[coreboot] Feedback On Coreboot: the Solution to the Secure Boot Fiasco
gary sheppard
rhyotte at gmail.com
Fri Jan 4 00:23:48 CET 2013
I very much wish people would listen to what Ron just said!
As for why they are lining up behind it? Personally I think they are afraid
to be seen as "reactionary" and against "progress". After all "everyone"
knows secureboot will make life in computing land *Perfect*! The way it has
been dressed up and loudly presented to World_+_Dog makes it seem as though
anyone against it is against "progress"!
Numerous security experts have already said it is anything but secure, and
it will never be secure. They have only said this quietly, and that "voice"
has been minimalized, while "PROGRESS" is shouted to the heavens. Hey, look
at android and how phone makers "lock" it down. Does it stay locked? No!
Come on people, put your heads out of... ;)
Gary
On Thu, Jan 3, 2013 at 10:40 AM, ron minnich <rminnich at gmail.com> wrote:
> OK, after further thought, here's my take.
>
> Two companies have defined a secure boot standard in such a way that
> they can closely control what boots on future systems using the one
> company's chips. This is a sea change from the original IBM PC design,
> which encouraged people to boot anything, and included the
> (copyrighted) BIOS listing on paper to further that end.
>
> The current state is that the software company is becoming the
> gatekeeper for what OS will run on systems built using the hardware
> company's chips. Their end goal is that the software company becomes
> the gatekeeper for what runs on almost *anything* -- not just x86.
> Don't believe me? Read about ARM systems and Windows 8.
>
> Vendors are now building systems based on this standard. People are
> seeing that the situation is not quite as blissful as the two
> companies have painted it -- that certain software will in fact be
> locked out for a number of reasons, that there can be unexplained
> delays in getting code signed, and that buggy EFI implementations may
> lock people out in unforeseen ways.
>
> The open source community's response has been to act in a way that
> strengthens this model. They're doing all they can to find a way to
> work inside these limits. Instead of pushing hard to use only hardware
> that's really open, and doing what they can to relegate this (shown to
> be insecure) "secure" boot to the dustbin of history, they're pushing
> as hard as they can to make it succeed.
>
> I find this quite perverse. There's lots of good hardware out there
> that is not built around this lockin, and yet the open source
> community is focusing lots of effort on making the lockin viable.
>
> The open source community has pushed back on defective standards like
> this before and won. Why they're rolling over now is a puzzling,
> especially given the existence of alternatives. Put another way, I
> think the secure boot standard needs the open source community more
> than the open source community needs the secure boot standard, but the
> open source community is not exploiting that fact. I guess part of it
> is that so much of the open source community is contained in big
> companies, but it's stil disappointing.
>
> ron
>
> --
> coreboot mailing list: coreboot at coreboot.org
> http://www.coreboot.org/mailman/listinfo/coreboot
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.coreboot.org/pipermail/coreboot/attachments/20130103/8292bc63/attachment.html>
More information about the coreboot
mailing list