Linus Torvalds: Secure Boot Is Good; But Can Be Used In Bad Ways
Swapnil: What do you think of Microsoft’s secure boot?
Linus: I actually think secure boot makes a lot of sense. I think we should sign our modules. I think we should use the technology to do cryptographic signatures to add security; and at the same time inside the open source community this is so unpopular that people haven’t really worked on it.
It’s true that secure boot can be used for horribly, horribly bad things but using that as an argument against its existence at all is I think a bit naive and not necessarily right. Because if you do things right then it’s a really good thing. I would like my own machine to have the option to not boot any kernel, or boot loader, that is not signed by this signature.
- Are you a blogger? Now you can make money from Muktware....check it out: Muktware's Bloggers Network
I want to have the option to also realize that OK now I am going to boot another operating system or do something else and I want to undo that. But I want that to be a BIOS set-up screen where you have to be at the machine physically and then it is a great thing. And I think that’s actually how most secure boots would be set up. The fact that then you could possibly set it up so that the user at the BIOS screen can’t even change it, makes it problematic. Maybe some people would use that and that is really scary. But at the same time that doesn’t invalidate the technology as a very powerful and useful tool.
So, I am in a situation where I disagree with a lot of people about DRM and signatures and things where I think signatures are a good thing that can be misused. At the same time in the open source community there are a lot of people that think about it the other way and say it can be misused, so it can’t be a good thing. They come at the whole problem from a different direction. I kind of understand why they do that, but at the same time, maybe because I refuse to be a pessimist, I refuse to take the approach that because something can be misused it’s bad.
And maybe I am wrong, maybe secure boot will be used in horribly, horribly bad things. People will say you should have listened to me.
The classic case that we have is of Tivo. They tried to do the same thing. They failed at it, they did not lock it down quite well enough but they basically tried very hard enough to make it inconvenient to change things around.
My take is that I want the source code back but I don’t want the control of the hardware you sell. To me the GPL was always about– you can still make changes to the kernel, you can still take their improvements which weren’t actually all that significant and run it on your own machine and that was always true even with Tivo, while the FSF felt that they locked the hardware down so now you couldn’t make changes to that particular piece of hardware and you couldn’t update that particular piece of hardware anymore, so it was evil.
It’s true that secure boot can be used for horribly, horribly bad things but using that as an argument against its existence at all is I think a bit naive and not necessarily right.
My point was that’s the hardware they are selling, that’s not the software. You can still change the software, you just can’t update it on that particular piece. This is a fairly fundamental disagreement and this is the fundamental disagreement that caused the while GPL version 3 split. We disagreed so fundamentally on this that I can never use GPL v 3 because they way FSF wrote the v3 was explicitly to stop this thing that I thought was OK and was in fact part of the whole contract with people that you can use Linux anyway you want. If anyway you want includes saying you can’t change it on this machine; which is fine.
The extreme case of not changing it on this machine is actually burning it on a ROM and just making it physically impossible to change and I am OK with that. Surprisingly FSF is also OK with that. The FSF’s position is that if nobody can change it then it’s OK, but if somebody can change it then everybody has to be able to change it which to me tells that makes no sense at all and I actually think they – some of those people – are clinically insane.
Linus Torvalds On Fundamental Disagreement With GPL V3
The FSF pushed very hard for GPL projects to upgrade to v3, to the point that I had some interaction with them and I felt dirty after talking to them. I was like ‘wow’ these guys are pushing drugs.
Once you have version 3 using software and someone violates the license I think you should go after them. License choice to me is very important and sacred and I personally think that version 3 changes were bad, but that’s my personal choice and my software doesn’t use V3 but if somebody else uses v3 that’s their choice and they are the person who should make that choice.
Once you do make the choice and you think that I want my software to not be used in situations where it gets locked down, then you should take people to court if they actually violate your license. So, I am not disagreeing with v3 changes in that respect–I am saying it’s a choice and that’s a choice I choose not to make because I have fundamentally different opinions of how things should be done. But its a choice that I don’t dispute. Other people can make for their projects I am perfectly fine with v3. I think its a stupid license but I am OK with it.