[coreboot] BIOS/CoreBoot/UBOOT

Taiidan at gmx.com Taiidan at gmx.com
Fri Apr 13 03:06:47 CEST 2018 

On 04/12/2018 11:43 AM, Peter Stuge wrote:
> Taiidan at gmx.com wrote:
>>> 3.  Support for Secure Boot - would one approach be simpler than another?
>> SB was invented by MS for DRM, it serves no real security purpose IMO
> I'd like to ask you to reconsider that opinion.
>
It is a fact not an opinion.

SB was invented for DRM - to prevent people from using linux or god
forbid doing something that hollywood doesn't like.
"embrace, extend, extinguish"

Good things don't have to be forced on people, but the SB 2.0 specs have
quietly left out the owner control mandate after the attention has died
down.
> Secure Boot is mandated by Microsoft to provide Microsoft and
> Microsoft's customers (OEMs) security, and I think it's pretty
> effective.
>
> But Secure Boot is also related to the security of individual computers
> and computer users, because it enables Microsoft and OEMs to establish
> a controllable, reliable and thus trustable chain of software from reset
> to desktop.
So microsoft should control the whole computing ecosystem? They are an
obsolete relic that should not be permitted to strangle the competition
in the crib.
> Most people who buy computers are happy, because controlling the computer
> isn't as important as using the desktop
Why can't they simply provide people a choice? (ie: flip this switch to
disable code signing enforcement)

Freedom is too dangerous? Hackers could turn their computer in to a bomb
without secure boot?
> which I think is fine.
>
I am surprised someone here would think that, moreso you of all people.

There will not be another future steve jobs or bill gates game changer
decades from now just more mark zuckerberg's only allowed to make
useless web apps.

Even wealthy families won't think to purchase their children a developer
computer by default and when a kid sees a "you are not allowed to
install this" message he/she will simply give up and go on to something
else like be a lawyer instead of a computer engineer; although even that
developer model won't allow someone true access they will only be
allowed to create surface level programs not low level programs,
kernels, or firmware.

I believe one day even you the expert will not be allowed to run the
code you please at least not without buying a very expensive "developer
edition" laptop.

People think that phones were always a walled garden but I am old enough
to remember when programs were installed on a palm treo similarly to the
win32 model where you download a file from a website and double click
without requiring permission to install something on *your phone*.

Let us hope the leaders of the future do not share your complacency or
we are truly done for.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xDF372A17.asc
Type: application/pgp-keys
Size: 5247 bytes
Desc: not available
URL: <http://mail.coreboot.org/pipermail/coreboot/attachments/20180412/b0f1472c/attachment.skr>

More information about the coreboot mailing list