| Let's leave Microsoft out of the discussion for a moment and focus on whether
secure boot is a useful feature for the FOSS community. I see it as incredibly
useful. In fact, I think FOSS code signing in general is vastly underutilized
just like email encryption and signing is vastly underutilized.
Like any
other security feature, code signing is not a panacea nor is it a substitute for
other layers of security. In the FOSS world, it will protect you from
downloading / installing / running code that was infected by malware due to a
server being compromised. Such compromises have happened before and they are
certain to recur. If code signing (and checking) becomes ubiquitous then
servers holding FOSS code become less inviting targets because infected software
will be recognized almost instantly, usually before it is installed on any
system. The only systems that would be vulnerable would be those that are
downloading the public key for the first time. But a change in the public key
will be noticed almost instantly by systems that already have a copy of the
public key so the window of vulnerability is extremely small.
Secure
boot is the bottom rung on the code signing ladder. You need to connect the
signing at the bottom rung to the hardware otherwise whatever software that
comprises your bottom rung will be vulnerable to attack. This makes secure
boot a very useful and long overdue feature for FOSS security. With some
pushing and some luck, secure boot may encourage us to implement code signing
for all levels of FOSS.
This would be a very good thing. I think it would be
as good or better than getting everyone to routinely sign and encrypt their
emails.
Modern cryptography is very powerful and provides us with many
incredibly useful tools. Whether these tools are "good" are "bad" depends on
the implementation, and usually boils down to who has control of the keys.
Security on the internet has evolved tremendously. There was a time when
passwords were routinely sent over the internet in plaintext (often for ftp and
telnet). We wouldn't dream of doing that nowadays. There was also a time when
most systems connected to the internet did not have a firewall. I wouldn't
dream of doing that today (I like to have at least 2 firewalls between my system
and the internet). There are dozens of similar examples. One key thing is to
implement a security fix before the attacks it addresses become
prevalent.
Right now, malicious code injection on compromised servers is one
of the biggest unaddressed security vulnerabilities the FOSS community faces.
It would be much better for us to implement secure boot and code signing
before it becomes a serious problem.
---
Our job is to remind
ourselves that there are more contexts
than the one we’re in now — the one that we think is reality.
-- Alan Kay [ Reply to This | Parent | # ]
| 
