[coreboot] BIOS/CoreBoot/UBOOT

Peter Stuge peter at stuge.se
Fri Apr 13 16:20:41 CEST 2018

Taiidan at gmx.com wrote:
> >>> 3.  Support for Secure Boot - would one approach be simpler than another?
> >> SB was invented by MS for DRM, it serves no real security purpose IMO
> >
> > I'd like to ask you to reconsider that opinion.
> It is a fact not an opinion.

You wrote "IMO", otherwise I probably wouldn't have tried to change
your opinion.

> SB was invented for DRM - to prevent people from using linux or god
> forbid doing something that hollywood doesn't like.
> "embrace, extend, extinguish"

I think you give non-Windows desktops far too much credit.

As for the content industry, I do have the impression that they are
super scared of losing their business model to a technologically
advanced society.

But I honestly don't see that as a big threat either. People will
continue to communicate and organize. The "community society" is
only just starting out. Youtube, reddit and Twitter are some of the
early tools. Influencers are already celebrities.

> Good things don't have to be forced on people, but the SB 2.0 specs have
> quietly left out the owner control mandate after the attention has died
> down.

I think you give the "attention" too much credit as well. I heard
(I've forgotten where, sorry) that MSFT tried to exclude the
possibility to disable Secure Boot right from the start.

They got their way for Windows RT Logo certification, but there was
too much pushback from OEMs for PC Windows Logo certification to do
it the first time around.

Remember that OEMs and most of all IBVs were super scared of UEFI
when it was being introduced, because they felt Intel's UEFI model
to be far too open, and that it would jeopardize their businesses.

> > But Secure Boot is also related to the security of individual computers
> > and computer users, because it enables Microsoft and OEMs to establish
> > a controllable, reliable and thus trustable chain of software from reset
> > to desktop.
> So microsoft should control the whole computing ecosystem?

Of course not. But Microsoft has always controlled the whole ecosystem
around Windows, and they will continue to. It just wasn't quite as obvious

The good news is that Microsoft Windows in many cases is, as you write,
an obsolete relic. :)

> should not be permitted to strangle the competition in the crib.

Mh - there's no competition to Windows. And the thing is, Microsoft
can continue to control the PC architecture, there will continue to
be others, and I think an important point is that for an organization
which considers replacing Windows having to replace some hardware
will only be a small bump in the road, not a blocker.

> > Most people who buy computers are happy, because controlling the computer
> > isn't as important as using the desktop
> Why can't they simply provide people a choice? (ie: flip this switch to
> disable code signing enforcement)

They could, but why should they? It is not in their interest, nor in
the interest of Windows machine OEMs.

> Freedom is too dangerous? Hackers could turn their computer in to a bomb
> without secure boot?

MSFT is a corporation, by law it must care only about profit.

> > which I think is fine.
> I am surprised someone here would think that, moreso you of all people.

Allow me to clarify.

It's fine that most people care more about using the desktop than
about controlling their computer.

By that I mean: Everyone can not be an expert at everything, and it's
important to have a diverse computing landscape with experts in many
fields of computing, from ISA over chip engineering to firmware and
the rest of the software stack, but it's *not* important that desktop
users are firmware experts.

It would be great for desktop users to question their firmware more,
and maybe that will happen, but computers are still very much magic.

It's fine that people begin to expect their computers to be reliable.
(This may be the best shift our society has seen wrt. IT in some time!)

It's fine that people buy technology which they feel allows them to do

It's fine that customers trust their suppliers. It's fine that
suppliers offer products controlled by them and not by customers,
based on the argument that this makes products more trustworthy.

It would be great if all customers reject that argument, but all will
not, only some will, and that's fine too.

It's *not* fine to pretend that a Windows machine is anything else,
in particular a Windows machine is *not* a general purpose computer.

That used to hold true, but that was way before the time of that Treo.

It's *not* fine to advertise a Windows machine as a general purpose computer.

Having an interest in controlling technology is quite rare. This
seems very unfortunate to me in a society built increasingly around
technology, but I don't think it is actually anything new.

Educating people about the pillars of society is very important, but
even then, technology is just one of several.

> There will not be another future steve jobs or bill gates game changer
> decades from now just more mark zuckerberg's only allowed to make
> useless web apps.

Steve Jobs is a good shout.

He managed to make technology such that even expert hackers have no
interest at all in controlling it. *That* is an amazing product.

> Even wealthy families won't think to purchase their children a developer
> computer by default and when a kid sees a "you are not allowed to
> install this" message he/she will simply give up and go on to something
> else like be a lawyer instead of a computer engineer; although even that
> developer model won't allow someone true access they will only be
> allowed to create surface level programs not low level programs,
> kernels, or firmware.

I tend to think that wealthy families in particular will continue to
consider technology primarily for entertainment value, and will look
down on computer engineering as a simple task - but it depends a lot
on how trends develop.

I think supplier vs. consumer control is anyway more a matter of
business law than of technology, so it's a good thing if curious
kids like that become lawyers!

Brief aside: Would you care for a ride in the self-driving car that I
just upgraded to git master?

I'm curious to see when Apple begins to offer an iLife subscription, to
which wealthy families will enrol their unborn infants, on one hand to
access the correct chat networks, on another hand to avoid their kids
from being bullied at school for having a cheap Android phone.

As more consumers buy more technology I think they will continue to
give away control over that technology, because really, most people
just want to call a plumber if there's a leak and have an insurance
to cover the neighbor's damages.

Even sophisticated technology such as cars work much the same way.

> I believe one day even you the expert will not be allowed to run the
> code you please at least not without buying a very expensive "developer
> edition" laptop.

There's a reason that I use an old Thinkpad for now. :) In a capitalist
society I think the greatest opportunity lies in turning your visions
into a business. Someone called it activism through entrepreneurship.

I fully support that no one offer should dominate the market. I think
the tendency to expect that any industry will do society favors for
free or even at cost is unlikely to succeed, especially when (at least
some) laws say the exact opposite. :)

> Let us hope the leaders of the future do not share your complacency or
> we are truly done for.

I was called worse names. Let's stay on the topic of how we fix the world. ;)

I think open machines are very important.

I don't think it's important to fight Microsoft and Intel over Windows
machines. That's a long lost cause.

Kind regards


More information about the coreboot mailing list