Red Hat Clarifies Doubts Over UEFI Secure Boot Solution

sfcrazy writes "Red Hat's Tim Burke has clarified Fedora/Red Hat's solution to Microsoft's secure boot implementation. He said, 'Some conspiracy theorists bristle at the thought of Red Hat and other Linux distributions using a Microsoft initiated key registration scheme. Suffice it to say that Red Hat would not have endorsed this model if we were not comfortable that it is a good-faith initiative.'" Color me unimpressed, and certainly concerned: "A healthy dynamic of the Linux open source development model is the ability to roll-your-own. For example, users take Fedora and rebuild custom variants to meet personal interest or experiment in new innovations. Such creative individuals can also participate by simply enrolling in the $99 one time fee to license UEFI. For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost." From what I can tell, the worst fears of the trusted computing initiative are coming true despite any justifications from Red Hat here. Note that the ability to install your owns keys is certainly not a guaranteed right.

MS's last dual-boot solution worked so well

[WillAdams]

for the other side of the house....

They advocated for a dual-boot system which would allow Windows for Pen Computing to co-exist along w/ Go Corporation's PenPoint OS --- then pulled the plug after the first systems were announced.

Jerry Kaplan's _StartUp_ should be required reading for anyone considering doing business w/ Microsoft.

It's ludicrous that one could purchase a system and then not be allowed to install arbitrary software on it --- why can't there be a mechanism for instantiating a particular key on a system which one has physical access to?

William

Re:So where's the security?

[itsthebin]

notwithstanding that we have just had news of a major security breach that used Microsoft security certificates

Re:I hope a gang of lawyers

[cryptizard]

It has been stated many times, the fee is not going to Microsoft but Verisign. Essentially Red Hat is gaining the ability to run their own root of trust by having a signed "stage 0" bootloader that will in turn load any image signed by Red Hat's private key. This micro-bootloader will most likely just chain load a special version of grub that will verify the kernel is signed by a correct key (at this point, any key that Red Hat wants). I really don't see the problem with any of this. As they said in the first report, any big name, trustable Linux organization could volunteer to get their root key signed using this same arrangement and then run a free, open root of trust that could verify other distributions. The problem is no one wants that kind of responsibility. The only downside to this whole mess is that not all motherboards will offer you the ability to install your own root certificates, which could impact the ability to homebrew a Linux distro, but in the end people that care about that kind of thing will only but motherboards that have that ability.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:So where's the security?

[neokushan]

Not quite, summary:

For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost.

The $99 license is for if you want to distribute yours to other machines. The point is that it's a price that hits a line between "too expensive and will put vendors out of business" and "So cheap any asshat can get one". What it boils down to is the CA correctly authenticating the buyer, if malware vendors get a key signed by them it's the CA's fault.

Now someone who buys a key and recklessly leaves it lying around an insecure place, on the other hand, is a different matter....

Re:Tempest in a teacup?

[Anonymous Coward]

People are getting their knickers all twisted because 'The Man' might one day prevent self registered keys. I guess MS might do this in the future if they really wanted to have another round of antitrust proceedings.

For ARM-based systems, 'The Man' has already prevented self-registered keys for any Windows 8 certified machine. See the last link in the summary from Matthew Garrett (a Red Hat engineer).

Re:I hope a gang of lawyers

[Anonymous Coward]

The problem is no one wants that kind of responsibility. The only downside to this whole mess is that not all motherboards will offer you the ability to install your own root certificates, which could impact the ability to homebrew a Linux distro, but in the end people that care about that kind of thing will only but motherboards that have that ability.

The point of open-source is to be able to run any code you want, not just those signed by large corporations. Users, previously not belonging to your elite category, who bought a motherboard without checking, and who now realise the benefits of a custom kernel, will find that they have no option but to buy a new machine.

Re:The Red Hat Wizard Falls Under Sauron's Spell

[a90Tj2P7]

UEFI is an OEM Software Vendor's bald-faced grab at monopoly power. Microsoft would be the key generator. Redhat would pay Microsoft a one-time fee per user machine, which RH figures likely to be a one-time $99 fee. This charge would be per machine, not per user, as it is likely that no 2 computers on the same network can have the same key.

I couldn't make it through the first paragraph without hitting ridiculous levels of FUD. MS isn't the key generator. They're not even the generator of their own key. The license isn't per-machine, it's per-source/vendor. There's no kind of per-machine restriction, in any way, shape or form.

Re:So where's the security?

[Anonymous Coward]

Actually, this is not quite correct. For ARM systems, Windows forces hardware manufacturers to make it IMPOSSIBLE for someone to install another OS. (It's in their license for Windows 8)

Re:So where's the security?

[ZeroSumHappiness]

The software you put on the machine should be signed. So long as you use signed software the whole thing is a no-op for you. If you want to install a Linux distro that has not been signed with Microsoft's keychain, however, you'll have to either turn off secure boot or install that distro's key into the UEFI.

I'm Seeing A Lot of Misinformation Swirling

[GeorgeRidout]

Unless I'm very much mistaken (please feel free to correct me) I'm seeing a lot of incorrect information around this. As I understand it: A) You can turn it off by going into the BIOS. Then you can boot anything you like. B) Each boot-loader for each individual OS requires signing by the manufacturer. As I understand it, Redhat were asked if they would be the custodians of 'one true' Linux key and they didn't want to be responsible for it on behalf of other distro makers. C) Redhat approached PC manufacters who were very receptive to their key being included with all hardware, however Redhat felt there would be an impression that they were levaraging their size as unfair competition. D) MS offered to sign distro's and OS's with their own key as long as the maker was registered with them for $99 which is surely below cost. Ideologically it is not ideal I agree but it could be worse no? Ideally some garanteed impartial third party would sign all OS's from one key. But who? Thanks for reading

Re:Just say 'No'

[h4rr4r]

Too bad that they have already shown their true colors by mandating that it cannot be disabled for ARM platforms. Expect that to come to the PC space sooner than later.

Re:Faith

[Anonymous Coward]

Micky your're an idiot.

Re:So where's the security?

[AmiMoJo]

It doesn't say you can't let the user add their own certs and self-sign either. Slightly more work for us but much more security for the clueless majority.

Re:So where's the security?

[bws111]

It does not work like that. Here is a very simplified overview of how it works:

Someone writes a bootloader. That bootloader gets digitally signed.

At boot time, UEFI finds the bootloader, and verifies that it was signed by someone trusted by the UEFI, and that the code is intact based on the signature.

If the above test passes, the boot loader is loaded, and UEFI uses TPM to leave a trace that UEFI (signed by x) says that the boot loader is OK. Control is passed to the boot loader

The boot loader finds the next thing in the boot sequence (kernel, probably) and performs the same validation of it and leaves another TPM trace that says the bootloader (signed by y) says the kernel is OK.

This process repeats with everything that is loaded, right up to the application.

At any point, a piece of code can use TPM to check all of the traces leading up to itself. If any of those traces were made by someone you don't trust, the whole thing can be considered to be untrusted.

So, in your scenario, you give your $99 to Microsoft, and get a key that can be used to sign your bootloader. If you want, you can hand that key out, and anyone can sign a bootloader, including malware writers. However, just because someone verified that your bootloader was not tampered with (ie UEFI verifying the signature) does not mean that anyone has to trust your bootloader. As soon as the Windows kernel gets running and checks with TPM and finds out that the bootloader was signed by badfish99 it can switch into 'untrusted' mode, whatever that means. And if you somehow manage to replace not only the bootloader but also the kernel, the next thing loaded can find out that the kernel was not signed by someone trusted. And so on. In order to effectively install something untrusted without being detected you pretty much have to replace the whole system, from bootloader to applications and everything in between.