Ubuntu 16.04 Secure Boot Policy

Wed Jul 13 23:05:32 UTC 2016

Ralf Mardorf schreef op 05-07-2016 10:15:

> You and I are advanced users and using secure boot at least is
> uncomfortable for us, we don't know, if it could cause an issue at a 
> bad
> timing. It might expand security, but for my computer usage I didn't
> experience security issues in more than 10 years Linux usage, most of
> the times even without AppArmor, firewalls and similar.

I agree with your sentiment Ralf, this is sane.

Trying to solve hypothetical problems and getting yourself in trouble 
because of it, is not the best of ideas.

We now must consider a threat that has never surfaced before, treating 
it as something relevant and vile, and then paying a hefty price to deal 
with a problem that doesn't exist.

"The mere apprehension of a coming evil has put many into a situation of 
the utmost danger".

Let's solve real problems. The existence of secure boot is a real 
problem ;-).

Not what it was trying to solve. Anyway, my ideas.

The only reason secure boot really exists is for hardware and software 
vendors to have more control over your computer in the fight against 
piracy and user freedom that costs them money.

Secure boot is no different than HDCP, even if I don't know much about 
it. Same vein, same idea.

Great that you can sign your own certificates and import them using a 
boot environment. However the reality is that it prevents people from 
tinkering with their own machines, much like HDCP prevents people from 
recording the shows they watch and exporting it to other devices.

The reason people design such solutions (in Linux) is not because they 
think it is such a great idea. It's because they heard it's such a great 
idea. That's a different thing. Definitely not all people do what they 
believe in themselves, and just because some developer does something 
does not warrant that it was for good reasons.

"Someone created it, so it must have been for a good reason." That 
doesn't follow, much like people wanting to uncreate it /CAN'T be for 
good reasons/ -- that also doesn't follow.

You really (in general, anyone saying that) really have a rather low 
regard of your own intelligence if you consider other people doing 
things is always for good reasons, but you criticizing it is not.

This is usually expressed as "Some really smart people create our 
software" -- implying that everyone else is not as smart, including if 
and when those other people would be developers of their own right as 
well.

I don't fall into the trap of thinking other people have good reasons 
for doing stuff but I don't. And I certainly don't think there were good 
reasons for developing UEFI and Secure Boot. But then, I'm just a 
useless somebody.

Here is another line:

It is the mark of a primitive mind to view regression as progress. Good 
luck.