Isn't it sci-fi-level incredible, and frankly both scary and shady, that every modern x86 CPU has this forced sub-ring-0 control program? And that the CPU vendors apparently go to extreme lengths in hiding its functionality? Why would even large vendors like Apple or Dell agree to this?
The 30-minute timeout is particularly mischievous. It's like they REALLY want to slow down any effort at patching out the ME.
Are we going to have to wait on an insider leak on what's the real deal here? Or have I completely missed out on a perfectly good excuse for what's going on?
NSA 100% . Some time around 10 years ago governments decided the internet was too "dangerous" to be free. Arab spring cemented that into their minds, and now a bastion of free thought has become the worlds biggest spying apparatus.
It's the kind of stuff the boring, slow-moving, TCG group were talking about long ago for improved DRM and security. Then they advertised their backdoors publicly as vPro while people here argued why Intel rand was trustworthy (lol). They sold that as management benefit for enterprises. Eventually those gradual changes got to the current point.
Although I recommend switching off x86, I don't buy the claim that we cant do another x86 without backdoors. For one, Intel or AMD might do a "semi-custom" design without one for a price. Second, Centaur has long been the 3rd player in x86 for low power stuff sold by VIA. They'd probably do a high-performance design if incentivized. Third, many x86 players showed up over time that simply failed in market or were acquired. Nothing stopping another unless there's a legal restriction Im unaware of.
While it would be great to liberate x86, more than 4 billion people in the world use mobile phones, and phones are beyond saving. x86 is in very healthy shape compared to the clusterfuck that is the smartphone industry. If you think that coreboot is a fringe project, you need to head over to replicant or neo900 to see what the fringe actually is.
Well, then you can go deeper and check out baseband firmware liberation project - OsmocomBB [1], since baseband firmware in a far worse shape than applications firmware (and TrustZone firmware) in smartphone industry.
... I confess I'm very frustrated reading about how trusted computing modules hurt the cause of FOSS but no alternatives to actually try and carry out cryptography to execute trusted code.
Inevitably the complaint is, "Well if they have physical access you're screwed anyways." And I just don't understand how anyone can maintain that farce when the last year has shown that it's a genuine challenge even for the US FBI to unlock a mobile device without the owners say-so and it's getting harder all the time.
If you truly believe that physical access is a trump of any security then you can never trust your hardware anyways, as it is exceptionaly hard to prove it conforms to a spec.
I'm not sure I understand your argument here, and I'd like to.
For physical access, I though the case was "If anyone has access to your device while unlocked, or locked but not disk-encrypted, consider it permanently compromised. If anyone has access to it while disk-encrypted, consider replacing it if you're very concerned." The 'permanently' bit is for unknown firmware compromise, and this position seems pretty sane.
But trusted computing modules are something else altogether. Even non-physical access can compromise them. There's some evidence that they can be compromised around a fully-encrypted disk. And checking whether they're compromised is effectively impossible.
Yes, it might be possible to execute trusted code around the module, if it never hits the machine in a vulnerable form. But that's slow, non-interactive, and virtually nonexistent at present. Right now, trusted computing modules do compromise machines are roughly Ring -3, with no real recourse.
> And I just don't understand how anyone can maintain that farce when the last year has shown that it's a genuine challenge even for the US FBI to unlock a mobile device without the owners say-so
Difficulty? Yes. But the FBI is not the NSA, they don't specialize in such attacks. It's like asking your plumber to do heart surgery. So they commissioned it to else who does, and boom, they had access.
Strong cryptographic security shouldn't have a pricetag any lower than "we feed all the hydrogen in the universe to black holes to harvest enough energy for the computations".
And phone security is orthogonal to baked-in firmware signing keys. The only change you need is allowing the user to add their own signing keys maybe with the caveat that all data in the protected keystore gets destroyed in the process. Then you have freedom and secure boot in one package.
The signing keys are the issue, not the ring -1 management code.
> If you truly believe that physical access is a trump of any security then you can never trust your hardware anyways, as it is exceptionaly hard to prove it conforms to a spec.
Here are some simple steps
1. compel a manufacturer to create a spy-firmware, signed with their signing key
2. get access to a device for a few minutes
3. patch firmware that exfiltrates the data once the device is unlocked by the user
4. return device to user / to where the user placed it
This is assuming strong encryption keys. If it is only protected by an unlock code your steps look like this.
1. acquire device
2. a) compel manufacturer to create a firmware that bypasses "delete on unlock failure" feature
b) unsolder chips, apply silver needles to flash controllers so you can
read/restore internal key storage whenever it gets wiped
3. enumerate all N-digit pass codes until it is unlocked
As you can see hardware security does not save you when the strong keys are on the device and the user only enters a weak key.
Similarly hardware security does not save you if a hostile entity got access to your hardware.
>including Secure Boot, which even now requires FOSS
users to purchase a license from Microsoft to boot FOSS on affected machines that lack an appropriate Secure Boot override."
Can someone explain this to me, would this be for instance be Lenovo laptops making a deal with Microsoft since Windows is the default OS installed on these laptops? Is Microsoft mandating all OEMs/hardware vendors to configure secure boot with a MS signing key? Even if I order a laptop with no OS installed?
The signature database (db) and forbidden signature database (dbx) contain a whitelist and blacklist respectivly of keys, signatures, and hashes that are trusted to run.
Updates to either of the above lists must be signed by a Key Exchange Key (KEK). Most implementations allow multiple Key Exchanges Keys.
Updates to the list of Key Exchange Keys must be signed by the Platform Key (PK). Most implementations only allow 1 PK, and that PK is Microsoft's.
This means that any binary run on a secure boot machine with Microsoft's PK has a chain of trust rooted at Microsoft.
It may be possible to update the PK before transitioning the system to secure mode; but most consumer devices ship already in secure mode. This is different from simply disabling secure boot, which would still not allow you to update PK (for obvious reasons).
EDIT: It appears that it is called "user mode" and "setup mode" instead of secure mode.
Also it seems that some systems allow you to re-enter setup mode from the "bios" [0].
On an unrelated note, what do we call the firmware provided settings app now that it is no longer part of the BIOS.
I tend to think the SecureBoot isn't really a grand conspiracy. You can't realistically expect end users to be in charge of keys. So MS does what's best for itself. The problem is with poor implementations by vendors that don't support self signing, and in some cases don't even support disabling secure boot.
This needs more attention. Particularly now that AMD may actually look into cooperating with the community on this matter somewhat. I wouldn't get my hopes up yet though, as this was a Reddit AMA done during a time when AMD is keen to please the community. This matter must not go away for something to be done about it.
Are there any projects out there that throw the baby out with the bathwater and just restart computing from the ground up with freedom as a foundation? I'd love to participate something like that and I think it'd be a great way to respark 80's like hacker movement.
This is currently the top-voted question with almost four thousand upvotes. AMD gave a noncommittal "we'll look into it" response, but now at least they're aware that a lot of people actually do care about things like this.
RISC-V comes to mind as an open and free instruction set. The step to an actual implemented-in-silicon processor is pretty big though, and for any such chip it's hard to verify that it really is as free as it's claimed to be. You can't diassemble your CPU (or perhaps you can, but for very few values of "you").
I'm trying to understand all of this and especially the threats to privacy, control of my computing hardware, and data security.
I read about some new hard/software for secure boot, etc., but don't recall all the details now.
So, for a shorter approach,
suppose I just buy a processor from AMD, a motherboard from ASUS, hard disk drives from Western Digital, etc., and plug it all together for myself. So, then I'm the manufacturer or OEM of my computer.
Q. 1. For what the OP is talking about,
where do I have threats to privacy, control of my machine and its data, and security?
Q. 2. To use the machine I plugged together, do I have to get some keys from Microsoft?
Q. 3. Suppose I install operating systems from Microsoft, e.g., Windows 7 64 bit Professional, Windows 10, Windows Server or the database SQL Server. Then do I have to get keys from Microsoft?
Q. 4. Will the support processor and its software, whatever they are called, on their own without my knowledge or approval use the Internet to send/receive data from/to my computer, modify the data on my hard disks, etc.?
Want complete software freedom? How about the MIPS chips the Russian military uses[1]? Those don't have an NSA back door. Sucks you can't really buy them as they are only made for use in Russian military and government applications.
"Last year, the Russian government announced that it doesn't want to rely on Intel and AMD chips from the U.S. anymore and will focus more on using homegrown chips from Russia."
Well, the actual CPU cores are designed by Imagination Technologies, which are based in UK. I would not be so sure that they are fully safe.
You can make an argument that it is still an improvement, because there are no obvious binary blobs required by the system. But in this case, I would recommend going for one of the many Chinese ARM cores -- at least you can buy them easily.
There are also the Elbrus processors which I believe are entirely designed in Russia, although some models are manufactured by TSMC (and some are manufactured in Russia).
The early models implemented a proprietary VLIW architecture with enterprise-y features (like hardware-tagged pointers, probably borrowed-ish from Itanium) with a dynamic binary translation layer for x86 compatibility on top, not sure if they still do that or perhaps the other way around now.
>Both serve effectively the same purpose; to ensure that the physical owner of the machine never has full control of said machine.
That is the end-result, yes, but that wasn't the purpose: the purpose was to allow companies to keep track of their laptops--to remotely push out firmware updates, to inventory the hardware/asset list, etc. It was a convenience feature, essentially.
Of course, the end-result, as stated, is that you've got a complete black-box second processor that can do whatever it wants, even when your device is off.
Nah, that wasn't the purpose unless Im misremembering. It came later as a selling point. It started in initiatives such as Trusted Computing Group where these companies agreed on technologies to control what runs on the PC for security and DRM purposes. Featured regular, secret meetings on top of the public ones.They took lots of flak when DRM goals got press attention. That they're just helping companies manage stuff or users fix computers sounds much more pleasant. They also made sure it was true by adding those features. ;)
>As Intel owns all rights to the x86 architecture, there will never be any new manufacturers licensed to make x86 chips ...
This strikes me as the root problem here. How can one company be granted a monopoly on what is basically an instruction set? Particularly in the case of the instruction set our civilization runs on?
Since I can't understand how something like this could happen I don't understand why any replacement architecture wouldn't end up being controlled by a single entity.
The legality of x86's ISA being copyrighted/patented aside, the x86 ISA isn't that attractive for any new endeavours. It's a very complex ISA which is incredibly difficult to decode. Internally, it is anyway converted to RISC style microops. So as a competitor, you don't really gain a whole lot by implementing the x86 ISA apart from the ability to run software without writing a new compiler. What's more important is the microarchitecture.
> These technologies, in turn, are used to implement various forms of remote control and Digital Rights Management
(DRM) technologies, including Secure Boot, which even now requires FOSS users to purchase a license from Microsoft to boot FOSS on affected machines that lack an appropriate Secure Boot override.
I dislike the mandatory use of these features as much as the next nerd, but this is inaccurate FUD. Secure Boot is a code in flash that checks the signature of whatever you try to boot against some rather complicated policy. It's regular code and would work more or less the same on any platform that runs machine code off of ROM or flash.
There's something that Intel calls, IIRC, "Verified Boot" that tries to prevent someone with an in-system programmer or desoldering skills from changing the flash, but that has nothing to do with the Management Engine either.
And FOSS users don't need to purchase any license from anyone. They can use a tool like Linux Foundation's PreLoader or Red Hat's shim (open source but awkward to modify because you need the signed binary to boot on a stock system) to boot anything they like. No negotiations, no license, no communication with MS at all.
> > These technologies, in turn, are used to implement various forms of remote control and Digital Rights Management (DRM) technologies, including Secure Boot, which even now requires FOSS users to purchase a license from Microsoft to boot FOSS on affected machines that lack an appropriate Secure Boot override.
> I dislike the mandatory use of these features as much as the next nerd, but this is inaccurate FUD. Secure Boot is a code in flash that checks the signature of whatever you try to boot against some rather complicated policy. It's regular code and would work more or less the same on any platform that runs machine code off of ROM or flash.
"Regular code" doesn't mean it's not proprietary, and doesn't mean that it's not concerning for free software users.
> And FOSS users don't need to purchase any license from anyone. They can use a tool like Linux Foundation's PreLoader or Red Hat's shim (open source but awkward to modify because you need the signed binary to boot on a stock system) to boot anything they like. No negotiations, no license, no communication with MS at all.
Those preloaders are signed by Microsoft. While it is a good hack for distributions at the moment, it doesn't mean that Microsoft is no longer in the loop. They still have an incredibly worrying amount of control over what can run on modern hardware.
> Major distributions have worked around this issue by purchasing a signing key from Microsoft for their binary packages, but the end user is unable to modify the signed software without a license from Microsoft, even though they have the source code available to them under the GPL.
Is this an accurate description of what is happening? (I don't pay much attention to desktop systems: I spend most of my time concentrating on the ever-worsening mobile arena.) Do these "major distributions" come with a recent version of bash? As someone who develops software under the GPLv3 license, I would not want my software being distributed to these machines via this hack :/.
> > Major distributions have worked around this issue by purchasing a signing key from Microsoft for their binary packages, but the end user is unable to modify the signed software without a license from Microsoft, even though they have the source code available to them under the GPL.
> Is this an accurate description of what is happening? (I don't pay much attention to desktop systems: I spend most of my time concentrating on the ever-worsening mobile arena.) Do these "major distributions" come with a recent version of bash? As someone who develops software under the GPLv3 license, I would not want my software being distributed to these machines via this hack :/.
It's not entirely accurate. Effectively what most modern distributions do is that they have a "shim" which is signed by Microsoft. That shim then enrols the distribution's own UEFI keys on the laptop. So their kernel is signed with both their own key and Microsoft's key. This means that you can modify your code without "permission" from Microsoft. openSUSE, Fedora and Debian all employ this tactic so that our distributions can boot on newer laptops.
Do I wish this wasn't necessary and that everything ran core boot? Yes. Is there a better way of handling this problem? Not as far as I know.
I don't think GPLv3 anti-DRM clauses would kick in here. They would if 1) someone was distributing a combination of a Secure Boot-only machine with your software installed on it, and 2) the loader (which is the only thing really validated by Secure Boot) would actually try to continue the chain of trust, and validate all the other bits, such that the user cannot run a modified version of your software.
I'm pretty sure that neither of those is the case, however. Once the system boots using the signed loader, it's really just Linux, and you're free to replace the kernel and any bit of userspace as usual.
Furthermore, I seriously doubt that anyone is selling machines with Linux preinstalled that have Secure Boot which cannot be turned off - simply because that would become known pretty fast, and even aside from licensing issues, would elicit a very hostile reaction from the community (and hence many potential buyers).
I'm not 100% sure that this is what's being referred to, but in Ubuntu for example, the initial bootloader is a program called "shim". Microsoft signed shim - so computers with secureboot will run it.
Shim contains keys from Canonical or someone (I'm not sure), and verifies that GRUB has been signed by Canonical before running it. Then when GRUB runs the kernel, it calls back into shim first to verify the kernel has also been signed (Actually that last step wasn't enabled yet last time I checked).
So basically, until Microsoft changes their keys, by signing shim they've given Canonical permission to sign things. But unless you disable secureboot, you can't run a custom kernel unless you convince Canonical or Microsoft to sign it.
Of course the government wants this capability to access anyone's system, so I assume nothing will be done. This has to be one of the worst things that has happened in the history of computing.
Major manufacturers -- like Intel, AMD or ARM -- have spent years upons years developing methodologies, technologies, micro-architectural optimizations, and testing+development+evaluation infrastructure. This is the key for understanding how to navigate and ensure good performance across the many different trade-off and optimization domains in performant-processor design.
This is not easy to acquire or build. Some is wisdom from decades of design and iteration. Some is hundreds of thousands of engineering hours. Some is big money.
RISC V is a new open source project. Who knows how close they will ever get.
I suppose it's true for currently available chips that implement the RISC-V ISA.
Nothing says the ISA itself is a barrier to performance on par with popular existing processors though. The RISC-V BOOM implementation is supposed to be close to an ARM Cortex A9 in performance.
> Secure Boot, which even now requires FOSS users to purchase a license from Microsoft to boot FOSS on affected machines that lack an appropriate Secure Boot override.
I recently installed rEFInd from source by using a self-singed certificate (signed the binary using it and enrolled the key into the EFI using mokutil) and it worked. I certainly didn't have to pay MS. I do know that rEFInd provides a key of their own (using the distro's shim) that obviously has trust rooted at MS.
[+] [-] 0x0|9 years ago|reply
The 30-minute timeout is particularly mischievous. It's like they REALLY want to slow down any effort at patching out the ME.
Are we going to have to wait on an insider leak on what's the real deal here? Or have I completely missed out on a perfectly good excuse for what's going on?
[+] [-] throwawaysed|9 years ago|reply
[+] [-] carapace|9 years ago|reply
https://en.wikipedia.org/wiki/Rainbows_End
(see also https://en.wikipedia.org/wiki/Trusted_computing_base)
[+] [-] nickpsecurity|9 years ago|reply
Although I recommend switching off x86, I don't buy the claim that we cant do another x86 without backdoors. For one, Intel or AMD might do a "semi-custom" design without one for a price. Second, Centaur has long been the 3rd player in x86 for low power stuff sold by VIA. They'd probably do a high-performance design if incentivized. Third, many x86 players showed up over time that simply failed in market or were acquired. Nothing stopping another unless there's a legal restriction Im unaware of.
[+] [-] partycoder|9 years ago|reply
There is also microcode, and many patches are issued through microcode.
[+] [-] jjawssd|9 years ago|reply
[+] [-] cure|9 years ago|reply
https://www.fsf.org/blogs/community/active-management-techno...
[+] [-] j_s|9 years ago|reply
Canonical presentation: REcon 2014 - Intel Management Engine Secrets (Igor Skochinsky) https://www.youtube.com/watch?v=4kCICUPc9_8
Decoding ME firmware in BIOS updates until Skylake (2015): http://io.netgarage.org/me/
[+] [-] bubblethink|9 years ago|reply
[+] [-] xvilka|9 years ago|reply
[1] https://osmocom.org/projects/baseband
[+] [-] hinkley|9 years ago|reply
[+] [-] KirinDave|9 years ago|reply
Inevitably the complaint is, "Well if they have physical access you're screwed anyways." And I just don't understand how anyone can maintain that farce when the last year has shown that it's a genuine challenge even for the US FBI to unlock a mobile device without the owners say-so and it's getting harder all the time.
If you truly believe that physical access is a trump of any security then you can never trust your hardware anyways, as it is exceptionaly hard to prove it conforms to a spec.
[+] [-] Bartweiss|9 years ago|reply
For physical access, I though the case was "If anyone has access to your device while unlocked, or locked but not disk-encrypted, consider it permanently compromised. If anyone has access to it while disk-encrypted, consider replacing it if you're very concerned." The 'permanently' bit is for unknown firmware compromise, and this position seems pretty sane.
But trusted computing modules are something else altogether. Even non-physical access can compromise them. There's some evidence that they can be compromised around a fully-encrypted disk. And checking whether they're compromised is effectively impossible.
Yes, it might be possible to execute trusted code around the module, if it never hits the machine in a vulnerable form. But that's slow, non-interactive, and virtually nonexistent at present. Right now, trusted computing modules do compromise machines are roughly Ring -3, with no real recourse.
[+] [-] Spooky23|9 years ago|reply
[+] [-] the8472|9 years ago|reply
Difficulty? Yes. But the FBI is not the NSA, they don't specialize in such attacks. It's like asking your plumber to do heart surgery. So they commissioned it to else who does, and boom, they had access.
Strong cryptographic security shouldn't have a pricetag any lower than "we feed all the hydrogen in the universe to black holes to harvest enough energy for the computations".
And phone security is orthogonal to baked-in firmware signing keys. The only change you need is allowing the user to add their own signing keys maybe with the caveat that all data in the protected keystore gets destroyed in the process. Then you have freedom and secure boot in one package. The signing keys are the issue, not the ring -1 management code.
> If you truly believe that physical access is a trump of any security then you can never trust your hardware anyways, as it is exceptionaly hard to prove it conforms to a spec.
Here are some simple steps
This is assuming strong encryption keys. If it is only protected by an unlock code your steps look like this. As you can see hardware security does not save you when the strong keys are on the device and the user only enters a weak key. Similarly hardware security does not save you if a hostile entity got access to your hardware.[+] [-] bogomipz|9 years ago|reply
>including Secure Boot, which even now requires FOSS users to purchase a license from Microsoft to boot FOSS on affected machines that lack an appropriate Secure Boot override."
Can someone explain this to me, would this be for instance be Lenovo laptops making a deal with Microsoft since Windows is the default OS installed on these laptops? Is Microsoft mandating all OEMs/hardware vendors to configure secure boot with a MS signing key? Even if I order a laptop with no OS installed?
[+] [-] gizmo686|9 years ago|reply
The signature database (db) and forbidden signature database (dbx) contain a whitelist and blacklist respectivly of keys, signatures, and hashes that are trusted to run.
Updates to either of the above lists must be signed by a Key Exchange Key (KEK). Most implementations allow multiple Key Exchanges Keys.
Updates to the list of Key Exchange Keys must be signed by the Platform Key (PK). Most implementations only allow 1 PK, and that PK is Microsoft's.
This means that any binary run on a secure boot machine with Microsoft's PK has a chain of trust rooted at Microsoft.
It may be possible to update the PK before transitioning the system to secure mode; but most consumer devices ship already in secure mode. This is different from simply disabling secure boot, which would still not allow you to update PK (for obvious reasons).
EDIT: It appears that it is called "user mode" and "setup mode" instead of secure mode.
Also it seems that some systems allow you to re-enter setup mode from the "bios" [0].
On an unrelated note, what do we call the firmware provided settings app now that it is no longer part of the BIOS.
[0] https://wiki.gentoo.org/wiki/Sakaki%27s_EFI_Install_Guide/Co...
[+] [-] bubblethink|9 years ago|reply
[+] [-] wmf|9 years ago|reply
Basically yes; it's required to get the Windows sticker. I haven't heard that MS charges money to sign bootloaders, though.
[+] [-] pjc50|9 years ago|reply
This isn't actually true, is it?
[+] [-] throwaway77384|9 years ago|reply
[+] [-] jasonkostempski|9 years ago|reply
[+] [-] elihu|9 years ago|reply
https://www.reddit.com/r/Amd/comments/5x4hxu/we_are_amd_crea...
This is currently the top-voted question with almost four thousand upvotes. AMD gave a noncommittal "we'll look into it" response, but now at least they're aware that a lot of people actually do care about things like this.
[+] [-] unwind|9 years ago|reply
[+] [-] graycat|9 years ago|reply
I read about some new hard/software for secure boot, etc., but don't recall all the details now.
So, for a shorter approach, suppose I just buy a processor from AMD, a motherboard from ASUS, hard disk drives from Western Digital, etc., and plug it all together for myself. So, then I'm the manufacturer or OEM of my computer.
Q. 1. For what the OP is talking about, where do I have threats to privacy, control of my machine and its data, and security?
Q. 2. To use the machine I plugged together, do I have to get some keys from Microsoft?
Q. 3. Suppose I install operating systems from Microsoft, e.g., Windows 7 64 bit Professional, Windows 10, Windows Server or the database SQL Server. Then do I have to get keys from Microsoft?
Q. 4. Will the support processor and its software, whatever they are called, on their own without my knowledge or approval use the Internet to send/receive data from/to my computer, modify the data on my hard disks, etc.?
Thanks.
[+] [-] narrator|9 years ago|reply
"Last year, the Russian government announced that it doesn't want to rely on Intel and AMD chips from the U.S. anymore and will focus more on using homegrown chips from Russia."
[1] http://www.tomshardware.com/news/baikal-t1-mips-cpu-omnishie...
[+] [-] theamk|9 years ago|reply
You can make an argument that it is still an improvement, because there are no obvious binary blobs required by the system. But in this case, I would recommend going for one of the many Chinese ARM cores -- at least you can buy them easily.
[+] [-] throwawayish|9 years ago|reply
The early models implemented a proprietary VLIW architecture with enterprise-y features (like hardware-tagged pointers, probably borrowed-ish from Itanium) with a dynamic binary translation layer for x86 compatibility on top, not sure if they still do that or perhaps the other way around now.
[+] [-] memmcgee|9 years ago|reply
[+] [-] AdmiralAsshat|9 years ago|reply
That is the end-result, yes, but that wasn't the purpose: the purpose was to allow companies to keep track of their laptops--to remotely push out firmware updates, to inventory the hardware/asset list, etc. It was a convenience feature, essentially.
Of course, the end-result, as stated, is that you've got a complete black-box second processor that can do whatever it wants, even when your device is off.
[+] [-] nickpsecurity|9 years ago|reply
[+] [-] upofadown|9 years ago|reply
This strikes me as the root problem here. How can one company be granted a monopoly on what is basically an instruction set? Particularly in the case of the instruction set our civilization runs on?
Since I can't understand how something like this could happen I don't understand why any replacement architecture wouldn't end up being controlled by a single entity.
[+] [-] bubblethink|9 years ago|reply
[+] [-] TazeTSchnitzel|9 years ago|reply
[+] [-] amluto|9 years ago|reply
I dislike the mandatory use of these features as much as the next nerd, but this is inaccurate FUD. Secure Boot is a code in flash that checks the signature of whatever you try to boot against some rather complicated policy. It's regular code and would work more or less the same on any platform that runs machine code off of ROM or flash.
There's something that Intel calls, IIRC, "Verified Boot" that tries to prevent someone with an in-system programmer or desoldering skills from changing the flash, but that has nothing to do with the Management Engine either.
And FOSS users don't need to purchase any license from anyone. They can use a tool like Linux Foundation's PreLoader or Red Hat's shim (open source but awkward to modify because you need the signed binary to boot on a stock system) to boot anything they like. No negotiations, no license, no communication with MS at all.
[+] [-] cyphar|9 years ago|reply
> I dislike the mandatory use of these features as much as the next nerd, but this is inaccurate FUD. Secure Boot is a code in flash that checks the signature of whatever you try to boot against some rather complicated policy. It's regular code and would work more or less the same on any platform that runs machine code off of ROM or flash.
"Regular code" doesn't mean it's not proprietary, and doesn't mean that it's not concerning for free software users.
> And FOSS users don't need to purchase any license from anyone. They can use a tool like Linux Foundation's PreLoader or Red Hat's shim (open source but awkward to modify because you need the signed binary to boot on a stock system) to boot anything they like. No negotiations, no license, no communication with MS at all.
Those preloaders are signed by Microsoft. While it is a good hack for distributions at the moment, it doesn't mean that Microsoft is no longer in the loop. They still have an incredibly worrying amount of control over what can run on modern hardware.
[+] [-] __jal|9 years ago|reply
I have yet to hear any explanation of the IME that makes sense without the presence user-hostile intent.
[+] [-] etiam|9 years ago|reply
https://news.ycombinator.com/item?id=13056997
https://news.ycombinator.com/item?id=13416378
[+] [-] saurik|9 years ago|reply
Is this an accurate description of what is happening? (I don't pay much attention to desktop systems: I spend most of my time concentrating on the ever-worsening mobile arena.) Do these "major distributions" come with a recent version of bash? As someone who develops software under the GPLv3 license, I would not want my software being distributed to these machines via this hack :/.
[+] [-] cyphar|9 years ago|reply
> Is this an accurate description of what is happening? (I don't pay much attention to desktop systems: I spend most of my time concentrating on the ever-worsening mobile arena.) Do these "major distributions" come with a recent version of bash? As someone who develops software under the GPLv3 license, I would not want my software being distributed to these machines via this hack :/.
It's not entirely accurate. Effectively what most modern distributions do is that they have a "shim" which is signed by Microsoft. That shim then enrols the distribution's own UEFI keys on the laptop. So their kernel is signed with both their own key and Microsoft's key. This means that you can modify your code without "permission" from Microsoft. openSUSE, Fedora and Debian all employ this tactic so that our distributions can boot on newer laptops.
Do I wish this wasn't necessary and that everything ran core boot? Yes. Is there a better way of handling this problem? Not as far as I know.
[+] [-] int_19h|9 years ago|reply
I'm pretty sure that neither of those is the case, however. Once the system boots using the signed loader, it's really just Linux, and you're free to replace the kernel and any bit of userspace as usual.
Furthermore, I seriously doubt that anyone is selling machines with Linux preinstalled that have Secure Boot which cannot be turned off - simply because that would become known pretty fast, and even aside from licensing issues, would elicit a very hostile reaction from the community (and hence many potential buyers).
[+] [-] doubleunplussed|9 years ago|reply
Shim contains keys from Canonical or someone (I'm not sure), and verifies that GRUB has been signed by Canonical before running it. Then when GRUB runs the kernel, it calls back into shim first to verify the kernel has also been signed (Actually that last step wasn't enabled yet last time I checked).
So basically, until Microsoft changes their keys, by signing shim they've given Canonical permission to sign things. But unless you disable secureboot, you can't run a custom kernel unless you convince Canonical or Microsoft to sign it.
[+] [-] getpost|9 years ago|reply
Of course the government wants this capability to access anyone's system, so I assume nothing will be done. This has to be one of the worst things that has happened in the history of computing.
EDIT: Handy for CBP use, I imagine.
[+] [-] bubblethink|9 years ago|reply
[+] [-] bogomipz|9 years ago|reply
>"While this architecture is extremely limited in performance, price"
Can anyone say thy the performance of RISCV is so lacking?
[+] [-] DSingularity|9 years ago|reply
This is not easy to acquire or build. Some is wisdom from decades of design and iteration. Some is hundreds of thousands of engineering hours. Some is big money.
RISC V is a new open source project. Who knows how close they will ever get.
[+] [-] tyingq|9 years ago|reply
Nothing says the ISA itself is a barrier to performance on par with popular existing processors though. The RISC-V BOOM implementation is supposed to be close to an ARM Cortex A9 in performance.
[+] [-] hashhar|9 years ago|reply
> Secure Boot, which even now requires FOSS users to purchase a license from Microsoft to boot FOSS on affected machines that lack an appropriate Secure Boot override.
I recently installed rEFInd from source by using a self-singed certificate (signed the binary using it and enrolled the key into the EFI using mokutil) and it worked. I certainly didn't have to pay MS. I do know that rEFInd provides a key of their own (using the distro's shim) that obviously has trust rooted at MS.
[+] [-] unknown|9 years ago|reply
[deleted]
[+] [-] cathartes|9 years ago|reply