4

Garrett: Responsible stewardship of the UEFI secure boot ecosystem

 1 year ago
source link: https://lwn.net/Articles/900886/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Garrett: Responsible stewardship of the UEFI secure boot ecosystem

[Posted July 12, 2022 by corbet]
Matthew Garrett grumbles about an apparent Microsoft policy change making it harder to boot Linux on some systems.
So, to have Microsoft, the self-appointed steward of the UEFI Secure Boot ecosystem, turn round and say that a bunch of binaries that have been reviewed through processes developed in negotiation with Microsoft, implementing technologies designed to make management of revocation easier for Microsoft, and incorporating fixes for vulnerabilities discovered by the developers of those binaries who notified Microsoft of these issues despite having no obligation to do so, and which have then been signed by Microsoft are now considered by Microsoft to be insecure is, uh, kind of impolite?
(Log in to post comments)

Color me shocked...

Posted Jul 12, 2022 15:27 UTC (Tue) by dskoll (subscriber, #1630) [Link]

Wasn't this always the MSFT end-game? I mean, who is really surprised by this?

Color me shocked...

Posted Jul 12, 2022 16:11 UTC (Tue) by ermo (subscriber, #86690) [Link]

> Wasn't this always the MSFT end-game? I mean, who is really surprised by this?

It's certainly possible.

It is, however, also possible that something happened behind the scenes internally at MSFT that the rest of us aren't (yet) privy to.

Hence, it might pay to hold fire until MSFT is given a chance to respond?

"Never ascribe to malice that which is adequately be explained by incompetence" as the saying goes.

Color me shocked...

Posted Jul 12, 2022 16:28 UTC (Tue) by khm (subscriber, #108825) [Link]

> It is, however, also possible that something happened behind the scenes internally at MSFT that the rest of us aren't (yet) privy to.

Does that matter? It's the same end result, the inevitable outcome of anyone engaging in good faith with a massive corporation is always betrayal, generally the moment it becomes possible. The Microsoft apologists knew it was a scorpion, and decided to cross the river with it. I'm not sure that the complicated internal politics of bad behavior are relevant to the resulting bad behavior, unless we're looking to make more excuses.

Color me shocked...

Posted Jul 12, 2022 16:37 UTC (Tue) by bpearlmutter (subscriber, #14693) [Link]

How about *not* holding fire, instead going ballistic about this issue, so MS will learn a valuable lesson and be more careful next time? You know, encourage them to develop internal mechanisms to avoid making this kind of screw-up in the future.

This makes sense regardless of whether or not it was accidental.

Color me shocked...

Posted Jul 12, 2022 16:54 UTC (Tue) by donbarry (guest, #10485) [Link]

The community is not served by extending the slightest trust to Microsoft or any other corporate entity in holding the keys for access to widely used hardware platforms.

The only solution is to demand a public trust hold these and administer them on behalf of computer users everywhere.

This is a time when Microsoft stands exposed (again) and such a demand can be raised and escalated. To defer endlessly to Microsoft is to once again lose the moment and either lose the battle now or set up one for a future loss -- nowhere is anything other than a perpetuation of the stalemate of the status quo ante a possibility without fighting for the control to be given up by Microsoft.

Color me shocked...

Posted Jul 12, 2022 16:18 UTC (Tue) by paulj (subscriber, #341) [Link]

Yep, this was always the end-game. And no doubt there were discussions here on LWN many years ago predicting this.

This is what you get when you dance with the (monopolistic) devil.

Color me shocked...

Posted Jul 12, 2022 16:59 UTC (Tue) by donbarry (guest, #10485) [Link]

General purpose computing is under attack. That the issue has raised its head again now reflects broader issues in the world, ones aimed against the right to run software of one's choice on one's hardware platform.

The usual boogymen are trotted out to justify this -- if one can run one's own OS and one's own preferred programs under it, why the terrorists, child pornographers, and drug lords win. Only a criminal or maladjusted type (clearly a future criminal in their thoughtcrime) would be conspiracy mongering against the great corporations and governments in their control of our computing platforms.

Garrett: Responsible stewardship of the UEFI secure boot ecosystem

Posted Jul 12, 2022 16:56 UTC (Tue) by mcon147 (subscriber, #56569) [Link]

I'm surprised that a regulatory body hasn't gotten involved. Seems like a big conflict of interest to have microsoft control this process

Garrett: Responsible stewardship of the UEFI secure boot ecosystem

Posted Jul 12, 2022 17:14 UTC (Tue) by neggles (subscriber, #153254) [Link]

I mean, Microsoft do have a point. The signed EFI shim binary being trusted by default makes Secure Boot almost entirely pointless.

Of course, turning it off doesn’t fix all the other "Secure" Boot issues and bypass methods, so it’s a bit lame and half-assed, but that goes for everything related to W11 in my opinion…


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK