:: Re: [DNG] UEFI and Secure Boot
Kezdőlap
Delete this message
Reply to this message
Szerző: Fungal-net
Dátum:  
Címzett: Steve Litt
CC: dng
Tárgy: Re: [DNG] UEFI and Secure Boot
> From: slitt@???
> To: dng <dng@???>
>
> Hi all,
>
> I basically said UEFI is junk and Secure Boot is an anti-small-distro
> monopolistic practice. These were, and continue to be, my opinions, but
> they're just one man's opinion. I can see use cases where Secure Boot
> would be great, and I can see cases where something like UEFI would be
> handy: But they're neither necessary nor wanted on MY computers.


I've been following this debate and I can't seem to have interpreted your
argument any other way. Where I am losing the value of it is whether our
opinions, developed by exposure to debate, have any implications on how the
hw industry behaves. And then who this industry is? We are talking about two
architects predominantly, mandating their architecture to a handful of boards
and chip makers, and a small handful of reseller-designers (Dell, HP, Lenovo, Toshiba)
who package this up. To us a distro with 400 users is a big deal, to them a sale
of 400 boxes is negligible. Bios was pretty monolithic in itself, I believe, but ever
since the original PC-xt we didn't have much of an option. Nobody complained
about the middle-chip-man back then.

What I would underline in the argument is whether this shift affects little distros
more than the big systems who can afford to adopt to the change. How many
installers are capable to adopt via the common iso-->usb booting in bios or efi?
How easy is it for inexperienced user to know whether they should download
an efi iso or bios? Everytime in all retail industry a mono/oligopoly is attempted to
be built, to narrow the spectrum of choice, it is covered up with a safety/security
of the consumer propaganda. And there are trolls that get paid to spread this
propaganda around in media. You name me one industry that this is not common
practice for the "big guys" to take out the "little guys" by selling security and
safety to the terror victims. Food, transportation, building, energy, ...????
Then there are factory installed linux systems, ubuntu, manjaro, ... is there one
that installs a non-systemd system?

Steve Litt is technically correct in pointing the technical aspects of this out but
his arguments are normally sterilized from what this really means. They are
politically in a vacuum of content. Whether I and Tobias agree or disagree is
irrelevant to Toshiba.

> If I had a real choice to stick with MBR and always be able to disable
> Secure Boot, the world would be fine. We'd all make our choice, and
> we'd all be happy.


Well I liked 2stroke motors too, but they were banned not on their mechanical
merits but with the excuse of not being environmentally correct, just because
it was more profitable and easier for the competition to adopt to such restriction.
Mr Honda himself who made fine 2strokes had promised to make them vanish.
A generation later a youngster believes it is common practice and socially
acceptable to pay 150euro/$ for semi-annual "service". And Europe is covered
up with a carcinogenic diesel cloud, the SE Asia rainforest is vanishing to produce
biodiesel for C/W europe, and it is all for the profitability of VW and other gangsters.

> But you don't know if you can turn off Secure Boot until you've bought
> the mobo or computer. This ability, which is the #1 priority for me,
> doesn't even make it to the specifications. There's no way to find out.
> THAT's why I hate Secure Boot.


Tell us, as I don't know enough, which system is more secure in booting
a portable LUKS encrypted disk. Can it be done with EFI easier? This
was known and available technology before secure boot.

> Similar for UEFI. I don't like its architecture, for exactly the same
> reason I don't like KDE and I don't like systemd: Monolithic
> entanglement. Hey, my preference is to have modules communicate on a
> need to know basis. Others may differ: All I wish is that we all had
> our choice.


So you are stuck using 5-10 year old pcs which in 10 years will be few
and scarce and a minimalist linux system will require 2GB to idle. So
who cares about your choice. If you scan google for mimimalist linux
screenshots and see what those awesome, i3, jwm, systems are running
on, you will have a hard time seeing one on a pre-Efi system. Next year
you have a hard time finding one running with under 8cores.
So who will debate in Debian, or Arch the merits of continuing non-efi
supported installers? Look what is happening to 32bit systems, the spectrum
is narrowing day by day. The attrocity is to hear the argument that in the
name of security 32bit can't be kept in development as all interrelated technology
is evolving around 64bit. So it is more secure to have more complex
architecture than a simpler one.

Again, where is the content of your argument? What good does it do for
me and you to eventually agree that bicycles should have no registration,
insurance and turnsignals? This world will still be the same without us.

> So I've written this email just to make sure my position is never
> interpreted as "nobody needs hardware protection against malware" or
> "nobody needs a system to prevent various boot code from clobbering
> each other." All I'm saying is it should be an option, and the
> existence of the option.


When some of us were busy trying to change the world you were busy
trying to defend wheezy. Meanwhile most of the world's activists are using
systemd on UEFI based systems. Those who ride bicycles with 10 year
old laptops with non-systemd systems will seem in 5 years like what
1968 activists seemed to us in the 90s.

Hopeless romantics front for a new world

> SteveT
> Steve Litt
> October 2017 featured book: Rapid Learning for the 21st Century
> http://www.troubleshooters.com/rl21
> ---------------------------------------------------------------