Linus Torvalds Clarifies His Position on Signed Modules

An anonymous reader writes "No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs. But, how Linux should handle the fixes required to deal with this problem remains a hot-button issue. Now, as the debate continues hot and heavy, Linus Torvalds, Linux's founder and de facto leader, spells out how he thinks Linux should deal with Secure Boot keys." And it's not in the control of Microsoft: distros should sign only the modules they provide with their key, with user built modules signed by locally generated keys (since, as SSL certification authority break-ins have shown, centralized trust systems are prone to abuse and offer dubious security benefits). Basically, no love for proprietary kernel modules.

Re:Bravo Linus!

[Anonymous Coward]

I recently bought a non-UEFI motherboard (while I still could). This may be my last x86 system, considering how UEFI effectively destroys choice, which is exactly what made the PC industry so great in the first place.

Re:UEFI

[Anonymous Coward]

You're a clueless M$ apologist. To begin with, UEFI is not the problem but this Micro$oft's "secure boot" which should rather be called restricted boot as it has nothing to do with security and everything to do with vendor lock-in. When a convicted monopolist starts something like this, people tend to take notice.

Q: So, what's wrong with Micro$oft?
A: How long time did you say you have? Try reading http://wayback.archive.org/web/20120116153542/http://www.msversus.org/ [archive.org] And then about ooxml and this "secure boot". If you're not lobotomized, you'll start to see a pattern. And it's not pretty.

The hate is real. But it's well motivated.

Re:UEFI

[smpoole7]

> not because this actually does anything at all to inconvenience Linux users.

Ummm ... not necessarily. Linus is concerned about two things:

1. That a Microsoft-signed Linux secure boot key could be used to hack systems. Microsoft could disable the key, which would then disable *Linux* systems. We can argue about whether Microsoft would actually do this, but understandably, Linus isn't excited about placing that kind of power in anyone else's hands.

2. Linus also says, "Before loading any third-party module, you'd better make sure you ask the user for permission. On the console. Not using keys."

Linus can be a tyrant and an anus, but I like where his heart is at. The best quote is this Linux's approach to UEFI is (again quoting), "based on REAL SECURITY and on PUTTING THE USER FIRST."

Agree or disagree, don't just dismiss this as the usual "Microsoft bashing." I'm not a Microsoft hater; we use their stuff alongside F/OSS all over our workplace. I prefer Linux, but I don't hate Microsoft. But I am very concerned about this whole UEFI thing and the way it's shaping up.

So is Linus ... and in his usual, inimitable fashion is telling everyone how he feels. :)

Microsoft and patents.

[Anonymous Coward]

Could microsoft refuse to sign a uefi binary because it violated their patents? If so, this could be a way to get everyone using linux to pay them.

Re:Challenge in court?

[dkleinsc]

Microsoft's OEM stranglehold is so 1998. Now the Linux kernel is everywhere surely we now have a much stronger case against Balmer and his shills.

See, you're misunderstanding that: Microsoft made two mistakes that caused that lawsuit. The first was browser bundling. The second was failing to grease the right palms in Washington. They learned their lesson, began giving out the campaign donations, and all of a sudden the case went from seriously considering the breakup of the OS and application divisions to a settlement that amounted to a slap on the wrist.

My take is that we're probably going to end up with instructions on how to disable secure boot, but it may involve soldering or other physical modifications.

Re:Bravo Linus!

[Anonymous Coward]

What a bunch of hyperbolic twaddle.

Re:Bravo Linus!

[gradinaruvasile]

Lol. Just disable "Secure Boot". Thats your choice right there (AFAIK the disable option is in the Microsoft secure boot spec).
The issue is to run Linux WITH SECURE BOOT ENABLED.

Whitehouse Petition

[DaMattster]

I think this entire issue needs to be looked at by the Attorney General and Federal Trade Commission. The SecureBoot UEFI is nothing more than a form of vendor lock-in, cleverly (or not so much) disguised as a security innovation. Please sign my petition and spread the word: http://wh.gov/wHLq [wh.gov]

Re:Funny

[Dunbal]

They're not adopting Windows 8 because on the whole, Windows 8 sucks or doesn't offer a compelling reason to upgrade. That does not mean that Microsoft will remove secure boot from future operating systems, since most of the drones have no idea at all what it means or what it does, and don't care. If their $500 computer stops working they say "it had a virus" and throw it away and buy another one.

Microsoft

[Anonymous Coward]

Microsoft = small, soft

Their business model has outgrown the company name. They are big and hard. So big, that they can get by with some shit like this. Hard because their head is hard.

Them getting with the hardware designers and creating this secure boot shit, just so it's harder for pirates to pirate a copy of windows8, is the same thing as GM getting with the folks that make roads, and have them install a switch that can disable ALL CARS if GM decides. GM can just state, "What if a GM car is stolen? How are we supposed to be expected to recover the losses?"

So here is another car manufacturer saying that he's not willing to put the GM parts into his cars. That's all. Our world's problems are getting so stupid, that it's sorta hard to tell/believe what's going on.

I think everyone should read the lyrics to "Wish You Were Here" by Pink Floyd. Or maybe another band should release a song called "I wish we weren't here". Again, hard to tell...

Re:Oh, Linus; so adorable when you are angry.

[fnj]

Except Microslop could change what passes for their mind tomorrow and there would be no recourse.

woohoo!

[Sloppy]

Somebody gets it:

encourage things like per-host random keys - with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead. Encourage people to do their own (random) keys, and adding those to their UEFI setups (or not: the whole UEFI thing is more about control than security)

Imagine if someone invented a protocol like ssh, but then suggested that of course, nobody should be able to use it except in situations where a host's key is signed by one of the global CAs, like we do on the web except without the possibility of self-signing or for new CAs to enter the market.

Nobody would call that "secure." They would call it a joke which goes out of its way to be less secure, by deliberately adding an untrustable link. And the fix to such a protocol would be obvious. Well, that's just what Linus did in the above paragraph: he told you how to turn SecureBoot from "just plain stupid" into "decent even if still mostly useless."

Re:Challenge in court?

[Hatta]

The second was failing to grease the right palms in Washington. They learned their lesson, began giving out the campaign donations, and all of a sudden the case went from seriously considering the breakup of the OS and application divisions to a settlement that amounted to a slap on the wrist.

Quoted for emphasis. Microsoft dramatically increased their campaign contributions at the same time they were being prosecuted by the DOJ. It's a perfect example of how corrupt this government has been for decades.

Re:Oh, Linus; so adorable when you are angry.

[ozmanjusri]

Given the evidence of history, it's simple common sense.

Re:Oh, Linus; so adorable when you are angry.

[Sloppy]

It's like democracy. It sucks but is better than everything else.

And if a user 1) lacks the technophilia to be the right person to do it, and 2) lacks the wisdom to defer to another party of their choosing (e.g. a distribution maintainer), then they are a lost cause anyway. There is no solution that is ever going to make their machine secure.

The neat thing about Free OSes is that there are many ways to approach #2, whereas proprietary OSes these days, insist that you must defer to someone (there is no option #1) and may not choose to whom you will defer.

If you happen to think that The One Party to whom you must defer, is unusually trustworthy and competent, then it seems fine. People who look at track records, though, will question the choice, and eventually it always leads to "of course they make it so that you have to trust them; if the choice were left to the computer's owner, they would never choose that company again."

Maybe it's all ancient history to you, but to me, these are the people who thought ActiveX ought to be in web browsers. These are the people who thought an OS should ship such that, by default, it loads and executes code from a CDROM when you insert it. These are the people who still (AFAIK, maybe I'm starting to get out of date) use file names (extensions) instead of permissions, to determine if a file is executable. These are the people who (again, AFAIK, maybe my prejudice is showing) basically invented the idea of a full-fledged programming language engine being in spreadsheets and word processors, which will load and run the code in a document when you load the document. Etc, etc, etc.

I would say that this one company, more than any other that we've ever heard of, has the least credibility if they ever say uneducated users shouldn't be in charge of security. Even an uneducated user isn't likely to make worse choices than Microsoft has. And now they want to be The One global root CA for all code, even outside their own OS. I would say that'd be the funniest thing ever, but then I heard something even more hilarious: some people are taking their proposal seriously.

Re:Oh, Linus; so adorable when you are angry.

[swillden]

act like his wants and opinions are more important than anyone else's.

Actually, when it comes to the Linux kernel, his opinions are more important than anyone else's, because he has final say on it.

True, but it's worth considering why it is that he has the final say. Sure, it was his baby originally, but 20 years later, Linux is an asset worth billions to many big companies with deep pockets and lots of top-notch engineers -- and it's GPLd. If, say, IBM wanted to they could fork the kernel and push their fork farther and faster, make it better-tested, more featureful and more reliable than Linus' fork. They could adopt better policies that would make contributors happier, and Linus would quickly fade into irrelevancy.

Or could they?

The fact is that Linus is still in charge of the 800-pound gorilla that Linux has become for one simple reason: he does a great job. He makes good decisions, manages the process well, and generally keeps things moving along well enough that no one is really even tempted to seriously try to fork the kernel in a way that pushes Linus out of the picture.

What all of that means is that his opinions are more important than anyone else's because he has good opinions. Not that he's perfect (in fact I can name a number of things I strongly disagree with him on), but by and large, what he says on kernel-related topics is worth listening to on its own merit. And because he has final say on it.