Tuesday, 12 June 2012

Linus Torvalds Opens Up On Fedora-Windows 8 UEFI Issue

The father of Linux does not even think that Microsoft’s spin on Windows 8 UEFI secure boot is going to help much in case of security.
Recently, Microsoft enabled all Windows 8 licenced software with secure boot, as default with Unified Extensible Firmware Interface (UEFI). But the only flip side to it is that it runs only on these systems and not on Linux or even Windows XP for that matter. However, Red Hat’s community distro, Fedora Linux, found a way out- that is by signing up with Microsoft, via Verisign to make own Windows 8 system compatible UEFI secure boot key. Well, most of the Linux enthusiasts hate to compromise, thus, the solution is receiving a lot of backlash. However, Linus Torvalds has a different viewpoint though: “I’m certainly not a huge UEFI fan, but at the same time I see why you might want to have signed bootup etc. And if it’s only $99 to get a key for Fedora, I don’t see what the huge deal is.”

Clarifying their stand on settling with Microsoft based UEFI solution, Matthew Garrett, a Red Hat developer says: “We explored the possibility of producing a Fedora key and encouraging hardware vendors to incorporate it, but turned it down for a couple of reasons. First, while we had a surprisingly positive response from the vendors, there was no realistic chance that we could get all of them to carry it. That would mean going back to the bad old days of scouring compatibility lists before buying hardware, and that’s fundamentally user-hostile. Secondly, it would put Fedora in a privileged position. As one of the larger distributions, we have more opportunity to talk to hardware manufacturers than most distributions do. Systems with a Fedora key would boot Fedora fine, but would they boot Mandriva? Arch? Mint? Mepis? Adopting a distribution-specific key and encouraging hardware companies to adopt it would have been hostile to other distributions. We want to compete on merit, not because we have better links to OEMs.”

Fedora claim to have explored other options too- “An alternative was producing some sort of overall Linux key. It turns out that this is also difficult, since it would mean finding an entity who was willing to take responsibility for managing signing or key distribution. That means having the ability to keep the root key absolutely secure and perform adequate validation of people asking for signing. That’s expensive. Like millions of dollars expensive. It would also take a lot of time to set up, and that’s not really time we had. And, finally, nobody was jumping at the opportunity to volunteer. So no generic Linux key.”

So ultimately what surfaced was Microsoft’s secure boot key signing services through their sysdev portal for one-time $99 fee. “The fee has been levied because it’s cheaper than any realistic alternative would have been. It ensures compatibility with as wide a range of hardware as possible and it avoids Fedora having any special privileges over other Linux distributions. If there are better options then we haven’t found them. So, in all probability, this is the approach we’ll take. Our first stage bootloader will be signed with a Microsoft key.”
Hard core developers felt cheated and badmouthed Fedora over getting into a deal with their enemy. Torvalds told ZDNet , “Yes, yes, the sky is falling, and I should be running around like a headless chicken in despair over signing keys. But as long as you can disable the key checking in order for kernel developers to be able to do their job, signed binaries really can be a (small) part of good security. I could see myself installing a key of my own in a machine that supports it.”

The father of Linux does not even think that Microsoft’s spin on Windows 8 UEFI secure boot is going to help much in case of security. “The real problem, I feel, is that clever hackers will bypass the whole key issue either by getting a key of their own (how many of those private keys have stayed really private again? Oh, that’s right, pretty much none of them) or they’ll just take advantage of security bugs in signed software to bypass it without a key at all.”

He concluded by saying: “Signing is a tool in the tool-box, but it’s not solving all the security problems, and while I think some people are a bit too concerned about it, it’s true that it can be mis-used.”

No comments:

Post a Comment