Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Linus Torvalds Clarifies His Position on Signed Modules 208

An anonymous reader writes "No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs. But, how Linux should handle the fixes required to deal with this problem remains a hot-button issue. Now, as the debate continues hot and heavy, Linus Torvalds, Linux's founder and de facto leader, spells out how he thinks Linux should deal with Secure Boot keys." And it's not in the control of Microsoft: distros should sign only the modules they provide with their key, with user built modules signed by locally generated keys (since, as SSL certification authority break-ins have shown, centralized trust systems are prone to abuse and offer dubious security benefits). Basically, no love for proprietary kernel modules.
This discussion has been archived. No new comments can be posted.

Linus Torvalds Clarifies His Position on Signed Modules

Comments Filter:
  • People aren't scrambling to get Windows 8. Shall we chalk Windows 8 up to another Microsoft failure (much like Vista and ME)?
    • Re:Funny (Score:4, Insightful)

      by Dunbal ( 464142 ) * on Friday March 01, 2013 @09:49AM (#43044483)
      They're not adopting Windows 8 because on the whole, Windows 8 sucks or doesn't offer a compelling reason to upgrade. That does not mean that Microsoft will remove secure boot from future operating systems, since most of the drones have no idea at all what it means or what it does, and don't care. If their $500 computer stops working they say "it had a virus" and throw it away and buy another one.
  • by Anonymous Coward on Friday March 01, 2013 @09:36AM (#43044393)

    Could microsoft refuse to sign a uefi binary because it violated their patents? If so, this could be a way to get everyone using linux to pay them.

    • Microsoft can refuse to sign a UEFI binary for any reason they choose. Signing other people's binaries is an offer they are making voluntarily, not something anyone else is requiring them to do, therefore they set the terms.

  • by pla ( 258480 ) on Friday March 01, 2013 @09:44AM (#43044443) Journal
    Instead of screwing around with politics, I have a much better idea...

    Replace the kernel idle loop with a UEFI signing key cracker. Let it chow down on Microsoft's key.
    • Instead of screwing around with politics, I have a much better idea... Replace the kernel idle loop with a UEFI signing key cracker. Let it chow down on Microsoft's key.

      More promising option would be to just collect money and bribe someone inside MS to hand us the key.

    • by gweihir ( 88907 )

      I applaud your sentiment, but unfortunately, unless they have badly messed up (and I expect they got competent outside help for this to prevent messing up), cracking this key will not be feasible.

  • by DaMattster ( 977781 ) on Friday March 01, 2013 @09:49AM (#43044479)
    I think this entire issue needs to be looked at by the Attorney General and Federal Trade Commission. The SecureBoot UEFI is nothing more than a form of vendor lock-in, cleverly (or not so much) disguised as a security innovation. Please sign my petition and spread the word: http://wh.gov/wHLq [wh.gov]
    • by Anonymous Coward on Friday March 01, 2013 @10:11AM (#43044613)

      Judging by your petition, it sounds like you don't even understand what UEFI is. You just use the phrase "SecureBoot UEFI" repeatedly. Secure Boot is a option in UEFI, which is a replacement for BIOS. Microsoft also requires that vendors make this feature able to be disabled, and allow users to load other, non-Microsoft keys, so your claim that it makes it "difficult, if not impossible to run other OSes" is false. Your silly petition demonstrates a failure to understand the actual issue, and makes factually incorrect and exaggerated claims. You clearly don't understand what's going on.

  • Microsoft (Score:5, Insightful)

    by Anonymous Coward on Friday March 01, 2013 @09:53AM (#43044503)

    Microsoft = small, soft

    Their business model has outgrown the company name. They are big and hard. So big, that they can get by with some shit like this. Hard because their head is hard.

    Them getting with the hardware designers and creating this secure boot shit, just so it's harder for pirates to pirate a copy of windows8, is the same thing as GM getting with the folks that make roads, and have them install a switch that can disable ALL CARS if GM decides. GM can just state, "What if a GM car is stolen? How are we supposed to be expected to recover the losses?"

    So here is another car manufacturer saying that he's not willing to put the GM parts into his cars. That's all. Our world's problems are getting so stupid, that it's sorta hard to tell/believe what's going on.

    I think everyone should read the lyrics to "Wish You Were Here" by Pink Floyd. Or maybe another band should release a song called "I wish we weren't here". Again, hard to tell...

  • No one? (Score:4, Funny)

    by serviscope_minor ( 664417 ) on Friday March 01, 2013 @09:59AM (#43044545) Journal

    No one, but no one, in the Linux community likes Microsoft's mandated deployment of the Unified Extensible Firmware Interface (UEFI) Secure Boot option in Windows 8 certified PCs.

    I don't believe this. There's always one lunatic out there so in love witn Microsoft "technologies" that they'll love this. Miguel?

  • woohoo! (Score:5, Insightful)

    by Sloppy ( 14984 ) on Friday March 01, 2013 @10:15AM (#43044661) Homepage Journal

    Somebody gets it:

    encourage things like per-host random keys - with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead. Encourage people to do their own (random) keys, and adding those to their UEFI setups (or not: the whole UEFI thing is more about control than security)

    Imagine if someone invented a protocol like ssh, but then suggested that of course, nobody should be able to use it except in situations where a host's key is signed by one of the global CAs, like we do on the web except without the possibility of self-signing or for new CAs to enter the market.

    Nobody would call that "secure." They would call it a joke which goes out of its way to be less secure, by deliberately adding an untrustable link. And the fix to such a protocol would be obvious. Well, that's just what Linus did in the above paragraph: he told you how to turn SecureBoot from "just plain stupid" into "decent even if still mostly useless."

    • by EdZ ( 755139 )
      Well thank goodness that MS already mandates that you MUST be able to add your own keys to the Secure Boot key store on x86 machines. Not ARM, they're in line with everyone else on the phone/tablet lockdown game, but for any desktop machine or motherboard with a little 'Windows 8' badge on the box, the ability to self-sign your bootloader is a requirement.

      Windows 8 certification guidelines [microsoft.com], specifically System.Fundamentals.Firmware.UEFISecureBoot Para.17:

      Mandatory. On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: "Custom" and "Standard". Custom Mode allows for more flexibility as specified in the following: It shall be possible for a physically present user to use the Custom Mode firmware setup option to modify the contents of the Secure Boot signature databases and the PK. This may be implemented by simply providing the option to clear all Secure Boot databases (PK, KEK, db, dbx), which puts the system into setup mode.


      Mandatory. Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv.

      • by gweihir ( 88907 )

        I think that if they had left that out, a few billions in fines form the EU would have reminded them of it. They are just being careful, well knowing that it is beyond most users at this time to add their own keys.

        I will be very interested though what happens to their anti-competitive move on ARM though.

    • by gweihir ( 88907 )

      Indeed. You have it exactly right. Side note: SSH does support public X.509 certificates but nobody uses them as anybody competent enough to do that also sees that this does not help. SSH with private X.509 certificates is in use.

  • I was expecting the link to take me to a goatse image. Maybe the article is really just an euphemism.

  • Just change the Linux operating system license from GPLv2 to proprietary and thats it!
    And while doing it, just copyright all source code for Microsoft same time.

    Then justice would be served...

    (Yeah, just trolling as I don't have anything better to say).

  • Since, as SSL certification authority break-ins have shown, centralized trust systems are prone to abuse and offer dubious security benefits

    Since, as recent hospital deaths due to MRSA and medical errors have shown, centralized medicine offers dubious health benefits?

    Just because there have been failures doesn't make the system dubious at all. Even with all the failures accounted, SSL is a phenomenal success -- effectively protecting billions in eCommerce revenue, trillions of emails and untold other secret

    • The fact that any Joe can sit down and go to ${site} and be nearly certain that their communication is authenticated and encrypted without the need to understand anything is a remarkable feat of engineering.

      It would be if it actually existed. As is, Joe needs to understand that if his browser starts giving security warnings, someone's probably trying to steal his credit card info. Joe also needs to understand that SSL can't protect him if he visits sites through links (because they might direct him to amaz

    • by gweihir ( 88907 )

      The public X.509 PKI (what is used for SSL) is fundamentally broken. There are still a lot of people that do not get security and think otherwise, but those of higher competence in the IT security field have reached this consent a while ago. There is no-one with any credibility that disputes this. And it is not that the system has been broken in a surprising way that is unlike to happen again. The system has failed in the expected way and will fail time and again, because its architecture is fundamentally b

      • I'm 100% certain that my connection to Gmail is protected by SSL/TLS, so I think you have to troll harder than merely saying that it is "unsuitable for email protection".

  • Saying things like " If the user has explicitly enrolled a hash then they're stepping outside the trust model." indicates gross incompetence and fundamental non-understanding what security is. After all, all security must always reference back to the user as it is the user (and nobody else) that decides which OS/hardware/mechanism to trust in the first place. That initial security decision overrules all other considerations. If the user cannot be trusted, then all conceivable systems are broken from the sta

Testing can show the presense of bugs, but not their absence. -- Dijkstra