn't matter who signs it. If it also makes it 1000x harder for anyone to sign images that aren't reproducible, then most end-users have avoided plethora of attacks - quite unattainable for malware makers and most bad actors.
I'm starting to feel more and more annoyed how I can't give regular people an hardened Linux setup resistant to most ab- and misuse. All because of some pointless feet-dragging all while the actual threats to computing freedom fly past unnoticed.
You are simply not save from mega corporations. They will try to cash in on every bit of fear, uncertainty and doubt you may have. They want you to need them and to buy from them. First they tell you it is 'locally generated', then it is 'generated', and then to best buy it from them for a price...
Uhu, so we all need to pay someone else to give us a f* rng nft: “hey daddy, can you please sign my initrd?, here are some bucks for your efforts”, to use whenever it actually matters because, yes, I bet everyone would be able to sign their own stuff, but of course, we would need certified signatures from some megacorp *cough, Microsoft, cough* to use our own things anywhere outside our home lab.
We have seen this sh* with secure boot or web certificates to name two from the top of my mind; good intentions on paper, implementation faulted by design to maximize profit for a selected few.
I have not lost time or work to an attack which would be hindered by secure boot and don't know anyone else who has either. I have repaired and recovered data from computers for myself and others by booting external media of my own contrivance. I gain substantial benefit from external media Linux installations where my usb stick or SSD carries a useful environment to most any machine.
I see zero benefit, only pain as the boot process gets locked down like a cell phone, game console or Windows. It is about security, not user security, not my security, not your security. Who is Lennart working for now? Who is putting up the money? There is a good place to start looking.
"How on earth that now would work" you say... So you do not know and have got no idea. At least are you not hiding your ignorance. You must think all this encryption can be disabled or worked around easily. It is like you expect nightclubs to have two entrances, one with a bouncer and one without, where you can choose one or the other in case the bouncer does not let you in. You seem to be missing the basic principle here. It has to be mandatory at every link and layer, or it will be as weak as the weakest point. So it is either a useless feature or a guaranteed source of trouble for admins and anyone who wants their freedom.
Seems like this is the biggest problem: Asshole vendors that don't allow the user to sign their own shit. Funny how the whole "Trust" issue requires me to trust corporations who have done the wrong things in the past that hire people I've never met and vetted that run closed source code that isn't audited or vetted by a greater community at large.
Am I the weird one for thinking that I don't like being forced to trust them and that it's fucked up that I'm not allowed to trust myself or those that I deem trustworthy? I feel like the phrase "Protect and Serve" comes to mind.
Since you're at Microsoft, how about getting them to flex their muscles into strong-arming vendors and BIOS makers into making a method that allows the user to add their own keys so the initrd can be added to the secure chain and mitigate all the systmed madness...Or have you taken too many Soma Tabs, Linus.
Systemd is great, but it doesn't have to be the solution to every problem. It can be A solution, but it sucks when it's THE solution.
Ah yes, another dubious "security feature" that is just another thinly veiled excuse for big corpos to control the open source ecosystem.
Never forget "Embrace, extend, and extinguish"!
Is Lennart Poettering the Klaus Schwab of linux world? Honest question.