On Fri 18/01/13 16:24 , Sam Liddicott sam@liddicott.com wrote:
Without intended to promote dissent,
Alas ! the law of unintended consequences...
I like UEFI with secure boot when I can upload the signing keys and there is a physical switch on such key storage.
I don't. The current stage is still early. In the future we'll be denied access to content, networks and services (publics services, banking services, whatever) when the devices we try to connect to are unable to proof that we run the software they (not us) trust. I think it's called Remote Attestation. The only way out is not buying our own shackles and ensuring DRM enabling hardware fails in the market (I'm not saying the only way out is likely). I'm not sure I'll stick to my own advice forever, but at least I'll try to hold for as long as I can and if I ever buy shackles just buy the cheapest or something .
It's difficult to buy computers nowadays, because all implement DRM provisions in one way or other. Modern intel processors check signatures on propietary initialization code before they even configure RAM. Is that a computer ? AMD at least contributes to coreboot and documents processors, but they do implement the basic remote management infraestructure, and tie their CPUs to GPUs or APUs with propietary AtomBIOS, possibly to keep secrecy on DRM measures. ARM is deploying Trust Zone (or True Zone, forgot the name) functionality of similar kind.
Closed hardware nowadays is not something I recognize as a computer any more, a general purpose mathematical machine.
Open hardware is ok, but still not fit for some purposes and not easy to buy.
That way I can secure my own machine and retain my own freedom. I acknowledge that UEFI + secure boot generally refers to something more restrictive
I'm no security expert, but I don't think it buys much security either. How do you know your signed software is safe ? If enough of your software is really safe, then it wouldn't have let anyone modify itself or bootloaders even without secure boot. If some of it isn't then it may be compromised and maybe coerced into breaking security even with secure boot. Our current functionality is too complex to have simple enough software to be completely validated. Signature checks are just a way to shove security worries under the carpet. Secure boot with user controlled trust and maybe microkernels with small trusted baselines may bring some measure of security but that's just theory. In practice you don't audit all your software, and even with the huge help of a free software community you can't be all that sure that software is safe. You'll always be as safe as the society you live with accepts because you can't write all the code you run, you can't even read it all, and your society will move your requirements fast enough for a minority of secure minded auditors to be outpaced. And in exchage for that you're throwing a computer away and replacing it with a special purpose machine running a finite set of trusted software. Bad bargain I say.
For more information look at the coreboot mailing list archives. It's been discussed a little. Btw, one of the coreboot developers recomended chromebooks (and another laptop I think too heavy) because (some?) come with coreboot, which is free firmware (may require blobs depending on the hardware), and locks can be disabled by the user. I insist that I don't like todays hardware in general, but thought it might be worth noting since discussion is a little centered on the operating system and drivers, and even laptops sold without OS (when you can find one), or with FreeDOS or fully free OSes (is there any?) have closed hardware and propietary firmware. So since we have to either refrain from buying or make freedom tradeoffs, it is not so unwise to pick free firmware if available and replace propietary OS or applications that may ship with it.
http://www.mail-archive.com/coreboot@coreboot.org/msg38732.html
http://www.coreboot.org/pipermail/coreboot/2012-April/069598.html
Maybe the best advice is not buying anything, otherwise wait for Rhombus-tech (but there's secrecy in ARM chips too, it's more to try to help a path to more open hardware that in the future may bring more worthwhile stuff). Otherwise either AMD or ARM or if you go for intel, a chromebook to get free firmware (with blobs). I don't know.
Btw, be sure to understand everything if you ever try to install coreboot (or any firmware) yourself in your device (more so in a laptop). If you don't have proper knowledge and equipment you may render it unbootable (brick it).