dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
9

markofmayhem
Why not now?
Premium Member
join:2004-04-08
Pittsburgh, PA

markofmayhem to No_Strings

Premium Member

to No_Strings

Re: FSF Publishes Important Whitepaper on Secure Boot

said by No_Strings:

We have met the enemy, and he is us.

My point as well...

And I agree with you dave See Profile, the ARM issue is distressing. x86 does give us complete control over the keys installed. ARM is a mess without Secure Boot, requiring a virus to infect ourselves to gain elevated priveledges. While Secure Boot will not stop "rooting", it will slow the time from device sale to root available with less popular devices possibly not getting a root ("jailbreak" for iOS folks) at all.

Secure Boot isn't unbreakable, it has been hacked already. The major difference is it hasn't been broken remotely or through a worm/trojan; but a user executed attack has successfully given control to the keys. ARM will not be unbreakable, but will be an extra hurdle to gain control: just as it is today with no honorable or justified reason to continue tomorrow, well, unless you are these folks:

Dell
HP
Verizon
Sprint
AT&T
T-Mobile....

Linux deserves a PLATFORM key, intradistro politics is eating us. Where is the FSF or LF? Why are they not stepping up with a PK and KeK system for us all to use?

Microsoft was convinced, through market preasure, to join the OSS Virtual Machine eco system. Through the same preasure, they can be preasured to join a global OPEN PK/KeK system (lock them out of the server space and see them agree to a board hosted solution). Secure Boot can be brought to its intended goal: KNOW WHO developed the execution of pre-OS files with trust employed by the user. Finger wagging when creative typing was needed will defeat to default and Microsoft didn't even have to put forth effort for this victory.... blah, oh well. Maybe next time? Probably not, it is easier to hate the straw man than bail the field.

TuxRaiderPen2
Make America Great Again
join:2009-09-19

TuxRaiderPen2

Member

said by markofmayhem:
Secure Boot isn't unbreakable, it has been hacked already. The major difference is it hasn't been broken remotely or through a worm/trojan;
So whats the point of having it other than competition lockout? None!
said by markofmayhem:
Linux deserves a PLATFORM key, intradistro politics is eating us. Where is the FSF or LF? Why are they not stepping up with a PK and KeK system for us all to use?
And who is going to run this?

FSF, LF? You will have factions who will not agree to either running this.

Third party? Who? ?
said by markofmayhem:
Microsoft was convinced, through market preasure, to join the OSS Virtual Machine eco system. Through the same preasure, they can be preasured to join a global OPEN PK/KeK system (lock them out of the server space and see them agree to a board hosted solution).
What is going to "pressure" OEM/ODM's to do such a lockout? Yeah Dell is going to not sell equipment that will not run "server 'OS'" from ms. Yeah right... The exact tactic will be you want to sell computers with this "OS" then you will sell hardware able to run "server 'OS'."
said by markofmayhem:
Secure Boot can be brought to its intended goal
I don't think that means what you think it does! The intended goal of "Secure" Boot is LOCKOUT Linux! Period. Any one, ANY ONE, ANY ONE! who believes otherwise is just fooling them selves...Yes, when the idea for it came about... it probably was for what its stated name is, but is been corrupted along the birth canal to its current mess. Need further proof? Look no further than crapple who has used it to do EXACTLY this LOCKDOWN OS X to its hardware, at least try to. Its NOT about security, its about LOCK OUT OF COMPETITION. If crapple thinks they have the !@(*$!(!*) be all end all bees knees OS, then COMPETE with it!

And....

If its insecure already.... whats the point, security wise? OK.... so its not remotely attackable, yet... but for 99.9999% of the situations that problem is for ONE particular line "OS" which is so infectable it could probably catch a cold from a human!

The BIOS needs replaced... the sky is falling... BS!

UEFI offers:

Better GUI for the BIOS.. SO? Big whoop! Not needed! Its a BIOS, its not meant to be user friendly! You don't need to be in there mucking with things if you don't know what they are!

GPT disk support... ok how many systems are using this? HANDS UP! UP HIGH! ! Still searching! This can be added to current BIOS architecture. You can't tell me Award etc. can not do this.

Scripting - REALLY! What nucklehead thinks this a good idea in a BIOS!

Fine we need to improve the BIOS to handle new technology ... fine... but some of this is just crap not needed, and like many other things solutions looking for problems. Scripting in a BIOS, talk about a !$(!*()$!() security hole big enough for a battleship... GEEZ!

FF4m3
@bhn.net

FF4m3

Anon

said by TuxRaiderPen2:

The intended goal of "Secure" Boot is LOCKOUT Linux! Period. Any one, ANY ONE, ANY ONE! who believes otherwise is just fooling them selves...Yes, when the idea for it came about... it probably was for what its stated name is, but is been corrupted along the birth canal to its current mess.

+1
dave
Premium Member
join:2000-05-04
not in ohio

dave to TuxRaiderPen2

Premium Member

to TuxRaiderPen2

FSF, LF? You will have factions who will not agree to either running this.

It's hardly Intel and Microsoft's fault that the open-source advocates can't stop squabbling like children. Or perhaps that should be 'like politicians', since they're apparently more interested in consolidating their positions than helping those whose interests they claim to have at heart.

TuxRaiderPen2
Make America Great Again
join:2009-09-19

TuxRaiderPen2

Member

said by dave:
It's hardly Intel and Microsoft's fault that the open-source advocates can't stop squabbling like children. Or perhaps that should be 'like politicians', since they're apparently more interested in consolidating their positions than helping those whose interests they claim to have at heart.
I don't think any one with any stake in OS on equipment should be involved in this whole signing thing...

And absolutely not verisign they are more corrupt than the 2 players you mention, and the FSF and LF combined.

No I don't know who.....and no I don't need the "UN" involved in it or TubeGore. A respected, third party ... OK... time for more FlavorAde and meds, cause with that one I've obvisouly lost it.

BUT irregardless of who you get to be this "independent neutral third party" [glurp!] . . . what is going to FORCE/MANDATE/REQUIRE that "Linux KEY", "BSD KEY", "Solaris key", is going to be present? ? IN PLACE OR IN ADDITION to the lamer "OS" key? ANY OEM/ODM even thinking about including a key other than one particular "OS" key will be getting a visit from the ms thugs to 'splain it' how the new licensing works. The same old crap thats been going on for decades.
dave
Premium Member
join:2000-05-04
not in ohio

dave

Premium Member

I conclude you're against it because you are unable to solve the problem.

So, just turn off Secure Boot and you're done (at least on x86).

ANY OEM/ODM even thinking about including a key other than one particular "OS" key will be getting a visit from the ms thugs to 'splain it' how the new licensing works.

Oh, why didn't you say? You're a conspiracy nut.

So, just turn off Secure Boot and you're done (at least on x86).

TuxRaiderPen2
Make America Great Again
join:2009-09-19

TuxRaiderPen2

Member

said by dave:
I conclude you're against it because you are unable to solve the problem.
Secure Boot at this time is really only needed for one "OS."

Its solves nothing really, security wise.
said by dave:
So, just turn off Secure Boot and you're done (at least on x86).
First I plan to.
said by TuxRaiderPen2:

Any new hardware I get will be:

UEFI and Secure Boot - DISABLED
Legacy BIOS ENABLED
UEFI BIOS REPALCED with a NON UEFI and I will be actively sourcing motherboards with just that ability and BIOS(s).


If your reading comprehension had kicked in you would have read the above in a prior message.
said by dave:
Oh, why didn't you say? You're a conspiracy nut.
No. If you don't think ms is 'splain'ng' to OEM's on this, then YOUR the nut! Its about as bad if not worse than the whole payola in the record [music] business.

Any one who fails to get that xyz OEM is going to be heavily pressured and other tactics to be sure that NO KEY other than the "annointed and approved" key is in the BIOS.
said by dave:
So, just turn off Secure Boot and you're done (at least on x86).

Again, rereading prior post, will show:
said by TuxRaiderPen2:

Any new hardware I get will be:

UEFI and Secure Boot - DISABLED
Legacy BIOS ENABLED
UEFI BIOS REPALCED with a NON UEFI and I will be actively sourcing motherboards with just that ability and BIOS(s).
Plain and simple bolied down, UEFI, is just more whippersnappers who got bored and could not just leave well enough alone and find something more constructive to do in with their coding.

Its a BASIC INPUT/OUTPUT SYSTEM, it is NOT a !@$!&*&$!*(&$!*(@& *! GUI system... and you don't need no !*()@&$!()@*$!()* mouse to change things in the BIOS!

Scripting in a BIOS? For WHAT?! ! Security hole wider than a battelship!

What you need is a BASIC system to display the settings and allow changes. NOTHING MORE. So it don't have cute little stupid icons, or mouse movements, or touch screen, or explain what any of this does... aaahhhh poor little idolts can't handle it... waaahhhhaaa.. be lucky you don't have to bootstrap your PC's to start them! Been there, done it! I would have zero issue with going back to it, and maybe even dig out the punch tape, cards, and TTY's!

Want to add GPT support or better support for larger HD's, or other things, fine! Doesn't mean we need this mess!

I will say it again... when it started, Secure Boot, probably had good intentions and merit... at this point it does not!

Your missing the ball and the game... its over here! ! ! Ignore the man behind the curtain! And your little dog too!