In an ongoing discussing Linus Torvalds has made some suggestions which he believes put users in control of their system and not Microsoft.
Many experts were expressing various scenarios where Microsoft might revoke its keys or Linux systems may be used to compromise Windows machines and so on. Linus had enough of it and he said, "How does bringing up an unlikely and bogus scenario - and when people call you on it, just double down on it - help users?
Stop the fear mongering already.
Then he went ahead to suggest what he thinks is based on 'real security' and on 'putting user's first' instead of "let's please Microsoft by doing idiotic crap" approach."
It's really refreshing to see that Linus is putting the user first (as does Richard Stallman) and not some company or developer's interest first. I was almost sick and tired of everyone obsessed with taking control over our computing - from Canonical to Facebook.
Because it really shouldn't be about MS blessings, it should be about the *user* blessing kernel modules - Linus Torvalds
This is what Linus suggested:
So instead of pleasing microsoft, try to see how we can add real security:
- a distro should sign its own modules AND NOTHING ELSE by default. And it damn well shouldn't allow any other modules to be loaded at all by default, because why the f*ck should it? And what the hell should a Microsoft signature have to do with *anything*?
- before loading any third-party module, you'd better make sure you ask the user for permission. On the console. Not using keys. Nothing like that. Keys will be compromised. Try to limit the damage, but more importantly, let the user be in control.
- encourage things like per-host random keys - with the stupid UEFI checks disabled entirely if required. They are almost certainly going to be *more* secure than depending on some crazy root of trust based on a big company, with key signing authorities that trust anybody with a credit card. Try to teach people about things like that instead. Encourage people to do their own (random) keys, and adding those to their UEFI setups (or not: the whole UEFI thing is more about control than security), and strive to do things like one-time signing with the private key thrown out entirely. IOW try to encourage *that* kind of "we made sure to ask the user very explicitly with big warnings and create his own key for that particular module" security. Real security, not "we control the user" security.
Sure, users will screw that up too. They'll want to load crazy nvidia binary modules etc crap. But make it *their* decision, and under
*their* control, instead of trying to tell the world about how this should be blessed by Microsoft.
Because it really shouldn't be about MS blessings, it should be about the *user* blessing kernel modules.
Quite frankly, *you* are what he key-hating crazies were afraid of. You peddle the "control, not security" crap-ware. The whole "MS owns your machine" is *exactly* the wrong way to use keys.
The discussion is still going on and we will keep you updated with any progress.
- Virtualisation. When running a Linux guest under VMWare or Hyper-V or Xen or Virtualbox etc you typically need 3rd party drivers (VMWare tools, Virtualbox graphics drivers etc) so there is a need for running them.
- in big Datacenter setups we want to automate. When Linus suggests to ask the user for permission via the console he is simply ignoring reality. Try to update 40000 Servers with being forced to go to the console 40000 times. Ridiculous.
The user is not always someone sitting in front of the machine.