UEFI Secure Boot and Ubuntu - implementation

Mon Jul 9 15:31:37 UTC 2012

On 9 July 2012 13:48, Scott Kitterman <ubuntu at kitterman.com> wrote:
> On Monday, July 02, 2012 01:04:58 PM Alan Bell wrote:
>> On 23/06/12 08:53, Colin Watson wrote:
>> > (Not using GRUB 2 is definitely a second-class option as far as we're
>> > concerned, so if the FSF ever makes it clear that this wouldn't be a
>> > problem for us, I suspect we will gladly reverse our boot loader
>> > position.)
>>
>> in the light of the whitepaper the FSF have produced
>> http://www.fsf.org/campaigns/secure-boot-vs-restricted-boot/whitepaper-web
>> has the position on GRUB 2 changed?
>>
>> I am a bit curious about this paragraph too:
>>
>> "No representative from Canonical contacted the FSF about these issues
>> prior to announcing the policy. This is unfortunate because the FSF, in
>> addition to being the primary interpreter of the license in question, is
>> the copyright holder of GRUB 2, the main piece of GPLv3-covered software
>> at issue."
>
> I think it's at least indirectly addressed in this interview:
>
> http://www.theregister.co.uk/2012/07/06/shuttleworth_responds_uefi/
>

I'm confused about this. The GPL is a software license, as such it can
only be terminated. In such cases the infringing party loses their
license to distribute the software. "If you cannot convey a covered
work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not convey it at all." The GPLv3 can no more force key disclosure
than the GPLv2 can force source code disclosure.

Let's assume I'm wrong about that. Under a correctly implemented UEFI
system, there are a couple of other ways which an "accidentally"
locked system could be freed by the vendor, without releasing the key
exchange key. It could be done by releasing the platform key (which is
the only key the vendor would even have), or by producing a signed
firmware update. Note that even if the UEFI system is locked to the
highest level of security by the vendor, both of these are still
possible using the platform key, assuming a correct UEFI
implementation.

If we are to assume an incorrect UEFI implementation then we are
really open to anything. It is quite possible to imagine somebody
creating a system with a locked bootloader, signed kernel and modules,
no root access for the user, and a package management system which
only accepts .debs signed by Canonical's GPG key. If Canonical is
responsible for vendor's releases, then under the same logic Canonical
would be forced to release their deb signing key if this happened. So
will Canonical cease distributing signed debs containing GPLv3
software just in case this happens?

-- 
Alistair Buxton
a.j.buxton at gmail.com