Linus Torvalds Explodes at Red Hat Developer 786
sfcrazy writes "Quite a lot of people raised their eyebrows the way ex-Red Hat developer Matthew Garrett made Microsoft the 'universal' control of any desktops PCs running with UEFI secure boot. Though the intentions of Garrett were clear — to enable GNU/Linux to be able to run Linux on Windows 8 certified PCs with secure boot; it was clearly putting Microsoft in a very powerful position. Linus, while a supporter of secure boot, exploded at Garrett and Howells when they proposed its inclusion in the kernel. Linus responded: 'Guys, this is not a d*#@-sucking contest. If you want to parse PE binaries, go right ahead. If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it's in that f*cking pull request.'"
Update: 02/25 17:24 GMT by U L : The headline/article are misleading, since mjg seems to agree that the patch is a bit complicated : "(I mean, *I'm* fine with the idea that they're *@#$ing idiots and deserve to be miserable, but apparently there's people who think this is a vital part of a business model)". The issue at hand is a set of patches to load and store keys inside of a UEFI PE binary which is then passed to the kernel, which then extracts the keys from the binary. It's absurd, it's messy, and it's only needed because Microsoft will only sign PE binaries so not supporting it makes restricted boot even more difficult to support.
Re:Linus Torvalds is his own worst enemy (Score:5, Informative)
Given that Linux is running on everything from my phone to my sat-nav to (some of) my clients to (some of) my servers and just about every oddball bit of embedded hardware in my entire workplace, I don't think Linux is suffering much.
And what he's basically doing is telling MS, and MS sycophants, that he doesn't want an OS where MS has to "sign off" on any changes in the bootloaders, etc. to make sure they are "secure". It's like being told that all pensions in the world now have to be signed off by Robert Maxwell, who can revoke your ability to use yours (even if you're nothing to do with him) on a whim.
The day MS lets in a bit of code into their OS that lets Linus turn off any and all Windows machines he wants - whether on a whim or for a good reason - and that they have to run past him every time they want a change made, that's the day I'll let someone put MS-signed junk into a Linux kernel that I use.
Re:Linus Torvalds is his own worst enemy (Score:5, Informative)
I dunno... If you read the entire conversation in context it's not that bad and seems more like a slight fist shaking rather than explosion.
Re:Linus Torvalds is his own worst enemy (Score:4, Informative)
Sounds like that other person that is really annoying... Oh yea RMS... Annoying as hell, but free software would not be in such a good position where it is now if it was not form him.
Where should we start? (Score:5, Informative)
Context is everything (Score:5, Informative)
As Cardinal Richeleiu is reputed to have said:
Take it out of context and give it an inflamatory introduction and it looks like an explosion.
Read the exchange in the original context and it reads like just another frank exchange on the LKML.
Re:Ideology is what it's all about (Score:3, Informative)
Corporate dead ends, in service to antihumanist zaibatsu.... unlike OpenBSD or debian GNU/Linux, which are advancing the human condition through openness and sharing.
Re:so uh... (Score:5, Informative)
No, he moved to America.
Re:so uh... (Score:4, Informative)
He explains his reasoning here: https://www.youtube.com/watch?v=MShbP3OpASA [youtube.com]
Perhaps hear his own explanation before calling him a douche.
Re:Can any one help... (Score:5, Informative)
Re:Linus Torvalds is his own worst enemy (Score:4, Informative)
He is speaking about secure boot, which means getting a key signed by MS.
There are a lot of companies in on making sure your lose your ability to have a computer do as you like and not as the MPAA wants.
Re:so uh... (Score:4, Informative)
Re:Ideology is what it's all about (Score:3, Informative)
Re:Linus Torvalds is his own worst enemy (Score:3, Informative)
Honestly, when was the last time you saw SuSe or Debian used in a professional environment?
Speaking from the small window of the world that I can see... tons. SuSE is the preferred distro for anything that VMWare puts out today since, you know, they own the distro. That means that all of the pre-built appliances for their management services and apps are built on SuSE. Beyond that it's the distribution that IBM uses on any strange architecture they decide to run linux on, for example Watson is SuSE running on Power. I figured it would have been AIX but I was wrong. Beyond that, I'm told that it's also the preferred internal architecture for SAP development and if they can suggest an OS to you for the app servers, that's what it is... although officially they are OS agnostic.
I don't think you get near any of those things without a pretty big checkbook, so I'll go ahead and call them professional.
Re:Linus Torvalds is his own worst enemy (Score:5, Informative)
While others have already said 'this specific bit *IS* Microsoft's', I'll also say that UEFI is largely designed around MS conventions and requirements, just like BIOS specs were in the 1980s.
UEFI interfaces are defined in terms of Microsoft calling conventions and using a binary format defined by Microsoft. The behavior of the system clock is defined in terms of MS expectation of local timezone instead of GMT. All of these things are areas where MS has explicitly deviated from everyone else in the industry, and UEFI happens to follow MS on every last single deviation that presents itself.
At the core of UEFI, it's genesis was Intel trying to push an incompatible architecture (Itanium) and working closely with MS to assure there would be 'a' Windows running on it which was perceived to be the sole requirement to make the industry dump x86, even if it couldn't run x86 compiled applications. Thinks have evolved from there, but that relationship still defines most of what UEFI continues to be.
Re:And this is different from Tivoisation how? (Score:5, Informative)
Actually, his explicit concern is that it is a complete and total hack to create PE executables for the express purpose of being dumb containers for x509 certificate data.
MS already supports alternative signing schemes (e.g. .PS1 scripts can have the ASN.1 content appended in Base64), so getting MS to support ASN.1 content without a PE executable seems like a much more sane solution for the problem Red Hat wants to 'solve'.
Re:Can any one help... (Score:4, Informative)
No, we are much further in.
This is about PE binaries, also known as Windows EXE files.
As I understand it, it's about signing of drivers, e.g. nVidia drivers, and Redhat doesn't want to sign those, they want nVidia to get their drivers signed directly by Microsoft. And Microsoft will only sign windows EXE files, so this means that signed nVidia Linux drivers have to come in a Windows EXE file, which the kernel then needs to be able to verify the signature of, before loading the driver inside the EXE file.
Re:Hit his Stallman Point (Score:5, Informative)
Actually, his criticisms aren't about personal computing freedom and secureboot. His criticism is that crafting a PE executable for the express purposes of containing certificate data is utterly asinine. The correct response would be for MS to accomodate signing data in the more usual ways. I suspect a proposol to wrap the x509 data with a dummy ELF file would be met with similar rejection. The difference being no one would propose such a dumbass approach so we'd never find out, it's only thanks to MS dickishness that such a workaround would even be proposed.
Re:Linus Torvalds is his own worst enemy (Score:5, Informative)
This isn't "ideological bs" any more. In order to BOOT AND RUN Linux on newer Hardware "sold for Windows 8" you must have a signed bios loader. Red Hat COULD have petitioned for their OWN code to be used, but instead "rent" a key from Microsoft.
Pnce the old stock flushes, We are just a few month away from EVERY MOTHERBOARD SOLD to require Microsoft's PERMISSION to boot another OS. Not just Dells or HPs pre-configured, but companies are now pushed to sell only "Windows Motherboards" whether you decide to buy Windows or not!
Even APPLE hardware isn't locked down THAT tightly. We've already had cases where the ol' "API works for Windows" bit not the signed Microsoft alternate-OS key... Out of Samsung notebooks.
We are back to 1999 and using obscure bugs in the "open" hardware to lock Alternate OSes out of the hardware market... For good. Hope you like Rasperry Pi because niche, custom hardware is the only stuff that will FREELY run Linux from this point on.
Re:Linus Torvalds is his own worst enemy (Score:3, Informative)
Honestly, when was the last time you saw SuSe or Debian used in a professional environment?
Every single day, and that's in my point-of-sale work for one of the largest retailers in the United States.
Re:Linux i like. Linus not so, after seeing a talk (Score:3, Informative)
That video is one of the reasons I *like* Linus.
But I actually get things done for a living, so I understand where he's coming from.
Re:Ideology is what it's all about (Score:5, Informative)
Re:Ideology is what it's all about (Score:5, Informative)
Hardware donations do not come from vendors who use OpenSSH on parts of their stuff. They come from individuals. The hardware vendors who use OpenSSH on all of their products have given us a total of one laptop since we developed OpenSSH five years ago. And asking them for that laptop took a year. That was IBM.
Theo de Raadt
http://www.theage.com.au/articles/2004/10/07/1097089476287.html [theage.com.au]
Re:Linus Torvalds is his own worst enemy (Score:2, Informative)
Sorry, you're falling flat on your face for this one. Here's why:
When I ask the question, "How do change the screen resolution?"
Windows: Control Panel
Mac: System Preferences
Linux: It depends
"Where do I change my network settings?"
Windows: Control Panel
Mac: System Preferences
Linux: It depends
The reason Windows and Mac and Android are dominating user devices is because they have standardized a GUI environment, and GUI failure is considered operating system failure.
Re:so uh... (Score:4, Informative)
https://www.youtube.com/watch?feature=player_detailpage&v=MShbP3OpASA#t=2140s [youtube.com]
Re:Where should we start? (Score:4, Informative)
Thank you for the paranoiacs view.
Now for the real summary. For many, many reasons the ability to securely load and boot an OS with trust starting almost immediately on boot is desirable. This has been implemented as a secure boot facility that can, on x86 platforms, be disabled and which allows the user to install their own keys. It is an open solution.
For some reason, many OS vendors have decided to piggy back on Microsoft's signing infrastructure and now some guy put forth a shitty approach to doing this that Linus didn't like for technical reasons. There are non-shitty approaches to said solution, but Linux dweebs generally like to attribute all ills to Microsoft so somehow Microsoft (who doesn't even sell any significant number of computers) is at fault.