[coreboot] BIOS/CoreBoot/UBOOT
Duncan
dguthrie at posteo.net
Fri Apr 13 15:37:00 CEST 2018
Hello Taiidan,
Taiidan at gmx.com:
> On 04/12/2018 11:43 AM, Peter Stuge wrote:
>> Taiidan at gmx.com wrote:
>>>> 3. Support for Secure Boot - would one approach be simpler than another?
>>> SB was invented by MS for DRM, it serves no real security purpose IMO
>> I'd like to ask you to reconsider that opinion.
>>
> It is a fact not an opinion.
This is certainly an opinion. There are multiple reasons why Secure Boot
came about, some of which were bad; others were not bad - Microsoft has
improved the security of their operating system quite a lot since the
days of Windows XP. And in any case, it is better than before from the
perspective of an end user.
>
> SB was invented for DRM - to prevent people from using linux or god
> forbid doing something that hollywood doesn't like.
> "embrace, extend, extinguish"
>
> Good things don't have to be forced on people, but the SB 2.0 specs have
> quietly left out the owner control mandate after the attention has died
> down.
>> Secure Boot is mandated by Microsoft to provide Microsoft and
>> Microsoft's customers (OEMs) security, and I think it's pretty
>> effective.
>>
>> But Secure Boot is also related to the security of individual computers
>> and computer users, because it enables Microsoft and OEMs to establish
>> a controllable, reliable and thus trustable chain of software from reset
>> to desktop.
> So microsoft should control the whole computing ecosystem? They are an
> obsolete relic that should not be permitted to strangle the competition
> in the crib.
>> Most people who buy computers are happy, because controlling the computer
>> isn't as important as using the desktop
> Why can't they simply provide people a choice? (ie: flip this switch to
> disable code signing enforcement)
>
> Freedom is too dangerous? Hackers could turn their computer in to a bomb
> without secure boot?
>> which I think is fine.
>>
> I am surprised someone here would think that, moreso you of all people.
>
> There will not be another future steve jobs or bill gates game changer
> decades from now just more mark zuckerberg's only allowed to make
> useless web apps.
Are developers not allowed to produce web applications? This makes no
sense.
>
> Even wealthy families won't think to purchase their children a developer
> computer by default and when a kid sees a "you are not allowed to
> install this" message he/she will simply give up and go on to something
> else like be a lawyer instead of a computer engineer; although even that
> developer model won't allow someone true access they will only be
> allowed to create surface level programs not low level programs,
> kernels, or firmware.
>
> I believe one day even you the expert will not be allowed to run the
> code you please at least not without buying a very expensive "developer
> edition" laptop.
>
> People think that phones were always a walled garden but I am old enough
> to remember when programs were installed on a palm treo similarly to the
> win32 model where you download a file from a website and double click
> without requiring permission to install something on *your phone*.
>
It is still possible to side-load applications on mobile phones -
Android still gives users this option. So do smaller mobile operating
systems, even Windows 10 Mobile (not Apple, though, sadly). Palm OS was
wholly proprietary; Android at least has its base system as open source,
and Google make large contributions to open source projects. The
situation is somewhat better now, and there is a stronger open source
software library behind Android than there ever was behind Palm OS.
Yet it's also a distraction, as it wasn't your actual point. The meat of
your actual email seems to be as follows:
> Let us hope the leaders of the future do not share your complacency or
> we are truly done for.
>
This is perhaps somewhat eloquent. However, saying people on the list
are "complacent" strikes me as somewhat childish. I don't understand why
you said this - are we not allowed to disagree without attacking other
people's character? Yet I don't think this email is unique. I have seen
other examples on this list.
A good motto is, if you wouldn't say it to yourself without taking
offense, consider not saying it to others - when most people start to
follow this motto, we can have more civil discussion together.
All the best,
- Duncan
More information about the coreboot
mailing list