Re: [OT] Re: the ghost of UEFI and Micr0$0ft
* On 2012 05 Jun 14:06 -0500, Tom H wrote:
> But, if a distribution didn't react post-the-white-paper either on its
> own or in cooperation with Fedora and/or Ubuntu, then it has no right
> to complain now.
Even if Debian had been contacted, how does this mess fit into the DFSG
and Social Contract? Those basic principles guide the Debian project,
in case anyone has forgotten, and I don't see UEFI (seems not that
different from EULA, actually) fitting well into either principle.
> This is the position of the Linux Foundation [2] and this is the
> paper's conclusion:
>
> "The UEFI secure boot facility is designed to be readily usable by both
> proprietary and open operating systems to improve the security of the
> bootstrap process. Some observers have expressed concerns that secure
> boot could be used to exclude open systems from the market, but, as we
> have shown above, there is no need for things to be that way. If vendors
> ship their systems in the setup mode and provide a means to add new KEKs
> to the firmware, those systems will fully support open operating
> systems while maintaining compliance with the Windows 8 logo
> requirements. The establishment of an independent certificate authority
> for the creation of KEKs would make interoperation easier, but is not
> necessary for these platforms to support open systems."
It's nice that others can accept that "If" that begins the third
sentence of the above paragraph. If vendors have a choice between
assuring user freedom or satisfying MSFT's demands, they have shown time
and again fealty to their masters of Redmond, users be damned. I don't
suspect this will be any different. Lip service is easy. Show me the
code!
> Debian can live in a bubble by saying that it doesn't have a
> time-based schedule but the hardware manufacturers have a schedule,
> that of Microsoft's release of Win8. So a solution has to be planned
> and implemented before Win8 and Secure Boot boxes hit the market for
> those distributions that choose to give their users the choice to use
> Secure Boot. Debian might choose to tell its users "disable Secure
> Boot" as the second poster in this thread said, but we don't know what
> its choice is or what it's going to be.
>
> I suspect that at some point in the future not only will Secure Boot
> be extended to servers but it'll be a criterion to fulfill in order to
> pass a security audit. If a distribution doesn't get involved at the
> inception of the rules, it'll just have to live by the specs that have
> been developed and agreed to by others.
So, we get into this predicament by over two decades of MSFT's utter
refusal to take security seriously and now it's our duty to bend over
and grab the ankles when and how they say so? Let them rot in their
malware hell. It's about time someone in the tech industry took a stand
against MSFT. I did long ago.
This is not about "security" at all. This is about MSFT marginalizing
and eliminating a serious competitor. It's MSFT's DNA. Anyone who
cannot see right through this charade is daft.
- Nate >>
--
"The optimist proclaims that we live in the best of all
possible worlds. The pessimist fears this is true."
Ham radio, Linux, bikes, and more: http://www.n0nb.us
Reply to: