[coreboot] Feedback On Coreboot: the Solution to the Secure Boot Fiasco

David Hubbard david.c.hubbard+coreboot at gmail.com
Fri Jan 4 03:54:39 CET 2013

On Thu, Jan 3, 2013 at 4:23 PM, gary sheppard <rhyotte at gmail.com> wrote:

> I very much wish people would listen to what Ron just said!
> As for why they are lining up behind it? Personally I think they are
> afraid to be seen as "reactionary" and against "progress". After all
> "everyone" knows secureboot will make life in computing land *Perfect*! The
> way it has been dressed up and loudly presented to World_+_Dog makes it
> seem as though anyone against it is against "progress"!
> Numerous security experts have already said it is anything but secure, and
> it will never be secure. They have only said this quietly, and that "voice"
> has been minimalized, while "PROGRESS" is shouted to the heavens. Hey, look
> at android and  how phone makers "lock" it down. Does it stay locked? No!
> Come on people, put your heads out of...  ;)
> Gary

When the FSF has been right and "everyone in the open source community"
opposed them, they didn't back down. I put "everyone..." in quotes because
it hasn't always been the same community, but I do feel that the term open
source isn't used by the FSF for a good reason.

I'm not trying to attack people for talking about the open source community
-- rather, I believe the FSF was successful for example in establishing the
GPL as a popular license specifically because they had the right approach.
I think they did what Mahatma Gandhi did, which was to carefully evaluate
what response would *work* and then keep executing on that, basically
flawlessly, until it did work.

A counterexample would have been the Hurd kernel, because it apparently
wasn't executed right (again, not trying to pick on something) -- but if
the idea is sound, it could still be pulled off.

The FSF has taken lots of dings over the years for standing up for what
they believed, but they have still succeeded.

If Secure Boot is a bad idea (I believe it is) -- no need to attack
corporate-sponsored efforts to line up behind it. I personally use Gentoo
Linux which means my kernels are compiled right on my own box. Secure Boot
will never work for that (specifically, getting each kernel signed for each
user would never scale). Sure, I could use a shim but for me that's
equivalent to accepting defeat.

I suppose we could thank the corporate-sponsored bootloaders that will make
an easy path to boot and install linux during this period of uncertainty.
However, Ron, let me buy you a drink sometime: we need a better solution.
Coreboot could do that.

"Never give in. Never give in. Never, never, never, never—in nothing, great
or small, large or petty—never give in, except to convictions of honour and
good sense. Never yield to force. Never yield to the apparently
overwhelming might of the enemy."

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20130103/fb69bb40/attachment-0001.html>

More information about the coreboot mailing list