EFI SecureBoot and Trusted Computing in Debian
This is the best I could come up with so far. I have found my lance and
my rickety but pompous horse. Did anyone see where the windmills went?
(cc'd to -user)
---
What I call "the manifesto" [1] claims that UEFI SecureBoot is needed in
a "post Snowden World." If Debian's "freedom of choice in init systems"
resolution fails, what are the chances of getting enough volunteers to
sustain multi-init support? The trap could spring. The exit door could
close. The drones could finally march in lockstep.
If PID 1 is owned by a central Linux authority, is there any reason to
think the rest of the manifesto's ambitions will not be achieved?
The authors provide the hook: a "unified solution" for "operating
systems that manage themselves, that can update safely without
administrator involvement." No more worries about binary blobs or
untrusted users, but trustees who play by the rules might be allowed in
the Potemkin village to help spiffy things up.
I wonder if this is the logical conclusion of "push technology?" Show
the man your compute license before boarding, but if you missed your
last payment or tampered with anything, that's why you got the kill
switch. Don't forget to safely recycle your disposable device.
I don't see anything in it for Debian, which has its own crypto-signed
archives and distributed development, and I don't think the post Snowden
lesson is to trust centralized authority and put all your eggs in one
basket. But as a mere user, my opinion doesn't count for much. We can
cry on each others shoulders in our private forums, but don't stand in
the way of progress or ask who's behind it all. If you make it past the
censors, you just might find yourself under house arrest. [2]
It's obvious that there is a compelling interest in trustworthy personal
surveillance devices, but it's not about the user's interest, nor the
user's trust. Where would I file the Debian bug to report that freedom
has been deprecated?
-----
[1]
http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html
[2]
http://www.newsweek.com/assange-google-not-what-it-seems-279447?piano_d=1
Reply to: