Microsoft wrote an article about how they weren't making it harder to install Linux which described, in detail, how they're making it harder to install Linux. Here's my response.
74 plus ones
Shared publicly•View activity
View 16 previous comments
- In fact, sorry to double post on this, but the whole idea is fundamentally flawed.
Instead of farting around with all this certificate fluff make the BIOS/EFI, mbr and boot loader area read-only unless you press the "red" button that says "do not press".
The only possible reason for wanting to introduce certificates, companies "working" together on it read: colluding, is to otherwise monetize or extract every red cent from the proposition.Sep 24, 2011
- If designed properly, malware could not fake the button.
Design it as a physical DPDT switch (like the RF kill switch on the side of my Dell laptop, which is similarly safe against malware).
With the switch in the safe position, one pole of the switch connects the key store write enable line to a suitable fixed signal level (either ground or Vcc as appropriate, the other pole connects a GPIO to ground.
With the switch in the "update keys" position, one pole connects the GPIO mentioned before to Vcc, the other pole connects the key store write enable to a second GPIO.
When the position indication GPIO is grounded, the UEFI refuses to enter key update mode. Malware could, in theory, fake this, and get UEFI into key update mode; it would then be unable to write to the key storage, as it cannot switch the write enable line to "enabled" - it's being held at "disabled" by the switch. A sophisticated version of this could detect the failure to write, and tell the user to go to the manufacturer for help (either the switch or key store has failed, or there is malware in the chain).
And the advantage of this over locking the MBR and boot loader against writes is obvious - if I have a bug anywhere in my boot loader that renders it insecure, I can fix it without training my users to bypass the security method. If I locked the MBR and boot loader, my users could be manipulated by malware into unlocking it in exactly the same way as I do for a genuine security update.Sep 24, 2011
- I still think it's unworkable, only time will tell.Sep 24, 2011
- What's so annoying about all this is that we play into their hands - by declaring it unworkable, we make it possible for those who'd take our computing freedoms away from us to say "they're just being recalcitrant - heck, maybe they're pro-malware".
By suggesting changes that meet their stated goals, knowing that they will not make these changes because it would stop them meeting their hidden agenda, we make it clear that they have a hidden agenda, and that they do not want to meet their stated goals unless they are also permitted to meet their hidden agenda. Oh, and it allows us to suggest that they are pro-malware...Sep 24, 2011
- Don't know, I am taking a very zero tolerance approach with this, more FSF than OSI. No no no no no! They're getting more and more desperate to strangle the competition, only delaying/bringing on the inevitable. The sooner the better AFAIAC. :)Sep 24, 2011
- I'm not saying that people shouldn't speak out; I personally have written to my local authorities pointing out the flaws in the scheme as suggested, complete with my tweaks that make it work for me.
I am saying that Microsoft have a convincing-sounding case for why this is the best way to stop malware. We need to make clear that they're hiding an anti-competitive weapon in there, and that they don't need to do so.
Put simply, if you say "this scheme bad!", the response is "malware also bad - why you not want malware problem solved?" If you say "this scheme needs user control of keys, otherwise anti-competition", Microsoft has a hard time explaining to a worried regulator just why they can't allow that.Sep 25, 2011