On Tue, Feb 26, 2013 at 03:28:39AM +0000, Matthew Garrett wrote: > You're happy advising Linux vendors that they don't need to worry about > module signing because it's "not obvious" that Microsoft would actually > enforce the security model they've spent significant money developing > and advertising?
My advice was to Linus and those who are willing to listen to me, not to Red Hat. Red Hat has not generally been receptive to my advice in the past; not that they have any obligation to listen to me, of course. After all, I'm not on Red Hat's payroll. :-) Speaking more generally, though, (a) revoking the Linux's key is not zero-cost to Microsoft, (b) it's also not an instant death sentence to Linux distributions. Users can always either disable secure boot mode, or they can install another signing key. Yes, that is not the best user experience, but it's something which is doable. The other thing to consider is that it's not clear in the long run how much of a lock Microsoft and Windows 8 will have hardware manufacturers. There's already been people discussing how to install Linux on the Chromebook Pixel. Other traditional PC manufacturers, including HP and Lenovo, have started creating non-Windows-8 x86 systems using ChromeOS, which can easily have a stock Linux distro installed on it, and they come at a variety of different price points. (Heck, the recent ChromeOS boxes, such as Pixel, come with an open source BIOS which you can reflash.) Finally note that secure boot is not an issue on server platforms, which is where most of the traditional Linux vendors have made their money. And those who are making money with pre-installed Linux systems (i.e., like Ubuntu, or Google with ChromeOS) for consumers are generally doing so in cooperation with hardware OEM partners, where there's no reason to kowtow to Microsoft's policies. So there really isn't a good reason for Linux vendors to cower in fear of Microsoft. Much of Microsoft power comes from people letting them have power over them. You don't have to do it. Sometimes it's better to let them carry through on their threat, and while it will be inconvenient, it is highly likely they will also take damage from their taking action. Consider what happened the last time the Republicans carried through on their threat to shut down the US Federal Government. Sometimes it's better to let the blackmailers carry through on their threat, and then steps from there. Cowering in fear and paying Danegled rarely gets rid of the Dane. Regards, - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/