Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Red Hat Software Ubuntu Linux

Red Hat Clarifies Doubts Over UEFI Secure Boot Solution 437

sfcrazy writes "Red Hat's Tim Burke has clarified Fedora/Red Hat's solution to Microsoft's secure boot implementation. He said, 'Some conspiracy theorists bristle at the thought of Red Hat and other Linux distributions using a Microsoft initiated key registration scheme. Suffice it to say that Red Hat would not have endorsed this model if we were not comfortable that it is a good-faith initiative.'" Color me unimpressed, and certainly concerned: "A healthy dynamic of the Linux open source development model is the ability to roll-your-own. For example, users take Fedora and rebuild custom variants to meet personal interest or experiment in new innovations. Such creative individuals can also participate by simply enrolling in the $99 one time fee to license UEFI. For users performing local customization, they will have the ability to self-register their own trusted keys on their own systems at no cost." From what I can tell, the worst fears of the trusted computing initiative are coming true despite any justifications from Red Hat here. Note that the ability to install your owns keys is certainly not a guaranteed right.
This discussion has been archived. No new comments can be posted.

Red Hat Clarifies Doubts Over UEFI Secure Boot Solution

Comments Filter:
  • User key management (Score:5, Interesting)

    by Junta ( 36770 ) on Wednesday June 06, 2012 @09:03AM (#40231149)

    self-register their own trusted keys on their own systems at no cost.

    How? Most reasonable mechanisms that could be envisioned would likely be considered an 'attack vector' in certain scenarios. I'm genuinely curious as to the mechanisms allowed for end-user key management in this sort of system.

  • GPL v3 (Score:4, Interesting)

    by M. Baranczak ( 726671 ) on Wednesday June 06, 2012 @09:17AM (#40231287)

    Doesn't this violate the "anti-Tivo" clause of GPL v3? Sure, the kernel is still on v2, but the system can't run without all the v3 stuff.

    This will not stand, man.

  • by DarwinSurvivor ( 1752106 ) on Wednesday June 06, 2012 @09:22AM (#40231343)
    Except there's a new twist this time. Microsoft is REQUIRING secure-boot if OEM's want to put the "ceritified for windows" sticker on the machine. Believe it or not, that sticker is worth a LOT to OEM's.
  • Re:Just say 'No' (Score:5, Interesting)

    by gregthebunny ( 1502041 ) on Wednesday June 06, 2012 @09:36AM (#40231489) Journal
    Agreed! This is an opportunity for us to protest with our wallets. Not only will I be actively pursuing non-UEFI motherboards, but I will also be actively campaigning my colleagues, coworkers, friends, and family to not buy non-UEFI machines as well. Microsoft is trying to fix a system that isn't broken. They shouldn't have to rely on securities at the hardware and BIOS level to lock down their new operating systems. They should just, you know, build a more secure operating system...
  • by quarkscat ( 697644 ) on Wednesday June 06, 2012 @10:02AM (#40231785)

    UEFI is an OEM Software Vendor's bald-faced grab at monopoly power. Microsoft would be the key generator. Redhat would pay Microsoft a one-time fee per user machine, which RH figures likely to be a one-time $99 fee. This charge would be per machine, not per user, as it is likely that no 2 computers on the same network can have the same key. How many linux users not running servers would be willing to pay their OEM Linux Software Vendor an extra $100 over the current cost of that software per machine? What impact would this have on the number of desktop linux users? How many would forego any switch from the Microsoft OS pre-installed for an extra additional $100, per machine?

    IIRC, when Microsoft first began trying to compete with Server Software against the the Big Iron Server Vendors, flexibility in number of connected clients, and owning the HW and the SW license was considerably cheaper than an annual HW & SW service agreement. Digital Equipment, Silicon Graphics, and Sun Microsystems are gone, Microsoft has so much influence over HW manufacturers that an effort was made to rein in competition. Control of the UEFI Boot AUTH Key by a self-avowed SW monopoly would appear to, in one fell swoop, destroy a segment of the Desktop OS competition AND create a robust new revenue stream at the same time. The crony corporatists are greedy vampires, as one named John D. was quoted as saying "Competition is a sin."

    So, which recently topping $1 Billion in revenues OEM SW Vendor just climb into bed, figuratively speaking, with Microsoft? Red Hat? Gee whiz, I wonder how many of Red Hat's plethora of desktop linux competition, or for that matter, any *nix-like OS Vendor would care for their product to be automatically boosted in price by $100 (minimum) to establish an UEFI Boot AUTH Key "Associate" account with Microsoft? When is More Evil just too much?

    Free market capitalism, by definition, should be operating on a level playing field of regulation and enforcement. The greater and greater concentration of economic power and influence in the hands of fewer and fewer corporations is hardly an indication of a vibrant free market. But that is a symptom of corporatism, and when government is in alliance with those crony corporate interests instead of the general well-being of all taxpayers, it is called corporate socialism also sometimes known as national socialism or fascism.

  • by badfish99 ( 826052 ) on Wednesday June 06, 2012 @11:07AM (#40232615)

    So I'm a philanthropically-minded linux user with $99 to spare. I give that money to Microsoft, and they give me some magic key that lets me write linux kernels that will run on anyone's machine. I immediately publish that key on my website, for anyone to use. Now any criminal can use this key to run their malware on any machine.

    Obviously it doesn't work like this, or the whole scheme would be useless. So how is it going to work?

    I read TFA, and as far as I can tell, it *does* work like that: for $99, I get my key sent to the hardware vendors to be put into their UEFI boot chips. So will everyone get a free "bios upgrade" when I deliberately leak my key?

  • by bws111 ( 1216812 ) on Wednesday June 06, 2012 @11:27AM (#40232929)

    Untrue. The requirement is that secure boot can not be disabled. If you have a signed bootloader (like one from Red Hat, Fedora, or any other distro that pays the $99 to use this service) you can boot any OS you want.

e-credibility: the non-guaranteeable likelihood that the electronic data you're seeing is genuine rather than somebody's made-up crap. - Karl Lehenbauer