Linus Torvalds speaks out with a Secure Boot plan
The ongoing “Secure Boot” saga has already caused no end of controversy in the Linux community over the past eighteen months or so, but the vitriol that's been made apparent so far pales in comparison with that evident in a recent debate on the Linux kernel developer mailing list.
It all started last Thursday, when Red Hat developer David Howells submitted a request for changes to be made to Linux kernel 3.9 to extend Linux support for Secure Boot.
“Guys, this is not a d**k-sucking contest,” was the response from Linux creator Linus Torvalds. “If Red Hat wants to deep-throat Microsoft, that's *your* issue. That has nothing what-so-ever to do with the kernel I maintain.”
'Stop the fear mongering'
Fedora's solution to the Secure Boot problem—by which technology enabled in the Unified Extensible Firmware Interface (UEFI) on Windows 8 hardware requires an appropriate digital signature before an operating system is allowed to boot—has been to get its first stage boot loader, or “shim,” signed with a Microsoft key.
Though it did receive a nod of at least partial support from the Free Software Foundation, that solution has been controversial.
It was when it came to including modifications in the kernel itself, however, that Torvalds drew the line.
Responding to Red Hat developer Matthew Garrett's suggestion that Microsoft could otherwise choose to “blacklist” a distribution's bootloader, leaving the user unable to boot Linux, Torvalds wrote, “Stop the fear mongering already.
“Instead of pleasing Microsoft, try to see how we can add real security,” he added.
'Let the user be in control'
Torvalds' own plan calls for Linux distributions to sign their own modules by default, but nothing else.
Users should be asked for permission, meanwhile, before any third-party module is loaded, he wrote. “Not using keys,” he added. “Nothing like that. Keys will be compromised. Try to limit the damage, but more importantly, let the user be in control.”
Per-host random keys should be encouraged, Torvalds advised, even with the “stupid” UEFI checks disabled entirely if required. “They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card.”
'It shouldn't be about MS'
UEFI, in fact, is more about control than it is security, he added.
All in all, “it really shouldn't be about MS blessings, it should be about the *user* blessing kernel modules,” Torvalds concluded.
There's been plenty more discussion since Torvalds outlined his view, of course, including his own, more detailed implementation plan later that same day.
The bottom line, however, is that as long as Torvalds is in charge, Microsoft-signed Secure Boot keys won't be found in the heart of Linux itself.