[coreboot] BIOS/CoreBoot/UBOOT

Duncan dguthrie at posteo.net
Fri Apr 13 15:37:00 CEST 2018

Hello Taiidan,

Taiidan at gmx.com:
> On 04/12/2018 11:43 AM, Peter Stuge wrote:
>> Taiidan at gmx.com wrote:
>>>> 3.  Support for Secure Boot - would one approach be simpler than another?
>>> SB was invented by MS for DRM, it serves no real security purpose IMO
>> I'd like to ask you to reconsider that opinion.
> It is a fact not an opinion.

This is certainly an opinion. There are multiple reasons why Secure Boot
came about, some of which were bad; others were not bad - Microsoft has
improved the security of their operating system quite a lot since the
days of Windows XP. And in any case, it is better than before from the
perspective of an end user.

> SB was invented for DRM - to prevent people from using linux or god
> forbid doing something that hollywood doesn't like.
> "embrace, extend, extinguish"
> Good things don't have to be forced on people, but the SB 2.0 specs have
> quietly left out the owner control mandate after the attention has died
> down.
>> Secure Boot is mandated by Microsoft to provide Microsoft and
>> Microsoft's customers (OEMs) security, and I think it's pretty
>> effective.
>> But Secure Boot is also related to the security of individual computers
>> and computer users, because it enables Microsoft and OEMs to establish
>> a controllable, reliable and thus trustable chain of software from reset
>> to desktop.
> So microsoft should control the whole computing ecosystem? They are an
> obsolete relic that should not be permitted to strangle the competition
> in the crib.
>> Most people who buy computers are happy, because controlling the computer
>> isn't as important as using the desktop
> Why can't they simply provide people a choice? (ie: flip this switch to
> disable code signing enforcement)
> Freedom is too dangerous? Hackers could turn their computer in to a bomb
> without secure boot?
>> which I think is fine.
> I am surprised someone here would think that, moreso you of all people.
> There will not be another future steve jobs or bill gates game changer
> decades from now just more mark zuckerberg's only allowed to make
> useless web apps.

Are developers not allowed to produce web applications? This makes no

> Even wealthy families won't think to purchase their children a developer
> computer by default and when a kid sees a "you are not allowed to
> install this" message he/she will simply give up and go on to something
> else like be a lawyer instead of a computer engineer; although even that
> developer model won't allow someone true access they will only be
> allowed to create surface level programs not low level programs,
> kernels, or firmware.
> I believe one day even you the expert will not be allowed to run the
> code you please at least not without buying a very expensive "developer
> edition" laptop.
> People think that phones were always a walled garden but I am old enough
> to remember when programs were installed on a palm treo similarly to the
> win32 model where you download a file from a website and double click
> without requiring permission to install something on *your phone*.

It is still possible to side-load applications on mobile phones -
Android still gives users this option. So do smaller mobile operating
systems, even Windows 10 Mobile (not Apple, though, sadly). Palm OS was
wholly proprietary; Android at least has its base system as open source,
and Google make large contributions to open source projects. The
situation is somewhat better now, and there is a stronger open source
software library behind Android than there ever was behind Palm OS.

Yet it's also a distraction, as it wasn't your actual point. The meat of
your actual email seems to be as follows:

> Let us hope the leaders of the future do not share your complacency or
> we are truly done for.

This is perhaps somewhat eloquent. However, saying people on the list
are "complacent" strikes me as somewhat childish. I don't understand why
you said this - are we not allowed to disagree without attacking other
people's character? Yet I don't think this email is unique. I have seen
other examples on this list.

A good motto is, if you wouldn't say it to yourself without taking
offense, consider not saying it to others - when most people start to
follow this motto, we can have more civil discussion together.

All the best,
- Duncan

More information about the coreboot mailing list