Re: [GIT PULL] Load keys from signed PE binaries

From: Theodore Ts'o
Date: Mon Feb 25 2013 - 22:49:48 EST


On Tue, Feb 26, 2013 at 03:28:39AM +0000, Matthew Garrett wrote:
> You're happy advising Linux vendors that they don't need to worry about
> module signing because it's "not obvious" that Microsoft would actually
> enforce the security model they've spent significant money developing
> and advertising?

My advice was to Linus and those who are willing to listen to me, not
to Red Hat. Red Hat has not generally been receptive to my advice in
the past; not that they have any obligation to listen to me, of
course. After all, I'm not on Red Hat's payroll. :-)

Speaking more generally, though, (a) revoking the Linux's key is not
zero-cost to Microsoft, (b) it's also not an instant death sentence to
Linux distributions. Users can always either disable secure boot
mode, or they can install another signing key. Yes, that is not the
best user experience, but it's something which is doable.

The other thing to consider is that it's not clear in the long run how
much of a lock Microsoft and Windows 8 will have hardware
manufacturers. There's already been people discussing how to install
Linux on the Chromebook Pixel. Other traditional PC manufacturers,
including HP and Lenovo, have started creating non-Windows-8 x86
systems using ChromeOS, which can easily have a stock Linux distro
installed on it, and they come at a variety of different price points.
(Heck, the recent ChromeOS boxes, such as Pixel, come with an open
source BIOS which you can reflash.)

Finally note that secure boot is not an issue on server platforms,
which is where most of the traditional Linux vendors have made their
money. And those who are making money with pre-installed Linux
systems (i.e., like Ubuntu, or Google with ChromeOS) for consumers are
generally doing so in cooperation with hardware OEM partners, where
there's no reason to kowtow to Microsoft's policies. So there really
isn't a good reason for Linux vendors to cower in fear of Microsoft.

Much of Microsoft power comes from people letting them have power over
them. You don't have to do it. Sometimes it's better to let them
carry through on their threat, and while it will be inconvenient, it
is highly likely they will also take damage from their taking action.
Consider what happened the last time the Republicans carried through
on their threat to shut down the US Federal Government. Sometimes
it's better to let the blackmailers carry through on their threat, and
then steps from there. Cowering in fear and paying Danegled rarely
gets rid of the Dane.

Regards,

- Ted

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/