[ubuntu-uk] heads up - Secure Boot Problems for Linux Users Are Here Already

Bruno Girin brunogirin at gmail.com
Sun Jun 3 11:39:28 UTC 2012

On 02/06/12 15:56, Alan Bell wrote:
>> Could linux foundation do the same for the servers? beause they can
>> be "cracked" in a similar way?
> servers generally won't get the secure boot thing. Odd really because
> it kind of makes more sense to me in that context.

Probably because the biggest market for servers is corporate customers
who have their own IT department and who would very quickly go see
another supplier if they had to fiddle with settings in order to install
the operating system of their choice on their systems. For a typical
large corporate that regularly installs dozens of servers, any change in
installation procedure means:

  * Re-train the whole of IT,
  * Change all training and documentation material,
  * Update the process of how business units get servers commissioned,
  * Find a way to phase in the new process while phasing out the old one,
  * Getting confirmation from suppliers of what exact models will have
    UEFI so that they can have clear guidance: if model A, then do
    process 1 else do process 2,
  * Factor in additional costs and delays for the inevitable cock-ups
    that will happen.

It's an interesting game that Microsoft are playing and I'm wondering
whether their primary motivation is to lock competition out or to force
the last refuseniks off XP and onto a more recent version of Windows.
>From an OEM perspective, what could happen is that you would see UEFI on
consumer ranges first, where customers tend to just go with what's
pre-installed, and then slowly see it appear on business ranges, where
customers tend to wipe the pre-installed OS and replace it with their
in-house image.

The fact that this logic is completely at odds with the security
benefits of UEFI secure booting only makes sense if you see it from an
accounting point of view: secure boot is a technical tool to mitigate
the risk of a server getting compromised. This is modelled as a risk
with associated cost (cost of rebuilding a compromised server, checking
if it's the only compromised one, potential reputation costs, etc). Most
companies already mitigate that risk using firewalls, intrusion
detection systems, etc. Mitigation is not perfect so there is a residual
risk with associated cost. UEFI secure boot is then an opportunity to
reduce this residual cost through additional mitigation. If the cost
saving that results from migrating the estate to UEFI secure boot is
lower than the cost of actually doing it, companies will just stay put
with what they have, accept the risk and pay the price whenever the risk
is realised.

So the fact that servers won't get the secure boot option is simply a
sign that nobody has yet managed to demonstrate that the cost of
introducing secure boot in a corporate environment was lower than the
potential cost of the risk it mitigates.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-uk/attachments/20120603/b150aae4/attachment.html>

More information about the ubuntu-uk mailing list