I very much wish people would listen to what Ron just said!
As for why they are lining up behind it? Personally I think they are afraid to be seen as "reactionary" and against "progress". After all "everyone" knows secureboot will make life in computing land *Perfect*! The way it has been dressed up and loudly presented to World_+_Dog makes it seem as though anyone against it is against "progress"!
Numerous security experts have already said it is anything but secure, and it will never be secure. They have only said this quietly, and that "voice" has been minimalized, while "PROGRESS" is shouted to the heavens. Hey, look at android and how phone makers "lock" it down. Does it stay locked? No! Come on people, put your heads out of... ;)
Gary
On Thu, Jan 3, 2013 at 10:40 AM, ron minnich rminnich@gmail.com wrote:
OK, after further thought, here's my take.
Two companies have defined a secure boot standard in such a way that they can closely control what boots on future systems using the one company's chips. This is a sea change from the original IBM PC design, which encouraged people to boot anything, and included the (copyrighted) BIOS listing on paper to further that end.
The current state is that the software company is becoming the gatekeeper for what OS will run on systems built using the hardware company's chips. Their end goal is that the software company becomes the gatekeeper for what runs on almost *anything* -- not just x86. Don't believe me? Read about ARM systems and Windows 8.
Vendors are now building systems based on this standard. People are seeing that the situation is not quite as blissful as the two companies have painted it -- that certain software will in fact be locked out for a number of reasons, that there can be unexplained delays in getting code signed, and that buggy EFI implementations may lock people out in unforeseen ways.
The open source community's response has been to act in a way that strengthens this model. They're doing all they can to find a way to work inside these limits. Instead of pushing hard to use only hardware that's really open, and doing what they can to relegate this (shown to be insecure) "secure" boot to the dustbin of history, they're pushing as hard as they can to make it succeed.
I find this quite perverse. There's lots of good hardware out there that is not built around this lockin, and yet the open source community is focusing lots of effort on making the lockin viable.
The open source community has pushed back on defective standards like this before and won. Why they're rolling over now is a puzzling, especially given the existence of alternatives. Put another way, I think the secure boot standard needs the open source community more than the open source community needs the secure boot standard, but the open source community is not exploiting that fact. I guess part of it is that so much of the open source community is contained in big companies, but it's stil disappointing.
ron
-- coreboot mailing list: coreboot@coreboot.org http://www.coreboot.org/mailman/listinfo/coreboot