Re: Q: secure boot

[Russ Allbery <rra@debian.org>]

Holger Levsen <holger@layer-acht.org> writes:
> On Tue, Nov 06, 2018 at 10:08:10AM +0100, Bastian Blank wrote:
>> On Tue, Nov 06, 2018 at 01:09:50AM +0100, Adam Borowski wrote:

>>> But only the stock kernel, which turns it non-free software.

>> What is non-free?  Signing stuff does not change the freeness of the
>> software.

> it does introduce https://en.wikipedia.org/wiki/Tivoisation however.

I'm not sure how us signing our stuff does that.  The computer's firmware
may do this if it enforces secure boot and doesn't provide a way to turn
it off.  But only running signed software is a valid and sometimes
desirable security configuration, which our users may want to choose.

By default, apt will only install software signed by Debian's archive keys
and will refuse to install anything else.  We rightfully don't consider
that to be Tivoisation.  I feel like supporting secure boot is similar.

By this, I am not trying to defend hardware vendors who lock the owners
of the hardware out of installing software of their choice, only
contending that Debian signing its software doesn't create that problem.

One could argue that we should refuse to ever sign anything on the grounds
that it makes it possible to use Debian with hardware that requires
signatures, and we should be boycotting such hardware.  And indeed I
wouldn't be surprised to see an FSF distribution take such a stance.  But
I think that would be incompatible with our project choice to allow our
users to run Debian on non-free hardware and leave that choice up to the
user.  (I also don't think this would be useful from a tactical
standpoint; vendors making such locked-down hardware don't care whether
Debian runs on it.)

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>