Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Dmitry Alexandrov]

a...@gnu.org (Alfred M. Szmidt) wrote:
> Please keep discussions related to technical issues about the GNU system, 
> non-free platforms are entierly off-topic for this list.

Please note, @gameonli...@redchan.it sent his letter to two m/l: 
gnu-system-disc...@gnu.org and  gnu-misc-discuss@gnu.org.  I believe, you 
referred
to the first, while asking him to keep it limited to the technical issues.


signature.asc
Description: PGP signature

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Ruben Safir]

On 11/5/19 3:07 AM, Florian Weimer wrote:
> * nipponmail:
> 
>> Getting GNU/Linux onto a laptop these days is quite the difficulty if 
>> you don't know what you're doing because of Secure Boot. It's not a plug 
>> and play thing like once it was. Probably discourages alot of users.
> 
> Sure, and that was totally predictable.  But what can we do when
> *everyone*, including the FSF, supports Secure Boot?
> 
> (Admittedly, Debian was very late to join and did not further the
> Secure Boot cause.)
> 


There is a good reason for that.  Now that uefi is implemented, the book
drive is a fully operating OS in its own right.  Now I think that is
stupid, but that is the facts.  Machines can not be secured without
secure boot because open access to physical hardware means access to a
fully operating system in the book loader.  It essentially is running a
watered down version of the jave virtual machine.

http://www.nylxs.com/docs/journal_2_2015.pdf
-- 
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002

http://www.nylxs.com - Leadership Development in Free Software
http://www.brooklyn-living.com

Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Florian Weimer]

* Marcel:

> On 11/5/19 4:11 AM, Florian Weimer wrote:
>> The FSF has given out an award in support of Secure Boot-related work,
>> so its approach to the matter is rather ambiguous.
>
> Looking through fsf.org I couldn't find any award in support of "Secure
> Boot" related work, would you mind pointing me to it?



It's difficult to argue that the FSF wasn't supportive when it handed
out an award for Secure Boot work.  It also suggests that the issue
has a solution and is therefore manageable.

> The FSF seems to have a very clear position on "Secure Boot" vs.
> "Restricted Boot", and has been running a campaign opposing "Restricted
> Boot" for the best part of this decade:
>
> https://www.fsf.org/campaigns/campaigns-summaries#secureboot

Matthew's work shifted the onus of supporting GNU-compatible Secure
Boot from Microsoft and hardware vendors to GNU/Linux distributions
and was a strategic mistake.

>> I knew this would happen and wrote extensively against Secure Boot.
>> That became a futile exercise when the FSF started supporting it, too.
>
> AFAIK, the only thing the FSF said is that when implemented correctly,
> Secure Boot" is designed to protect the user against malware. They urged
> manufacturers to respect user freedoms when implementing "Secure Boot"
> by doing it correctly.
>
> How you interpret this as support for "Secure Boot"?

Nobody knows what Secure Boot was originally designed to do—and what
its current security objectives are.  I suspect it was initially
intended to save $1.50 for a read-only USB stick, by storing recovery
media on the main storage device.  But even that does not work anymore
because Microsoft opened up the Secure Boot trust root to basically
anyone (who can start their own little company and shell out a few
hundred dollars).  As a result, it no langer means that if it boots,
it's authorized by Microsoft.  The indirect cryptographic chain
GNU/Linux distributions ensures that Microsoft never sees actual
binaries running in ring 0, so they can't do any meaningful
verification on submitted binaries, either.  (The Secure Boot signing
services works by submitting binaries to them, the code signing
certificate you need to purchase does not give you the immediate
ability to run code with Secure Boot active.)

It's also unclear what how this alleged protection against malware
would work when users can easily install their own operating systems.
It's not possible to have it both ways: Either you can replace the
guts of the operating system and you live with the malware risk
(because malware can do the same), or you give up that capability.
User prompts do not really work because they would have to say
something along the line “proceed only if you want to install malware
or GNU/Linux”, which is not politically feasible.  (Also keep in mind
that the Secure Boot work did not deliver anything close to a signed
userspace, and due the lack of ELF signing support in glibc and the
scripted nature of the boot process on mainstream GNU/Linux
distributions, it is unclear how we could deliver that technically.
There is dm-verity and IMA, but that is so draconian that you can't
pretend that the result is still free software with user control, so
it's not used by GNU distributions.)

The main problem I have with the FSF approach to Secure Boot is that
there was a time when we could have killed it, by not supporting it,
and force Microsoft to come up with a different approach to avoid the
obvious anti-trust issues.  The non-copyleft (Tianocore, shim) to
copyleft (GRUB, Linux) signing chain might have been the weakest
point, but through its actions, the FSF has given its approval.  But
we failed to convey that this is a problem that Microsoft has to
solve, and now we have to deal with the fallout.

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Florian Weimer]

* nipponmail:

> Getting GNU/Linux onto a laptop these days is quite the difficulty if 
> you don't know what you're doing because of Secure Boot. It's not a plug 
> and play thing like once it was. Probably discourages alot of users.

Sure, and that was totally predictable.  But what can we do when
*everyone*, including the FSF, supports Secure Boot?

(Admittedly, Debian was very late to join and did not further the
Secure Boot cause.)

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[nipponmail]

I was describing the steps one needs to go through to get a Gnu/Linux 
system installed on a laptop. I did it a month or two ago. It's not as 
easy as it was in the past because of secure boot. You must use the 
pre-installed OS to disable the secure boot: you _cannot_ do it from the 
bios.


On 2019-11-04 16:38, a...@gnu.org wrote:

Please keep discussions related to technical issues about the GNU
system, non-free platforms are entierly off-topic for this list.

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[nipponmail]

Getting GNU/Linux onto a laptop these days is quite the difficulty if 
you don't know what you're doing because of Secure Boot. It's not a plug 
and play thing like once it was. Probably discourages alot of users.


Linux doesn't have any security after GrSecurity went proprietary 
(something that isn't supposed to be possible, but no one will spend the 
500k to sue them)


On 2019-11-04 21:11, Florian Weimer wrote:

* Jean Louis:


* gameonli...@redchan.it  [2019-11-04 14:05]:
Windows is required to disable the trusted computing locks in Most 
new
laptops. Other than windows there are only a few signed operating 
systems
that can be installed without disabling said locks, and they are 
signed by

microsoft.



Dr. Stallman was warning about it: https://stallman.org/intel.html


The FSF has given out an award in support of Secure Boot-related work,
so its approach to the matter is rather ambiguous.

Secure Boot with the second Microsoft key is dead from a security
perspective.  I think all GNU/Linux vendors nowadays have deliberate
backdoors into ring 0.  This means that you can boot any operating
system, pretending that Secure Boot is enabled, while in fact it is
not.  Furthermore, downgrade protection was never implemented for
Linux, so you can boot a vulnerable kernel with a known root-to-ring-0
vulnerability, and use that to boot anything else.

There was never a real effort to get a secured boot into userspace, so
any security benefit to GNU/Linux would have been extremely slim
anyway.  Clear security goals for the Secure Boot under the Microsoft
trust root have never been specified.

There is the first Microsoft key, reserved to their own operating
systems, which does not have these problems.  As far as I know, no
GNU/Linux distributions are signed by it.  I have only encountered it
in isolation as an option in Hyper-V.  Physical x86 hardware I've seen
always came with both sets of keys installed.

In the end, what remains is the hassle that Secure Boot creates for
many users, with very little to no benefit to anyone whatsoever.

I knew this would happen and wrote extensively against Secure Boot.
That became a futile exercise when the FSF started supporting it, too.
Sadly, it is impossible nowadays to get rid of useless cruft if it has
“Secure” in its name.

To be clear here, the problem is not the Microsoft trust root.  I'm
pretty sure Microsoft would happily hand over the trust root to any
credible organization that would be willing to manage it and absorb
the risk.  A lot of organizations and governments criticize central
control over such keys, but very few are actually willing to manage a
trust root.  The same thing happened with DNSSEC.

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Florian Weimer]

* Jean Louis:

> * gameonli...@redchan.it  [2019-11-04 14:05]:
>> Windows is required to disable the trusted computing locks in Most new
>> laptops. Other than windows there are only a few signed operating systems
>> that can be installed without disabling said locks, and they are signed by
>> microsoft.

> Dr. Stallman was warning about it: https://stallman.org/intel.html

The FSF has given out an award in support of Secure Boot-related work,
so its approach to the matter is rather ambiguous.

Secure Boot with the second Microsoft key is dead from a security
perspective.  I think all GNU/Linux vendors nowadays have deliberate
backdoors into ring 0.  This means that you can boot any operating
system, pretending that Secure Boot is enabled, while in fact it is
not.  Furthermore, downgrade protection was never implemented for
Linux, so you can boot a vulnerable kernel with a known root-to-ring-0
vulnerability, and use that to boot anything else.

There was never a real effort to get a secured boot into userspace, so
any security benefit to GNU/Linux would have been extremely slim
anyway.  Clear security goals for the Secure Boot under the Microsoft
trust root have never been specified.

There is the first Microsoft key, reserved to their own operating
systems, which does not have these problems.  As far as I know, no
GNU/Linux distributions are signed by it.  I have only encountered it
in isolation as an option in Hyper-V.  Physical x86 hardware I've seen
always came with both sets of keys installed.

In the end, what remains is the hassle that Secure Boot creates for
many users, with very little to no benefit to anyone whatsoever.

I knew this would happen and wrote extensively against Secure Boot.
That became a futile exercise when the FSF started supporting it, too.
Sadly, it is impossible nowadays to get rid of useless cruft if it has
“Secure” in its name.

To be clear here, the problem is not the Microsoft trust root.  I'm
pretty sure Microsoft would happily hand over the trust root to any
credible organization that would be willing to manage it and absorb
the risk.  A lot of organizations and governments criticize central
control over such keys, but very few are actually willing to manage a
trust root.  The same thing happened with DNSSEC.

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Alfred M. Szmidt]

   Please keep discussions related to technical issues about the GNU
   system, non-free platforms are entierly off-topic for this list.

And in general, all GNU lists. :-)

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Alfred M. Szmidt]

Please keep discussions related to technical issues about the GNU
system, non-free platforms are entierly off-topic for this list.

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Alexandre François Garreau]

Le lundi 4 novembre 2019 15:09:56 CET, vous avez écrit :
> * Alexandre François Garreau  [2019-11-04 15:00]:
> > Purism do not respect users’ freedom:
> > https://libreboot.org/faq.html#will-the-purism-laptops-be-supported
> > 
> > Actually they “disable” it, but since it’s proprietary software, down to
> > the cpu, and it still runs proprietary software, you can’t trust that for
> > sure. They’ve been working with Intel, they *try* to sell that.
> 
> Alright, you got some information. If you think there is issue, open
> it up with Purism and try to discuss.

Afaik they already discussed it.  Their whole business work because of special 
intel contracts so I don’t guess they’ll stop any soon.  ThinkPenguin may be a 
better target, but they likewise sell high-performance computers that don’t 
exist as 100% ryf (except they don’t pretend they’re pure or perfect or do any 
bullshit marketing).

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Jean Louis]

* Alexandre François Garreau  [2019-11-04 15:00]:
> Purism do not respect users’ freedom: 
> https://libreboot.org/faq.html#will-the-purism-laptops-be-supported
> 
> Actually they “disable” it, but since it’s proprietary software, down to the 
> cpu, and it still runs proprietary software, you can’t trust that for sure.  
> They’ve been working with Intel, they *try* to sell that.

Alright, you got some information. If you think there is issue, open
it up with Purism and try to discuss.

For myself, we are getting so many cheap T500 and other libreboot compatible
notebooks from Dubai to Uganda, so I still have inexpensive access to
purchase such notebooks. I would like switching from notebook to
desktop, and maybe using Power chips from IBM. It is just that I am
traveling much.

Jean

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Alexandre François Garreau]

Le lundi 4 novembre 2019, 14:51:08 CET Jean Louis a écrit :
> * gameonli...@redchan.it  [2019-11-04 14:05]:
> > Windows is required to disable the trusted computing locks in Most new
> > laptops. Other than windows there are only a few signed operating systems
> > that can be installed without disabling said locks, and they are signed by
> > microsoft.
> 
> That is sad situation. Then is best way not to buy Intel chips and
> find hardware that respects users' rights.
> 
> Look here how Purism, company behind the PureOS, one of the FSF
> endorsed fully free system distributions is disabling the Intel
> management engine:
> 
> https://www.theinquirer.net/inquirer/news/3019569/purism-disables-intels-man
> agement-engine-on-linux-powered-laptops
> https://puri.sm/learn/avoiding-intel-amt/

Purism do not respect users’ freedom: 
https://libreboot.org/faq.html#will-the-purism-laptops-be-supported

Actually they “disable” it, but since it’s proprietary software, down to the 
cpu, and it still runs proprietary software, you can’t trust that for sure.  
They’ve been working with Intel, they *try* to sell that.

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Jean Louis]

* gameonli...@redchan.it  [2019-11-04 14:05]:
> Windows is required to disable the trusted computing locks in Most new
> laptops. Other than windows there are only a few signed operating systems
> that can be installed without disabling said locks, and they are signed by
> microsoft.

That is sad situation. Then is best way not to buy Intel chips and
find hardware that respects users' rights.

Look here how Purism, company behind the PureOS, one of the FSF
endorsed fully free system distributions is disabling the Intel
management engine:

https://www.theinquirer.net/inquirer/news/3019569/purism-disables-intels-management-engine-on-linux-powered-laptops
https://puri.sm/learn/avoiding-intel-amt/

Dr. Stallman was warning about it: https://stallman.org/intel.html

https://www.fsf.org/blogs/sysadmin/the-management-engine-an-attack-on-computer-users-freedom

> Stating that women dominate men in America is not hatred, it is fact. But
> they are our superiors so we can say nothing against them. Notice that Hans
> Reiser is in prison? Notice that anyone who tried to marry girls is in
> prison with him.

We don't discuss those subjects here. That is not related to systems
and GNU.

Re: Why don't gnu.org and RMS sign mail? - FDE Crypto

[Jean Louis]

* gameonli...@redchan.it  [2019-11-04 12:25]:
> Debian / Devuan installation is very quick and straight-forward, and the
> package vrms (inspired by rms) allows one to check if one has non-free
> packages. You can set up the full disk encryption off the bat there.

In Hyperbola GNU/Linux-libre there is package: your-freedom that
conflicts with every non-free package and insecure package.

> (I like Devuan for it's non-systemd options: that way you can strip the
> system down to only the tasks you want it to do and no others, perhaps a
> strict libre version could be made some day (systemd is the reason I don't
> use trisquel, though I like the community etc; I don't wish to use brand-new
> bug-filled system software that's 10 years till maturity etc, and does
> things I don't want it to do))

Could you invite Devuan to apply as fully free system distribution so
that it can ge endorsed by the FSF?

See here:
https://www.gnu.org/distros/free-system-distribution-guidelines.html

> On UEiF (or whatever it's called) systems first you have to use windows to
> allow legacy boot, if you don't then you never can (can't do it from the
> bios); to get to that option you have to change windows S to windows-normal,
> which involves registering with microsoft (right now you can use a throw
> away email). (They can remove these options in the future and lock
> you in).

I think that works without using proprietary systems. Using Windows to
install GNU system is not recommended, how do you know what is really
going on there. Reason for using free software is certain trust, which
I cannot attribute to Windows proprietary stuff.

Many various GNU/Linux systems can be installed on UEFI interface
specifications. Look at Debian Wiki here:
https://wiki.debian.org/UEFI

I am using Hyperbola GNU/Linux-libre which is fully free
distribution. Look https://www.hyperbola.info/ and there is some
instructions for UEFI systems:
https://wiki.hyperbola.info/doku.php?id=en:guide:installation and
https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface

Try looking into those links, it is possible to install over UEFI
systems without windows.

> Also all Intel processors contain spyware in the form of a mutilated
> Minix-running baseband type processor which can exfiltrate the
> entire contents of your ram at any time (and thus your crypto
> key). You cannot ever turn it off. (But you know this).

My impression is that those issues could have been eliminated and that
it is not danger if one uses latest kernels. It is possible to disable
it.

> Most Proud Americans absolutely support these spy systems to catch,
> jail, and torture-in-prison male paedophiles who like girls. They
> feel it should be extensively used, and salivate at the idea of
> being the Bubba. When not doing such they program military systems
> to slaughter muslims for similar crimes, if not manning said systems
> themselves.

I understand that outside of US there is a lot of anti-US or
anti-American propaganda, and while myself I do not live in US, I do
not approve of that, as generalizations don't help, generalizations
are meant to provoke and incite more and more hate.

We are in GNU community striving to be kind to each other, especially
that GNU is planetary system, one shall not use this mailing list for
political opinions as such would be dividing people.

Further, I do not feel your statement is true, not at all, it looks as
fabricated thoughtless anti-American propaganda spread in some
countries. 

> Americans love their Trusted Management Engine. It manages the males and
> keeps the Queens on top: as their species demands.

That is hatred, there is no place for that in the discussion.

The management engine belongs to certain company, I think Intel, and
while Intel is based in USA, to what you refer as "America", that does
not mean that Americans love their trusted management engine. Such
remarks are vague, generalized, not specific, emotional.

In my opinion you have been exposed to hateful propaganda. Please
think about that. I would advise associating with some Americans face
to face , for example make some chocolate cakes together and share
recipes. Or jump into a pool together.

Jean