On Thu, 2012-06-14 at 15:03 -0400, Jay Sulzberger wrote: > On Thu, 14 Jun 2012, Peter Jones <pjones@xxxxxxxxxx> wrote: > > > On 06/14/2012 01:56 PM, Jay Sulzberger wrote: > > > >> If Fedora appears to accept that Microsoft should have the > >> Hardware Root Key, our side's arguments, in several arenas, are > >> weakened. > > > > Okay, first off, quit hijacking fedora-devel-list for your unrelated DMCA > > stuff. It's entirely the wrong place for that. > > No. You intend to grant to Microsoft the power to impede > installation of Fedora. The DMCA can today be used to threaten > those who go around the impediment with jail time. This is, at minimum, arguable. It would require Secure Boot to meet the definition of a 'technological protection measure'. According to chillingeffects.org, these are defined as: a measure which "in the ordinary course of its operation, requires the application of information, or a process or a treatment, with the authority of the copyright owner, to gain access to the work." I don't immediately see how this can be held to apply to secure boot, as it is not intended as a copy protection measure and, as I understand it, is not necessarily or indeed often deployed by a copyright holder. Especially as the secure boot specification explicitly allows for the deployment of user keys, and the disabling (not circumvention) of secure boot. > > Aside from that, you've still got the facts wrong. What you call the > > "Hardware Root Key" the specification calls the "Platform Key" or "PK". PK > > serves a couple of functions - it is the ultimate arbiter of what can and > > can't add keys to the system, and it is the determining factor as to whether > > the Secure Boot feature is enabled. PK will probably not ever be Microsoft's > > key on any system. It'll be a unique to each hardware vendor, or possibly > > even unique to various business units within a hardware vendor, or anything > > else they happen to choose. It's completely their decision as to how they > > ship this, and nothing we can do will ever change that. > > The specification's words are carefully designed to mislead. As > pointed out, if Microsoft has the Hardware Root Key, then > "SecureBoot" is not a method of securely booting the hardware you > own. > > You agree that the key in question is the Hardware Root Key. You > just wrote: > > > [the PK] is the ultimate arbiter of what can and can't add keys > > to the system, and it is the determining factor as to whether > > the Secure Boot feature is enabled. > > > > The contents of PK are not and have not ever been the question in this > > thread. > > Yes, of course, who has the Hardware Root Key is the issue here. No, it isn't. You are fundamentally misunderstanding secure boot. Peter specifically stated that the "hardware root key" (as you call it; the platform key, as it is correctly called) is not the key that Microsoft will control. As Peter said, hardware manufacturers will control the hardware root key for their hardware. What Microsoft is pushing for (and requiring for compliance with its certification scheme) is that systems are shipped with Microsoft's signing key - not platform key. Microsoft do not require that Microsoft's be the _only_ signing key. Per their certification, it'd be perfectly fine to ship a system with Microsoft's key and 500 others. Signing keys are not a 'There Can Be Only One' proposition. It's therefore hard to argue that the setup is giving Microsoft any kind of exclusive control over anything. There is in theory nothing to stop any other organization from acting as a signing authority and persuading hardware vendors to install their signing key in addition to Microsoft's. The problems with this approach are discussed in mjg59's blog post. None of the problems with it is 'Microsoft don't want it to happen', because that isn't the case. > If there is no issue as to who has the Hardware Root Key, why do > you propose having Microsoft sign a Fedora key which allows for > more convenient installation of Fedora? Read the initial blog post. Because in practice, no-one else besides Microsoft actually wants to go to the considerable trouble and expense of acting as a signing authority. _In theory_ any number of bodies could do so. _In practice_, no-one has yet showed up with the will and ability to do so, and apparently (I am not privy to any private planning in this regard) Red Hat doesn't want to either act as one in itself or lead a consortium to do so. Given that only Microsoft has committed to being a signing authority, and we aren't going to do so ourselves (either 'we' as in Red Hat or 'we' as in Fedora), the choices for secure boot boil down to either 'don't support it' or 'get our code signed by Microsoft'. But it's hard to blame Microsoft, exactly, for no-one else wanting to be a signing authority. Microsoft have certainly not done anything to preclude the possibility of any other body acting as a signing authority and getting their keys on hardware. The only thing you can fairly 'blame' Microsoft for is using their influence to effectively enforce the default activation of Secure Boot with _indifference_ - but not active malice - to the effects on other operating systems. I think Microsoft would have had to have tried much harder to preclude other people from acting as signing authorities to justify a charge of active malice on their part. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
