Conspiracy theorists go berzerk: Win8/MS will ban Linux!

[Grall]

UEFI Secure Boot spells doom for open source; Microsoft won't permit decryption keys for free OSes!

...Or, maybe not.

At this stage I assume the secure boot process will be an optional measure, as enforcing this would obviously lock out not just Linux and other open source OSes, but also Microsoft's own Win7, Vista, XP and so on. Clearly not something anyone with half a brain would stand for.

Anyhow, I think most people would agree that more secure OSes are a good thing rather than something bad; a secure boot feature could pretty much kill off the threat of rootkits for example, but what remains somewhat unclear is what will be required to gain access to an encryption key to sign your binaries with.

It would obviously be a pretty large competitive disadvantage to free software if a hefty license fee (or even any kind of fee, really) is involved, for example...

 

[Otto Dafe]

UEFI Secure Boot spells doom for open source; Microsoft won't permit decryption keys for free OSes!

...Or, maybe not.

At this stage I assume the secure boot process will be an optional measure, as enforcing this would obviously lock out not just Linux and other open source OSes, but also Microsoft's own Win7, Vista, XP and so on. Clearly not something anyone with half a brain would stand for.

Anyhow, I think most people would agree that more secure OSes are a good thing rather than something bad;

I don't understand in what sense an encrypted hardware path is 'secure'. It's only secure from the user.

a secure boot feature could pretty much kill off the threat of rootkits for example...

A secure boot feature would in fact be a rootkit. Perhaps you could argue that it might kill off the threats of other rootkits, but that would be ignoring the fact that it's essentially a rootkit platform.

 

[rpg.314]

What do you do when malware uses exploits to elevate privileges and load kernel modules?

Quis custodiet ipso custodes.

 

[rpg.314]

I call BS on all of the security aspects.

Stock Fedora is pretty damn secure. Security is a problem when you have crappy policies like root being the default user. My hunch is that it is a way to force DRM onto machines that remain open and are the primary source for the cracks MAFIAA security.

Would you be surprised if the next iteration of BS said only signed code on windows for security reasons?

 

[Blazkowicz]

it's something done with Chrome OS already.
it feels like a useful barrier of physical security and will be totally optional, you will most likely need a pro or even enterprise version of windows.

a conspiracy theory on this means your linux system administrator who put a BIOS password on your desktop has fascist tendancies.
windows's boot menu can load linux (wubi is one example of using this)

I did read page after page of slashdot discussion about how microsoft palladium would enslave us all, that would be a new Fahrenheit 451, and all.
but in reality microsoft relies on commodity hardware and has many times chosen convenience over strong enforcement : windows XP as root, software updates for cracked windows versions, clicking 'yes' on a UAC prompt rather than entering a password.

one grief I have is microsoft provides a unix subsystem, but you need an "enterprise" or "ultimate" version of windows, "pro" doesn't cut it (unlike with XP). and, not providing a ssh or even telnet client.
I was really looking toward that odd *nix command line as first-citizen class, no matter the limitations.

so even though I was willing to use windows and run X11, bash and daemons in it, I made the switch to using linux full time.

 

[pcchen]

I call BS on all of the security aspects.

Stock Fedora is pretty damn secure. Security is a problem when you have crappy policies like root being the default user. My hunch is that it is a way to force DRM onto machines that remain open and are the primary source for the cracks MAFIAA security.

Would you be surprised if the next iteration of BS said only signed code on windows for security reasons?

But it's actually not that simple. Even if you have a very secure OS with good security model, there could still be some security holes from kernel bugs or application bugs which may allow some malicious codes to install a root kit on your system. Yes, updating security patch regularly reduce this risk, but the problem of a root kit is that a good root kit is virtually undetectable. So once it's settled in it'd be very difficult to even know that you are infected.

 

[Richard]

Could someone explain to me what does hardware/firmware manufacturers deciding to introduce a new feature have anything to do with Microsoft stopping Linux from being installed?

Put in your linux distro usb pen/dvd, boot it and if your firmware complains your distro isn't signed, complain to them?

 

[hoho]

if your firmware complains your distro isn't signed, complain to them?

If by "them" you mean the ones that made the distro then I hope you realize there are tons of people out there that are running pretty much their own distros. Also there are pretty much unlimited amounts of Linux kernel configurations out there, signing them all would be pretty much impossible.

 

[Richard]

Sorry, by "them" I meant the hard/firmware manufacturers.

 

[rpg.314]

But it's actually not that simple. Even if you have a very secure OS with good security model, there could still be some security holes from kernel bugs or application bugs which may allow some malicious codes to install a root kit on your system. Yes, updating security patch regularly reduce this risk, but the problem of a root kit is that a good root kit is virtually undetectable. So once it's settled in it'd be very difficult to even know that you are infected.

Nothing in this world is perfectly secure. So this argument is not about possibility, but probability. You need to make a trade off between the cost of implementing certain policies versus the protection offered by those policies.

Besides, if you run Win over a VM, can't you just capture the video stream from the hypervisor, defeating the DRM?

 

[rpg.314]

Sorry, by "them" I meant the hard/firmware manufacturers.

Here's a good explanation why all this is a bad idea for Linux/BSD and why hw people can't help.

 

[hoho]

Basically the moment you are running your software on the actual hardware there is pretty much nothing you can do to guarantee 100% protection. It's just a matter of time and willingness from people to break any security measures you've used.

 

[pcchen]

Nothing in this world is perfectly secure. So this argument is not about possibility, but probability. You need to make a trade off between the cost of implementing certain policies versus the protection offered by those policies.

Sure. Personally I think since we already have signed executables (when you install something under Windows which requires administrator privilege, you can see the publisher of the executable if it's signed), it's should be a trivial matter to have signed boot images. Of course, the firmware should allow unsigned boot image but it's up to the user to decide whether one should allow an unsigned image to boot.

Besides, if you run Win over a VM, can't you just capture the video stream from the hypervisor, defeating the DRM?

To my understanding, many DRM schemes require signed video driver so they can't be captured (although with I/O virtualization it could be possible, but I'm sure they will plug this hole, if there's a hole).

 

[pcchen]

Here's a good explanation why all this is a bad idea for Linux/BSD and why hw people can't help.

I'm not sure how much Microsoft's leverage here though. If Microsoft provides PC manufacturers money, or discount to their OS if they adhere to this "This PC is Microsoft only" policy, but I'm pretty sure this is bad in the eyes of anti-trust officials. Also, users with interests to run alternative OS will not buy these PC.

Basically the moment you are running your software on the actual hardware there is pretty much nothing you can do to guarantee 100% protection. It's just a matter of time and willingness from people to break any security measures you've used.

Well, security is always a trade-off, so the question is whether the additional security provided by this measure worth the trouble. Of course, from the point of anti-tempering, there are probably other ways to do it (for example, the key management can be made open, but that's another security trade off).

 

[Blazkowicz]

Sure. Personally I think since we already have signed executables (when you install something under Windows which requires administrator privilege, you can see the publisher of the executable if it's signed), it's should be a trivial matter to have signed boot images. Of course, the firmware should allow unsigned boot image but it's up to the user to decide whether one should allow an unsigned image to boot.

we have signed packages in linux as well. I remember thinking, is this DRM, thus evil, thus distros are evil?, but you can always just press 'y'.

 

[hoho]

we have signed packages in linux as well.

Does that mean some specific version of the kernel with specific patchset or something more generic?

 

[Blazkowicz]

To my understanding, many DRM schemes require signed video driver so they can't be captured (although with I/O virtualization it could be possible, but I'm sure they will plug this hole, if there's a hole).

I/O virtualisation (with IOMMU) allows a signed video driver to run and use a real graphics card, rather than the VM using a fake VESA or dummy or simulated card. video output could be encrypted and directed to a physical hdmi or dvi port.

so I wonder if I/O virtualisation allows a previously unworkable DRM scheme to work (if we were talking about something like bluray playback w/ HDCP).

 

[Blazkowicz]

Does that mean some specific version of the kernel with specific patchset or something more generic?

typically the main packages repositories from say ubuntu or debian are signed, that's for all base software and updates. there are a handful of pretty generic kernel images and a few versions of them so if you want a more specific kernel with drivers left out or some additions you would typically build it from source.

I guess it's all to prevent an attack where someone would mess with your DNS or proxy and would trick you into installing malicious software or "updates". there is a nice automatic software delivery system on windows as well, called 'windows update' : wouldn't it be fun if attackers used that to install malware on your computer .

when adding an external package repository you can add a crypto key you will find on the website, or just don't bother.

I've never had to compile a kernel, wasn't there in the bad old times. modern linux has linux kernel modules that can be compiled then loaded or unloaded.
you're always free to do anything to your system, even set the root password blank and run the desktop at root, it's not too different from windows.

 

[rpg.314]

I'm not sure how much Microsoft's leverage here though. If Microsoft provides PC manufacturers money, or discount to their OS if they adhere to this "This PC is Microsoft only" policy, but I'm pretty sure this is bad in the eyes of anti-trust officials. Also, users with interests to run alternative OS will not buy these PC.

Apparently, Win8 will go big on Secure Boot.

Besides, if you bought a Win8 ARM tablet, you would not be able to install linux on it afterwards if it has Secure Boot.

 

[rpg.314]

we have signed packages in linux as well. I remember thinking, is this DRM, thus evil, thus distros are evil?, but you can always just press 'y'.

Signed rpm's != Signed Bootloader.