<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 02/06/12 15:56, Alan Bell wrote:
<blockquote cite="mid:4FCA29A0.80405@libertus.co.uk" type="cite">
<blockquote type="cite">Could linux foundation do the same for the
servers? beause they can be "cracked" in a similar way?
<br>
<br>
</blockquote>
<br>
servers generally won't get the secure boot thing. Odd really
because it kind of makes more sense to me in that context.
<br>
<br>
</blockquote>
<br>
Probably because the biggest market for servers is corporate
customers who have their own IT department and who would very
quickly go see another supplier if they had to fiddle with settings
in order to install the operating system of their choice on their
systems. For a typical large corporate that regularly installs
dozens of servers, any change in installation procedure means:<br>
<ul>
<li>Re-train the whole of IT,</li>
<li>Change all training and documentation material,</li>
<li>Update the process of how business units get servers
commissioned,</li>
<li>Find a way to phase in the new process while phasing out the
old one,</li>
<li>Getting confirmation from suppliers of what exact models will
have UEFI so that they can have clear guidance: if model A, then
do process 1 else do process 2,</li>
<li>Factor in additional costs and delays for the inevitable
cock-ups that will happen.<br>
</li>
</ul>
<br>
It's an interesting game that Microsoft are playing and I'm
wondering whether their primary motivation is to lock competition
out or to force the last refuseniks off XP and onto a more recent
version of Windows. From an OEM perspective, what could happen is
that you would see UEFI on consumer ranges first, where customers
tend to just go with what's pre-installed, and then slowly see it
appear on business ranges, where customers tend to wipe the
pre-installed OS and replace it with their in-house image.<br>
<br>
The fact that this logic is completely at odds with the security
benefits of UEFI secure booting only makes sense if you see it from
an accounting point of view: secure boot is a technical tool to
mitigate the risk of a server getting compromised. This is modelled
as a risk with associated cost (cost of rebuilding a compromised
server, checking if it's the only compromised one, potential
reputation costs, etc). Most companies already mitigate that risk
using firewalls, intrusion detection systems, etc. Mitigation is not
perfect so there is a residual risk with associated cost. UEFI
secure boot is then an opportunity to reduce this residual cost
through additional mitigation. If the cost saving that results from
migrating the estate to UEFI secure boot is lower than the cost of
actually doing it, companies will just stay put with what they have,
accept the risk and pay the price whenever the risk is realised.<br>
<br>
So the fact that servers won't get the secure boot option is simply
a sign that nobody has yet managed to demonstrate that the cost of
introducing secure boot in a corporate environment was lower than
the potential cost of the risk it mitigates.<br>
<br>
Cheers,<br>
<br>
Bruno<br>
<br>
</body>
</html>