OpenBSD's De Raadt Slams Red Hat, Canonical Over 'Secure' Boot 391
An anonymous reader writes "OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of 'secure' boot along with Windows 8, describing both companies as wanting to be the new Microsoft."
Expected (Score:4, Informative)
I love OpenBSD, and run it on my firewall at home, but anyone who's followed De Raadt over the years has to be 100% expecting this.
Including the over-the-top language.
Re:A bit over the top (Score:2, Informative)
I think in this case, the additional words are important:
"They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety."
I give up liberties all the time, for various reasons.
External intermediate nonce & public key & (Score:5, Informative)
You ship the TPM with a per-TPM public key in it, and a USB dongle with a certificate on it signed with the per-TPM secret key for the per-TPM public key, and then you require the presence of the dongle to intermediate the installation of the OS of your choice onto the machine. You allow installation of other public keys signed with the private key, and you have another public key and separate private key to permit per-device self-signing of whatever code you want, but only on a per-device basis.
Then you have your BIOS/EFI/UEFI/Coreboot/u-boot refuse to do anything other than go into "install mode" if the dongle is inserted so that the dongle will be removed after installation for normal operation so that it can't be abused by malware.
After that, all vendors are responsible for securing their own OS past the point of it being loaded into memory.
Re:A bit over the top (Score:2, Informative)
MS trial [wikipedia.org]
The DOJ announced on September 6, 2001 that it was no longer seeking to break up Microsoft and would instead seek a lesser antitrust penalty. Microsoft decided to draft a settlement proposal allowing PC manufacturers to adopt non-Microsoft software.
Who was president in Sept 2001 again?
Losing Influence (Score:4, Informative)
Personally, I never liked Windows, but with Metro even on Server, I'll be seriously pushing Linux at work.
Re:A bit over the top (Score:5, Informative)
Of course, the DOJ decision was after this little tidbit:
The D.C. Circuit Court of Appeals overturned Judge Jackson's [original judge who issued the breakup order] rulings against Microsoft. This was partly because the Appellate court had adopted a "drastically altered scope of liability" under which the Remedies could be taken, and also partly due to the embargoed interviews Judge Jackson had given to the news media while he was still hearing the case, in violation of the Code of Conduct for US Judges.[17] Judge Jackson did not attend the D.C. Circuit Court of Appeals hearing, in which the appeals court judges accused him of unethical conduct and determined he should have recused himself from the case.
(bracketed bit inserted by me)
Why I Left OpenBSD (Score:0, Informative)
I was a long-time OpenBSD user since the 3.1 days, and cut my teeth on Unix development there. I was attracted by its focus on security and conscientious coding practices. I was happy through the early 4.x days, but the more I got involved in developing for OpenBSD the more I was dissuaded from doing so.
Part of the issue was this focus on security. After I began to use OpenBSD at home and at work in earnest, I realized that it was limited in hardware support compared to other operating systems. I purchased a new workstation and portable within a year of each other, and both times came to some unhappy realizations about OpenBSD support.
I began to seriously look at Linux and FreeBSD at this point, knowing hardware support was much more robust. (I had also looked at NetBSD, but even though it booted on nearly everything, driver support was anemic.) I started to dual-boot FreeBSD on my workstation, and spent more and more time there. But it wasn't only hardware support that pushed me away from OpenBSD.
The FreeBSD development model is, to say the least, more sensible. Like I said, the more I got involved with OpenBSD development the more I was turned away, and that was mostly due to the project leader's attitude. During the run-up to OpenBSD 4.2, Theo de Raadt had been in a couple highly-publicized arguments with Linux developers, rubbing a ton of people the wrong way.
What many don't understand is that this was not an isolated incident. Try being an OpenBSD developer! These kind of scathing verbal assaults happened all of the time on the mailing lists. I was—and still am, actually—unsure whether Theo doesn't give a shit due to some philosophical stance, or can't help it due to something like Asperger syndrome. In either case, he typically drags anyone he disagrees with over the coals, all while telling them to stop taking it personally.
I wish Theo had taken some of his own advice. I believe he has hurt the OpenBSD platform more than he has helped it, and I also firmly believe that hardware support in OpenBSD sucks not because of code auditing practices or security focus, but because Theo has either scared or purposefully chased away developers.
Long-time OpenBSD developers might migrate to FreeBSD or Darwin; newbies might try for Linux instead. Those who taste the de Raadt wrath, however, always run in the end. A friend of mine once incurred his ire by asking the wrong question at the wrong time, and Theo de Raadt hacked his router and remotely remapped his keyboard!
This is abuse, plain and simple, and Theo's relationship with his developers is abusive. I feel bad for anyone who has to engage him in real life, and fear something Reiser-like happening in the future. This controlling, manipulative attitude coupled with periodic violent outbursts indicates a deep-seated mental health issue that has gone unchecked for far too long. If you are an OpenBSD developer, watch your back!
After all this mess, I switched to FreeBSD 7.2 and never looked back. I upgraded to FreeBSD 7.3 and started using FreeBSD 8 as soon as it was in pre-release, and I am eagerly working on FreeBSD 8.1. I feel spoiled now, too, because of the throng of developers devoted to professionally working the FreeBSD platform into something spectacular instead of naggling over trivial matters or admonishing one another.
The thriving FreeBSD ecosystem contrasts sharply with the Jonestown-like atmosphere of OpenBSD. There is also the fact that no one person looms so largely over any other; ego is checked at the door in FreeBSD since the goal is to make a great operating system, not lord over others like David Koresh and a harem of 14-year-old girls.
Feel free to disagree with me or point out counter-examples; I would love to read them now that I have left OpenBSD. I will always have a soft spot in my heart for the little secure operating system even though it leaves me with chills. I sometimes fondly load www.openbsd.org and read the latest release notes and smile wistfully.
It's okay to smile, now that I'm free from OpenBSD.
Re:A bit over the top (Score:5, Informative)
Now here's an essay for you to read..... written by the Free Software Foundation:
(snip)
In theory, there should be no problem. In practice, the situation is more complicated. As currently proposed, Secure Boot impedes free software adoption. It is already bad enough that nearly all computers sold come with Microsoft Windows pre-installed. In order to convince users to try free software, we must convince them to remove the operating system that came on their computers (or to divide their hard drives and make room for a new system, perceptually risking their data in the process).
With Secure Boot, new free software users must take an additional step to install free software operating systems. Because these operating systems do not have keys stored in every computer's firmware by default like Microsoft does, users will have to disable Secure Boot before booting the new system's installer. Proprietary software companies may present this requirement under the guise of "disable security on your computer," which will mislead new users into thinking free software is insecure.
Without a doubt, this is an obstacle we don't need right now, and it is highly questionable that the security gains realized from Secure Boot outweigh the difficulties it will cause in practice for users trying to actually provide for their own security by escaping Microsoft Windows.
It's also a problem because the Windows 8 Logo program currently mandates Restricted Boot on all ARM systems, which includes popular computer types like tablets and phones. It says that users must not be able to disable the boot restrictions or use their own signing keys. In addition to being unacceptable in its own right, this requirement was a reversal from Microsoft's initial public position, which claimed that the Windows 8 program would not block other operating systems from being installed. With this deception, Microsoft has demonstrated that they can't be trusted. While we are interpreting their current guidelines, we must keep in mind that they could change their mind again in the future and expand the ARM restrictions to more kinds of systems.
The best way out of all of this (other than having all computers come pre-installed with free software) would be for free software operating systems to also be installable by default on any computer, without needing to disable Secure Boot. In the last few weeks, we've seen two major GNU/Linux distributions, Fedora and Ubuntu, sketch out two different paths in an attempt to achieve this goal.
Fedora's approach
There is much to like about Fedora's thinking, as explained by Matthew Garrett......... Unfortunately, while it is compliant with the license of GRUB 2 and any other GPLv3-covered software, we see two serious problems with the Microsoft program approach.
1) Users wishing to run in a Secure Boot environment will have to trust Microsoft in order to boot official Fedora. The Secure Boot signing format currently allows only one signature on a binary -- so Fedora's shim bootloader can be signed only by the Microsoft-vouched key. If a user removes Microsoft's key, official Fedora will no longer boot, as long as Secure Boot is on.
2) We reject the recommendation that others join the Microsoft developer program. In addition to the $99 expense being a barrier for many people around the world, the process for joining this program is objectionable. A nonexhaustive list of the problems includes: restrictive terms in multiple of the half-dozen contracts that must be signed, a forced commitment "to receive targeted advertisements and periodic member email messages from Microsoft," and a requirement to provide notarized proof of government-issued identification and a credit card.
Ubuntu's approach
Their approach has the same issue as Fedora's official method. Users have to trust Microsoft in order to boot official Ubuntu CDs. Their certification program amplifies this problem, because it means no one can sell certified Ubuntu machines without trusting Microsoft.
Re:A bit over the top (Score:5, Informative)
), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run.
That is not true.
Their OSes will run just fine provided any of the following are done:
a) the user logs into UEFI and disables secure boot
b) the user logs into UEFI and installs a distro key
c) the user logs into UEFI and installs their own key and signs the distro themselves.
d) the distro provider works with the manufacturer to have their key pre-loaded the same as microsofts.
Microsoft (currently) does prevent or even hinder any one of those alternatives on x86.
Canonical and Red Hat noted that a & b require at least a nomimal effort by the end user. (c requires a fair bit of effort for the end user) And that d required a substantial effort on their part.
So they chose "e) sign our distros with the MS key" that Microsoft already took the effort to have preloaded so that our users don't need to take the nominal step of disabling secure boot or of installing their own keys.
"That is called restraint-of-trade and it is VERY clearly a violation of the Sherman Antitrust "...
No its not.
"now they are actively blocking other OSes from Opera/Google/other OSes from running (unless they beg MS for a license)"
You don't need a license from microsoft. The end user can disable secure boot. The end user can install their own keys. The distro can approach the hardware manufacturer and have their own keys preloaded along side microsofts.
Microsoft isn't preventing anyone from doing anything, and you do not need to interact with microsoft at all to install other OSes.
Please COMPREHEND the above before replying or commenting on the subject further.
Re:Why I Left OpenBSD (Score:3, Informative)
http://www.trollaxor.com/2010/06/why-i-left-openbsd.html
Copy and paste from this retard.
Re:A bit over the top (Score:5, Informative)
"That's a nice 3-page essay (double-space I presume), but it doesn't change the fact Canonical and Redhat were forced to buy a license *from Microsoft* or else their OSes would not run."
That's still not a fact. We were not forced to buy a license. We had several options, which Matthew outlined way back at the start of this whole saga, in this blog post:
http://mjg59.dreamwidth.org/12368.html [dreamwidth.org]
Specifically, the paragraph headlined "Getting the machine booted". It mentions the other options, including "the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it" and "producing some sort of overall Linux key". There is also the obvious negative possibility of simply not signing anything at all; this would require users to disable Secure Boot in the firmware before installing Linux, but it doesn't prevent them from doing so.
Both Fedora (note, Fedora, not RH; RH does not necessarily always follow what Fedora does) and Ubuntu had several choices and _chose_ to go with the Microsoft signing service as the 'least bad' option (well, Ubuntu will also be self-signing, for OEM preloads). The fact that we are _choosing_ to get our releases signed with the Microsoft/Verisign key does not imply that we were _forced_ to do so. We _choose_ to do so on the basis that it'll provide the maximum possible success rate of Fedora installs with the minimum amount of work. We could have chosen to self-sign, or not to sign at all, and ask users to disable Secure Boot or import our key. We decided not to do so.
"Problem si that peope like YOU seem to think corproatuions never od anything wrong"
This is an absurd stretch. You appear to be implying that anyone who suggests that a corporation might ever do anything at all that is _not_ wrong, must therefore believe that a corporation can _never_ do anything wrong. This is clearly ridiculous and false. You also mistake my opinion that Microsoft's actions are _not illegal_ for an opinion that they're _right_. These are not the same thing at all. I have carefully refrained from stating in public any personal opinion on the Rightness or Wrongness, from an ethical/moral standpoint, of Microsoft's actions. This is intentional. What I have said several times is that I don't believe the actions can successfully be characterized as _illegal_. Not everything that's wrong is also illegal. But if something is wrong/bad but not illegal, then you can't defeat that something through the courts. This sub-thread was prompted by someone saying that RH and Canonical should have chosen to prosecute or sue Microsoft. My point is that this is hardly a viable option if the suit would fail.
Re:A bit over the top (Score:3, Informative)
Re:A bit over the top (Score:4, Informative)
Ok, you see, this exactly is a problem. This isn't a monopoly abuse in the classical sense it just is a move to establish the big enterprise at the cost of the smaller solutions. The thing is Microsoft paves the "way" to signed bootloaders in a way that is very unfriendly to homebrew since software can't (AFAIK) auto install it's certs into the pre boot process. This leaves two options: 1) manual installation of the certs by the end user which isn't very straight forward and could even become impossible 2) pre installation of all available certs by the manufaturer (now guess for how many reasons manufacturers aren't going to auto install keys for all available linux/hurd/bsd distros, yep there are many).
Which leaves independent guys that release some spin of some distro out of the game completely since they do not have the manpower to ring up all manufacturers and `demand` the inclusion of their signatures on the manuf's devices' uefi rom and makes it much more difficult for guys trying to do mobile device gnuxes hanging there not knowing how to actually respond.
So yeah. It hasn't anything to do with monopoly or any other 80s board game. It's just the fat bully pushing around the nerds.