Ubuntu Can't Trust FSF's Secure Boot Solution

sfcrazy writes "The Free Software Foundation recently published a whitepaper criticizing Ubuntu's move to drop Grub 2 in order to support Microsoft's UEFI Secure Boot. The FSF also recommended that Ubuntu should reconsider their decision. Ubuntu's charismatic chief, Mark Shuttleworth, has responded to the situation during an interview, and explained the reason they won't change their stand on dropping Grub 2 from Ubuntu. Shuttleworth said, 'The SFLC advice to us was that the FSF could require key disclosure if some OEM screwed up. As nice as it is that someone at the FSF says they would not, we have to plan for a world where leaders change and institutional priorities change. The FSF wrote a licence that would give them the rights to take specific actions, and it's hard for them to argue they never would!'"

Grub bugs

[Twinbee]

I know this is offtopic, but just a quick request to the powers that be. I tried installing Ubuntu a while back, and 'Grub' not only made Ubuntu boot by defaut, but also wouldn't allow any easy way for to change that to Windows. In addition to that, uninstalling Grub proved to be very cumbersome.

I'm sure many would be far less patient than me, so it may help perceptions of Linux/Ubuntu if some of the basics were in place.

Get rid of secure boot

[Anonymous Coward]

If I can't boot linux on a motherboard, I return the motherboard. Its an anti-trust issue. A single motherboard can kill some village idiot outfit like mickeysoft. The FSF is correct. Grub2 is brand new, and works perfectly. Shills and luddites who argue otherwise are brainless pieces of shit. Microsoft needs to die anyway.

Re:Ubuntu understands users

[betterunixthanunix]

I don't understand why Microsoft requires secure boot. Care to explain?

Here is but one example: the market for video games is billions of dollars, and while a lot of that money is in consoles and phones, there is still plenty in PC games. The problem is that on my PC, I can modify the game in arbitrary ways -- I can remove a license check, I can cheat (BIG problem in MMOs), etc. The reason I can do this is that the OS has no good way to stop me -- even if Windows tried to prevent me from running unsigned code, I can run a program before Windows even boots up to get around that restriction.

Thus restricted boot environments become a necessity for Microsoft to turn Windows into a DRM-friendly platform. DRM on PCs is not dead, it was just on vacation while the big players worked on a way to sneak in restricted boot environments. No more grabbing secret keys out of running processes, no more replacing WoW DLLs to cheat, no more patching software to evade license checks. That's why Microsoft requires this.

That is also why we need to fight back against this.

Re:Ubuntu understands users

[jmorris42]

> Secure Boot is very much required security feature. It will lock out malware that hides rootkits in boot sector. That's a very good thing.

Somebody with more crypto knowhow, please put me some knowledge on here. Because I'm not seeing it that way. Secure boot will work wonders to ensure Hollywierd and Microsoft that their hardware isn't doing something nasty like letting the guy who put money on the counter and thinks they own it (how funny!) run something of their choosing. What I don't see is how it really protects the user from malware.

The security only runs one way. Once somebody can subvert the boot process in any way (and show me ONE device that hasn't been rooted) all malware need do is what it has always been doing. Take over the boot. Then IT checks the sig on Windows and tells it that "I'm the bootloader, you can trust me." and there isn't a 100% sure way to verify backwards. We all know most vendors will still be flashing the BIOS/UEFI from Windows because anything else will be too much hassle for the end users. They will pretty much have to do it to get key revocation lists. Oh yea they talk now about secure pathways through secured supervisor modes but we know that if it is running Windows nothing on that CPU is really and truly secure. And wait until the motherboard makers start encheapening the system. Remember when a physical write protect jumper was standard to protect flash BIOS? And a ROM portion with an emergency rescue reflash util? When was the last time you saw any of those protective measures on sonsumer equipment?

> It's also optional, so you can always install Linux.

On x86, for now.

Re:They expect OEMs to lock machines down?

[jmorris42]

It gets better. Ubuntu is assuming this lockdown will be happening with OEMs they have a contractual relationship with.

Think about it. I put out Unknown Hacker Linux with a boot loader signed by me. I publish it on my website somewhere. Evil Bit Computers downloads it and installs my public key into the firmware of machines that they then sell to the public in a totally locked state. A buyer of one of those machines decides they want to wipe the preload and install Windows 8. They go Evil Bit and demand they keys per the GPL3 and get an Evil Laugh(TM). Then they come to me and demand the signing key and I tell them, I feel your pain but I'm sorry I can't do that because it would compromise every machine installed with packages signed by that key. And they couldn't do a darned thing to me legally because I have no relationship to Evil Bit Computers. If push came to shove Evil Bit could be required to issue new firmware allowing rekeying or they could be barred from distribution of GPL3 software. But I'd never see the inside of the courthouse.

And now you know why I have never considered Ubuntu. Never could say why, but they have always given off a 'wrong' vibe. Best explanation would be the short story _Young Zaphod Plays It Safe._ Just an undefined unease with em.

Which would be a greater attack on user freedom?

[nweaver]

Which is a greater attack on user freedom?

a) Not being able to change the bootloader?

b) Not being able to install on new systems without changing EFI settings because the signing key got revoked?

Canonical chose "A". Fedora chose A, too, btw, because they didn't sign grub, but built a "pre-bootloader-bootloader" to load Grub.

Re:Ubuntu understands users

[spire3661]

Most of the people in the scene will tell you that the PS3 wasnt cracked for 4 years because the truly skilled people that crack this stuff were being hands off about it. Once Sony went into full on evil mode, all bets were off.

Re:Ubuntu understands users

[KingMotley]

I don't understand why Microsoft requires secure boot. Care to explain?

Because, it is fairly easy -- especially with so much open source software out there -- to create malware that gets control of the system before the OS does. This malware will then hide itself, using hardware, to intercept any attempt to find it and virtualize the checks to fail. Simply, once in place, it is in control of your system, and the OS (or any anti-virus, etc) software from even being able to tell it is on your system at all. Basically, in the first moments you turn on your computer, you've lost the battle, and there is nothing any software can do to remove the malware, or even detect it is even on the system at all. Please note, this isn't just a Microsoft problem, you can have linux, unix, or OS/X, etc all rootkitted as well. It's just many linux folks don't understand the problem, don't care, and like spreading FUD because it hasn't affected them YET.

I mean the boot sector "virus"/"malware" thing is highly overrated. I've never seen one in the wild. The situation as is was just fine.

I've seen many. In fact, it's pervasive enough that sony created one for it's own gain -- http://en.wikipedia.org/wiki/Sony_BMG_copy_protection_rootkit_scandal [wikipedia.org]

Re:Mandatory Warning.

[Anonymous Coward]

Can't prove he's on someone's payroll, but damn sure he's a sockpuppet and troll.

Here, check his first ever posts [slashdot.org] and compare with his likely previous account [slashdot.org] (which only survived for a few hours).

Except for common talk points and phrasing, "Google abuses opensource", "only gives back what they're required to by GPL", "hidden behind servers", note the behavioural similarities, fresh account, dives into Google/MS related discussion right from the start with pro-MS/anti-Google trend, manages to weave agenda-related comments into not really on topic conversations.

Re:Why are we allowing these "people" to do this?

[GameboyRMH]

Gees, ten years isn't that long, have you folks forgotten already?

Everyone forgot their last vague memories of the importance of computing freedom after iOS showed them how nice the inside of a prison cell could be.

Re:SECURE BOOT IS A FRAUD

[Jeremiah Cornelius]

Bingo.

This serves the interest of every RENT TAKER on your PC - and does so by depriving YOU, the "owner" of the machine. Your choice is limited, to created guarantee of revenue to certain corporations.

Mind you, now. Shuttleworth is either naive - or playing a sacrifice move in the Chess game. This is an incremental step towards the death of Linux/BSD/etc on general-purpose hardware. It is a CRITICAL step - the direction of the game will be decided on how this plays.

Why doesn't Canonical just ask their partners?

[Qubit]

Sure, it would need to be finalized in a legal document, but the first draft can look something like this:

Canonical: Howdy, Partner. When we work together to bring a computer to market running Ubuntu and GPLv3'd GRUB, can you make sure that the end-user is able to install their own signing keys so they can install modified versions of GRUB, per the licensing terms?

Partner: Okay, how would we do that? I mean, how can we make sure that we meet the terms of the license?

C: It's not that difficult. Basically y'all just need to make sure that the end-user can change the set of signing keys listed in the firmware. The Free Software Foundation wrote a whitepaper [fsf.org] about it. You can also contact them via email if you have any questions!

P: Wow. That's really difficult to understand, too bad we don't have any engineers on staff who can figure....awww... I'm just kidding with you, of course we have skilled engineers and lawyers on staff. We even have people who know how to write emails. We should be all set!

C: Awesome, Partner. Before you actually ship hardware with an Ubuntu-Certified sticker on it, why don't you send one of the pieces of hardware to us so that we can manually test to make sure that end users can install their own signing keys. We'll use my son jimmy, 'cause we want to make sure it's so easy a kid can do it.

P: Okay, sounds great on my end. Glad that we had this conversation. I was worried it would take all day, but it really just took 15 minutes of my time.

C: Yep. Now remember: If you do ship some hardware with GRUB installed and you make a mistake so that users can't install their own signing keys, you're going to have to make a firmware update or otherwise make this problem right. Understand?

P: Isn't that what we have to do when we break the license of any of the pieces of software that we ship on our devices?

C: Yes. But I just wanted to make sure that we stated it explictly so that you wouldn't try to push the mistake off on us.

P: Fair enough.

C: Great to talk. We'll put all of this down in the formal contract when our lawyers draw it up. Have your engineers call our engineers about any kernel bugs. We should be able to get this hardware out by Q1 of 2013. So long!

P: Bye!

---------------

I mean, seriously, what's The Big Deal here? Just make some contracts with your hardware partners and hold them to the terms of the contracts like every other business deal that has ever happened. Why does Canonical think this is so difficult?