The creator of systemd (Lennart Poettering) has recently created a new company dedicated to bringing hardware attestation to open source software.
What might this entail? A previous blog post could provide some clues:
So, let’s see how I would build a desktop OS. The trust chain matters, from the boot loader all the way to the apps. This means all code that is run must be cryptographically validated before it is run. This is in fact where big distributions currently fail pretty badly. This is a fault of current Linux distributions though, not of SecureBoot in general.
If this technology is successful, the end result could be that we would see our Linux laptops one day being as locked down as an Iphone or Android device.
There are lots of others who are equally concerned about this possibility: https://news.ycombinator.com/item?id=46784572
Sorry but this whole thing is just snake-oil.
You can verify and sign your whole trust chain down to the last shared library and it doesn’t matter when you don’t know what the binary blobs on your TPM / CPU / BIOS / NIC are doing.
The only guarantee to a secure system is openness an all of that signing won’t help you there.
Right, so because of your limited knowledge and understanding of what the actual needs of an entire industry are, it’s all snake oil. Cool.
Meanwhile I’d just love a way to box up a custom machine, use something what he’s building, ship it to site, and have it run without issue and have some piece of mind a competitor didn’t try to gank the data over USB, or bypass the identity of the motherboard that SHOULD have boot blocks in place, or maybe someone just rips the SSD right out of it and tries to boot it elsewhere.
Fuck the rest of ALL that and the practical needs of security experts and system builders because YOU are worried that it somehow magically it’s used for all kinds of other nefarious things.
Cool. Cool.
Yes, that’s correct, the last 5 years should have made clear to anybody that the “actual needs of an entire industry” and the needs of the people are diametrically opposed.
Again, nobody here complaining even read the damn article, and has no idea what they’re up in arms about.
I hope you’re so committed to this anger that you’re destroying your motherboard RIGHT NOW 🤣
better than reading the damn article, here are the weasily corporate words directly from mr daan the founder 🤣
First, yes, he’s correct in talking about the SOFTWARE side of that, so if your anger is with this dude, you better just outlaw software, because anyone can choose to NOT do these things. That’s the entire point of open source. Make stupid decisions, and you have zero following.
Second, let me finish his thought for you:
He’s very CLEARLY illustrating his intent to prevent the very thing you’re shitting your pants about. You’re literally inventing a scenario you’ve thought of yourself, and getting upset about it.
I bet you’re super fun to be around.
where is the prevention brother?
Uhhhh…it’s open. Didn’t know anyone needed precautionary blocks in place or permission.
What in the actual hell is happening in here. Who made you so fearful of everyone? Did somebody hurt you? WHO DID IT???
We know from systemd that these people are willing to use corporate resources to snuff out grassroots alternatives to grow their market share, and we know from the sorry state of boot chains on basically every device that isn’t x86 UEFI that corporations are salivating at the idea of implementing trusted computing at the expense of user freedoms, and we know know from the above quotes that the best assurance the founders of this companies have is “we just provide the tools, it’s up to the corporations to decide how to use it, teehee!” The only mystery here is people like you here who see all this and think “surely things will go different this time. these are good boys”.