Those of us who follow the Linux kernal dev mailing list have had a 'fun' week following a heated and occasionally expletive laced 'discussion' that erupted when software engineer Dave Howell (who is also an employee of RedHat) proposed allowing Microsoft-signed binary keys
to be inserted dynamically in the Linux kernal when running in secure boot mode. That would have been bad enough. But when Matt Garrett (creator of the UEFI shim we've all been reading about) chimed in in support of that request, that was the last straw. And something big enough to provoke a full scale explosion from none other than Linus Torvalds himself:
If you want to parse PE binaries, go right ahead.
If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain. It's trivial for you guys to have a signing machine that parses the PE binary, verifies the signatures, and signs the resulting keys with your own key. You already wrote the code, for chissake, it's in that f*cking pull request.
Why should *I* care? Why should the kernel care about some idiotic "we only sign PE binaries" stupidity? We support X.509, which is the standard for signing.
Do this in user land on a trusted machine. There is zero excuse for doing it in the kernel.
And it went on from there.
Some of the dust has settled a bit and Torvalds has clarified and expanded since then on what he sees as the core problem - and how Linux - as an OS - should go about dealing with it.
Rather than provide a pile of quotes and snippets, I was fortunately able to find a good write-up and summary courtesy of ZDNet's Steve Vaughan-Nichols. It gives a neat précis
of where Linus Torvalds is coming from, and (by default since it's his
baby) where the Linux kernal is going with this. Read it here
Here's part of what Linus had to say:
On Mon, Feb 25, 2013 at 7:48 PM, Matthew Garrett <[email protected]> wrote:
> Our users want to be able to boot Linux. If Microsoft blacklist a
> distribution's bootloader, that user isn't going to be able to boot
> Linux any more. How does that benefit our users?
Linus Torvalds responds to Matt Garrett's question above:
How does bringing up an unlikely and bogus scenario - and when people
call you on it, just double down on it - help users?
Stop the fear mongering already.
So here's what I would suggest, and it is based on REAL SECURITY and
on PUTTING THE USER FIRST instead of your continual "let's please
microsoft by doing idiotic crap" approach.
So instead of pleasing microsoft, try to see how we can add real security:
It really shouldn't be about Microsoft blessings, it should be about the *user* blessing kernel modules. Quite frankly, *you* are what the key-hating crazies were afraid of. You peddle the "control, not security" crap-ware. The whole "Microsoft owns your machine" is *exactly* the wrong way to use keys.
If you're the 'technical' sort of Linux user, be sure to check it out.