EFI SecureBoot and Trusted Computing in Debian

To: modular-debian@freelists.org
Cc: debian-user@lists.debian.org
Subject: EFI SecureBoot and Trusted Computing in Debian
From: Marty <martyb@ix.netcom.com>
Date: Sat, 25 Oct 2014 16:04:21 -0400
Message-id: <[🔎] 544C0245.5040203@ix.netcom.com>

This is the best I could come up with so far. I have found my lance andmy rickety but pompous horse. Did anyone see where the windmills went?

(cc'd to -user)

---

What I call "the manifesto" [1] claims that UEFI SecureBoot is needed ina "post Snowden World." If Debian's "freedom of choice in init systems"resolution fails, what are the chances of getting enough volunteers tosustain multi-init support? The trap could spring. The exit door couldclose. The drones could finally march in lockstep.

If PID 1 is owned by a central Linux authority, is there any reason tothink the rest of the manifesto's ambitions will not be achieved?The authors provide the hook: a "unified solution" for "operatingsystems that manage themselves, that can update safely withoutadministrator involvement." No more worries about binary blobs oruntrusted users, but trustees who play by the rules might be allowed inthe Potemkin village to help spiffy things up.

I wonder if this is the logical conclusion of "push technology?" Showthe man your compute license before boarding, but if you missed yourlast payment or tampered with anything, that's why you got the killswitch. Don't forget to safely recycle your disposable device.

I don't see anything in it for Debian, which has its own crypto-signedarchives and distributed development, and I don't think the post Snowdenlesson is to trust centralized authority and put all your eggs in onebasket. But as a mere user, my opinion doesn't count for much. We cancry on each others shoulders in our private forums, but don't stand inthe way of progress or ask who's behind it all. If you make it past thecensors, you just might find yourself under house arrest. [2]

It's obvious that there is a compelling interest in trustworthy personalsurveillance devices, but it's not about the user's interest, nor theuser's trust. Where would I file the Debian bug to report that freedomhas been deprecated?


-----

[1]http://0pointer.net/blog/revisiting-how-we-put-together-linux-systems.html

[2]http://www.newsweek.com/assange-google-not-what-it-seems-279447?piano_d=1

Reply to:

Follow-Ups:
- Re: EFI SecureBoot and Trusted Computing in Debian
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: autologin; was Re: user authentication for a secure laptop.
Next by Date: Re: Who's locking down the code?
Previous by thread: Re: Who's locking down the code?
Next by thread: Re: EFI SecureBoot and Trusted Computing in Debian
Index(es):
- Date
- Thread