Please create an account to participate in the Slashdot moderation system


Forgot your password?
Microsoft Red Hat Software Linux

Linus Torvalds Explodes at Red Hat Developer 786

sfcrazy writes "Quite a lot of people raised their eyebrows the way ex-Red Hat developer Matthew Garrett made Microsoft the 'universal' control of any desktops PCs running with UEFI secure boot. Though the intentions of Garrett were clear — to enable GNU/Linux to be able to run Linux on Windows 8 certified PCs with secure boot; it was clearly putting Microsoft in a very powerful position. Linus, while a supporter of secure boot, exploded at Garrett and Howells when they proposed its inclusion in the kernel. Linus responded: 'Guys, this is not a d*#@-sucking contest. If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it's in that f*cking pull request.'" Update: 02/25 17:24 GMT by U L : The headline/article are misleading, since mjg seems to agree that the patch is a bit complicated : "(I mean, *I'm* fine with the idea that they're *@#$ing idiots and deserve to be miserable, but apparently there's people who think this is a vital part of a business model)". The issue at hand is a set of patches to load and store keys inside of a UEFI PE binary which is then passed to the kernel, which then extracts the keys from the binary. It's absurd, it's messy, and it's only needed because Microsoft will only sign PE binaries so not supporting it makes restricted boot even more difficult to support.
This discussion has been archived. No new comments can be posted.

Linus Torvalds Explodes at Red Hat Developer

Comments Filter:
  • by ledow ( 319597 ) on Monday February 25, 2013 @10:52AM (#43002605) Homepage

    Given that Linux is running on everything from my phone to my sat-nav to (some of) my clients to (some of) my servers and just about every oddball bit of embedded hardware in my entire workplace, I don't think Linux is suffering much.

    And what he's basically doing is telling MS, and MS sycophants, that he doesn't want an OS where MS has to "sign off" on any changes in the bootloaders, etc. to make sure they are "secure". It's like being told that all pensions in the world now have to be signed off by Robert Maxwell, who can revoke your ability to use yours (even if you're nothing to do with him) on a whim.

    The day MS lets in a bit of code into their OS that lets Linus turn off any and all Windows machines he wants - whether on a whim or for a good reason - and that they have to run past him every time they want a change made, that's the day I'll let someone put MS-signed junk into a Linux kernel that I use.

  • by Anonymous Coward on Monday February 25, 2013 @10:53AM (#43002617)

    I dunno... If you read the entire conversation in context it's not that bad and seems more like a slight fist shaking rather than explosion.

  • by rioki ( 1328185 ) on Monday February 25, 2013 @11:00AM (#43002741) Homepage

    Sounds like that other person that is really annoying... Oh yea RMS... Annoying as hell, but free software would not be in such a good position where it is now if it was not form him.

  • by betterunixthanunix ( 980855 ) on Monday February 25, 2013 @11:02AM (#43002783)
    The high-level view is this: Microsoft wants to ensure that nobody can run unapproved software on their home computers. As a first step toward this nightmare, they bullied computer makers into shipping a bootloader signature system that could potentially prevent people from running GNU/Linux. Red Hat, a multibillion dollar GNU/Linux distributor, decided to play along and got a special signing key from Microsoft. Linus apparently does not want to play along (and I commend him for it).
  • by Anonymous Coward on Monday February 25, 2013 @11:05AM (#43002823)

    As Cardinal Richeleiu is reputed to have said:

    Give me six lines written by the most honest of men, and I will find something to hang him.

    Take it out of context and give it an inflamatory introduction and it looks like an explosion.
    Read the exchange in the original context and it reads like just another frank exchange on the LKML.

  • by Anonymous Coward on Monday February 25, 2013 @11:12AM (#43002913)

    Must be why its the core of juniper JunOS, every Netapp filer, every iDevice, every Mac, every Cisco IronPort, etc.

    Corporate dead ends, in service to antihumanist zaibatsu.... unlike OpenBSD or debian GNU/Linux, which are advancing the human condition through openness and sharing.

  • Re:so uh... (Score:5, Informative)

    by swilver ( 617741 ) on Monday February 25, 2013 @11:13AM (#43002925)

    No, he moved to America.

  • Re:so uh... (Score:4, Informative)

    by IRWolfie- ( 1148617 ) on Monday February 25, 2013 @11:18AM (#43003001)

    He explains his reasoning here: []

    Perhaps hear his own explanation before calling him a douche.

  • by mehemiah ( 971799 ) on Monday February 25, 2013 @11:19AM (#43003007) Homepage Journal
    First of all, its not just ideological that he doesn't want such specific code in the Linux kernel. For the same reason he doesn't want to put tools/kvm in the kernel, its not germane to BEING A KERNEL so its NOT going into the kernel! read the mail yourself. Its like a government program, in that its likely to live forever, however, Linus wants Linux to outlast Microsoft AND RedHat and that code will become vestigial as soon as microsoft moves on to some other way to control hardware vendors. On the other hand, do servers need secure boot? NO, do tablets need secure boot? NO. So this is Linus admonishing developers for even SUGGESTING to include such a corner case in the code of the linux kernel.
  • by h4rr4r ( 612664 ) on Monday February 25, 2013 @11:21AM (#43003053)

    He is speaking about secure boot, which means getting a key signed by MS.

    There are a lot of companies in on making sure your lose your ability to have a computer do as you like and not as the MPAA wants.

  • Re:so uh... (Score:4, Informative)

    by fredprado ( 2569351 ) on Monday February 25, 2013 @11:23AM (#43003077)
    He is right and has little patience for stupidity. Furthermore he doesn't need to be nice. So he isn't.
  • by ArhcAngel ( 247594 ) on Monday February 25, 2013 @11:23AM (#43003085)
    The CSRG [] was funded by DARPA [] while they created BSD [] while Linus was creating Linux gratis. So I would say there was probably very little ideology in the BSD license. Probably just a memo from DARPA.
  • by phoebus1553 ( 522577 ) on Monday February 25, 2013 @11:23AM (#43003087) Homepage

    Honestly, when was the last time you saw SuSe or Debian used in a professional environment?

    Speaking from the small window of the world that I can see... tons. SuSE is the preferred distro for anything that VMWare puts out today since, you know, they own the distro. That means that all of the pre-built appliances for their management services and apps are built on SuSE. Beyond that it's the distribution that IBM uses on any strange architecture they decide to run linux on, for example Watson is SuSE running on Power. I figured it would have been AIX but I was wrong. Beyond that, I'm told that it's also the preferred internal architecture for SAP development and if they can suggest an OS to you for the app servers, that's what it is... although officially they are OS agnostic.

    I don't think you get near any of those things without a pretty big checkbook, so I'll go ahead and call them professional.

  • by Junta ( 36770 ) on Monday February 25, 2013 @11:48AM (#43003441)

    While others have already said 'this specific bit *IS* Microsoft's', I'll also say that UEFI is largely designed around MS conventions and requirements, just like BIOS specs were in the 1980s.

    UEFI interfaces are defined in terms of Microsoft calling conventions and using a binary format defined by Microsoft. The behavior of the system clock is defined in terms of MS expectation of local timezone instead of GMT. All of these things are areas where MS has explicitly deviated from everyone else in the industry, and UEFI happens to follow MS on every last single deviation that presents itself.

    At the core of UEFI, it's genesis was Intel trying to push an incompatible architecture (Itanium) and working closely with MS to assure there would be 'a' Windows running on it which was perceived to be the sole requirement to make the industry dump x86, even if it couldn't run x86 compiled applications. Thinks have evolved from there, but that relationship still defines most of what UEFI continues to be.

  • by Junta ( 36770 ) on Monday February 25, 2013 @11:54AM (#43003533)

    Actually, his explicit concern is that it is a complete and total hack to create PE executables for the express purpose of being dumb containers for x509 certificate data.

    MS already supports alternative signing schemes (e.g. .PS1 scripts can have the ASN.1 content appended in Base64), so getting MS to support ASN.1 content without a PE executable seems like a much more sane solution for the problem Red Hat wants to 'solve'.

  • by Anonymous Coward on Monday February 25, 2013 @11:55AM (#43003555)

    No, we are much further in.

    This is about PE binaries, also known as Windows EXE files.

    As I understand it, it's about signing of drivers, e.g. nVidia drivers, and Redhat doesn't want to sign those, they want nVidia to get their drivers signed directly by Microsoft. And Microsoft will only sign windows EXE files, so this means that signed nVidia Linux drivers have to come in a Windows EXE file, which the kernel then needs to be able to verify the signature of, before loading the driver inside the EXE file.

  • by Junta ( 36770 ) on Monday February 25, 2013 @12:00PM (#43003615)

    Actually, his criticisms aren't about personal computing freedom and secureboot. His criticism is that crafting a PE executable for the express purposes of containing certificate data is utterly asinine. The correct response would be for MS to accomodate signing data in the more usual ways. I suspect a proposol to wrap the x509 data with a dummy ELF file would be met with similar rejection. The difference being no one would propose such a dumbass approach so we'd never find out, it's only thanks to MS dickishness that such a workaround would even be proposed.

  • by mabhatter654 ( 561290 ) on Monday February 25, 2013 @12:08PM (#43003705)

    This isn't "ideological bs" any more. In order to BOOT AND RUN Linux on newer Hardware "sold for Windows 8" you must have a signed bios loader. Red Hat COULD have petitioned for their OWN code to be used, but instead "rent" a key from Microsoft.

    Pnce the old stock flushes, We are just a few month away from EVERY MOTHERBOARD SOLD to require Microsoft's PERMISSION to boot another OS. Not just Dells or HPs pre-configured, but companies are now pushed to sell only "Windows Motherboards" whether you decide to buy Windows or not!

    Even APPLE hardware isn't locked down THAT tightly. We've already had cases where the ol' "API works for Windows" bit not the signed Microsoft alternate-OS key... Out of Samsung notebooks.

    We are back to 1999 and using obscure bugs in the "open" hardware to lock Alternate OSes out of the hardware market... For good. Hope you like Rasperry Pi because niche, custom hardware is the only stuff that will FREELY run Linux from this point on.

  • by CanHasDIY ( 1672858 ) on Monday February 25, 2013 @12:26PM (#43003929) Homepage Journal

    Honestly, when was the last time you saw SuSe or Debian used in a professional environment?

    Every single day, and that's in my point-of-sale work for one of the largest retailers in the United States.

  • by Anonymous Coward on Monday February 25, 2013 @12:27PM (#43003941)

    That video is one of the reasons I *like* Linus.

    But I actually get things done for a living, so I understand where he's coming from.

  • by scubamage ( 727538 ) on Monday February 25, 2013 @12:38PM (#43004079)
    O rly? []
  • by DrSkwid ( 118965 ) on Monday February 25, 2013 @12:44PM (#43004165) Homepage Journal

    Hardware donations do not come from vendors who use OpenSSH on parts of their stuff. They come from individuals. The hardware vendors who use OpenSSH on all of their products have given us a total of one laptop since we developed OpenSSH five years ago. And asking them for that laptop took a year. That was IBM.

    Theo de Raadt []

  • by deanklear ( 2529024 ) on Monday February 25, 2013 @01:04PM (#43004389)

    No one has ever proven or even credibly suggested that Windows or OSX is easier to use than Linux, especially Android.

    Sorry, you're falling flat on your face for this one. Here's why:

    When I ask the question, "How do change the screen resolution?"
    Windows: Control Panel
    Mac: System Preferences
    Linux: It depends

    "Where do I change my network settings?"
    Windows: Control Panel
    Mac: System Preferences
    Linux: It depends

    The reason Windows and Mac and Android are dominating user devices is because they have standardized a GUI environment, and GUI failure is considered operating system failure.

  • by RightSaidFred99 ( 874576 ) on Monday February 25, 2013 @02:27PM (#43005509)

    Thank you for the paranoiacs view.

    Now for the real summary. For many, many reasons the ability to securely load and boot an OS with trust starting almost immediately on boot is desirable. This has been implemented as a secure boot facility that can, on x86 platforms, be disabled and which allows the user to install their own keys. It is an open solution.

    For some reason, many OS vendors have decided to piggy back on Microsoft's signing infrastructure and now some guy put forth a shitty approach to doing this that Linus didn't like for technical reasons. There are non-shitty approaches to said solution, but Linux dweebs generally like to attribute all ills to Microsoft so somehow Microsoft (who doesn't even sell any significant number of computers) is at fault.

The only possible interpretation of any research whatever in the `social sciences' is: some do, some don't. -- Ernest Rutherford