Fitting Everything Together
0pointer.net
Posts and writings by Lennart Poettering

The creator of systemd (Lennart Poettering) has recently created a new company dedicated to bringing hardware attestation to open source software.

What might this entail? A previous blog post could provide some clues:

So, let’s see how I would build a desktop OS. The trust chain matters, from the boot loader all the way to the apps. This means all code that is run must be cryptographically validated before it is run. This is in fact where big distributions currently fail pretty badly. This is a fault of current Linux distributions though, not of SecureBoot in general.

If this technology is successful, the end result could be that we would see our Linux laptops one day being as locked down as an Iphone or Android device.

There are lots of others who are equally concerned about this possibility: https://news.ycombinator.com/item?id=46784572

  • tomalley8342@lemmy.worldEnglish
    21·
    3 hours ago

    better than reading the damn article, here are the weasily corporate words directly from mr daan the founder 🤣

    So adding all of this technology will certainly make it more easy to be used for either good or bad. And it will certainly become possible to build an OS that will be less hackable than your run of the mill Linux distro.

    • just_another_person@lemmy.worldEnglish
      12·
      2 hours ago

      First, yes, he’s correct in talking about the SOFTWARE side of that, so if your anger is with this dude, you better just outlaw software, because anyone can choose to NOT do these things. That’s the entire point of open source. Make stupid decisions, and you have zero following.

      Second, let me finish his thought for you:

      But we will never enforce using any of these features in systemd itself. It will always be up to the distro to enable and configure the system to become an immutable monolith. And I certainly don’t think distributions like Fedora or Debian will ever go in that direction.

      We don’t really have any control over what Microsoft decides to do with Secure Boot. If they decide at one point to make Secure Boot reject any Linux distribution and hardware vendors prevent enrolling user owned keys, we’re in just as much trouble as everyone else running Linux will be.

      He’s very CLEARLY illustrating his intent to prevent the very thing you’re shitting your pants about. You’re literally inventing a scenario you’ve thought of yourself, and getting upset about it.

      I bet you’re super fun to be around.

      • tomalley8342@lemmy.worldEnglish
        21·
        3 hours ago

        He’s very CLEARLY illustrating his intent to prevent the very thing you’re shutting your pants about

        It will always be up to the distro

        We don’t really have any control over what Microsoft decides to do

        where is the prevention brother?

        • just_another_person@lemmy.worldEnglish
          11·
          2 hours ago

          Uhhhh…it’s open. Didn’t know anyone needed precautionary blocks in place or permission.

          What in the actual hell is happening in here. Who made you so fearful of everyone? Did somebody hurt you? WHO DID IT???

          • tomalley8342@lemmy.worldEnglish
            2·
            2 hours ago

            We know from systemd that these people are willing to use corporate resources to snuff out grassroots alternatives to grow their market share, and we know from the sorry state of boot chains on basically every device that isn’t x86 UEFI that corporations are salivating at the idea of implementing trusted computing at the expense of user freedoms, and we know know from the above quotes that the best assurance the founders of this companies have is “we just provide the tools, it’s up to the corporations to decide how to use it, teehee!” The only mystery here is people like you here who see all this and think “surely things will go different this time. these are good boys”.

            • just_another_person@lemmy.worldEnglish
              12·
              1 hour ago
              1. How is systemd somehow taking away freedoms at the behest of corporations who asked such a thing?
              2. UEFI is an open standard, buddy. Microsoft is the only player fucking that up
              3. “Trusted Computing” has existed in the very hardware you own and run for almost 30 years now. Literally nobody but cellphone makers use it in the way you describe. Seems you’re still using it though, so nobody seems to have made the apocalyptic decisions that bring your fearful future to bear.
              4. A “Trusted Computing” framework - and this is how I know you don’t understand any of this - is only present. It takes software to interact with it to “take your freedoms away” as you put it. It’s just sitting there otherwise. Nobody even needs to interact with it. You’re so out of touch with this that you’re angry at the wrong side of it, and you don’t even know it.
              5. “…we just provide the tools…”. MY GOD. Where do I even start with this? I can name about a hundred different FOSS tools that break encryption. You mad at the people who made the FOSS encryption tools, or the ones who the FOSS tools to decrypt it?
              6. The only people who want this are people make and produce hardware platforms that ship out into the world so they can ensure they are T2B secure. It seems you don’t know much about security, so I’ll let you in a little secret…(If it claims to be secure, it means there are hardware controls in place)
              • tomalley8342@lemmy.worldEnglish
                21·
                46 minutes ago

                How is systemd somehow taking away freedoms at the behest of corporations who asked such a thing?

                RedHat putting their thumb on the scale providing full time engineers on this project to gain market share and become the defacto standard that they control doesn’t sound like a problem? How do you feel about what chromium is doing to the web?

                UEFI is an open standard, buddy. Microsoft is the only player fucking that up

                Microsoft is the only player “fucking that up” right. And the other corporations have some sort of god-given goodness to them that make it impossible for them to follow suit?

                “Trusted Computing” has existed in the very hardware you own and run for almost 30 years now. Literally nobody but cellphone makers use it in the way you describe. Seems you’re still using it though, so nobody seems to have made the apocalyptic decisions that bring your fearful future to bear.

                Nobody but (half of the entire consumer device market) use it in the way described, and this company comes in offering tools to do the same thing to the other half, and you don’t see the problem?

                A “Trusted Computing” framework - and this is how I know you don’t understand any of this - is only present. It takes software to interact with it to “take your freedoms away” as you put it.

                Software that these people are developing.

                “…we just provide the tools…”. MY GOD. Where do I even start with this? I can name about a hundred different FOSS tools that break encryption. You mad at the people who made the FOSS encryption tools, or the ones who the FOSS tools to decrypt it?

                I’m wary of the people that provide turn key solutions to deploy it at scale

                The only people who want this are people make and produce hardware platforms that ship out into the world so they can ensure they are T2B secure. It seems you don’t know much about security, so I’ll let you in a little secret…(If it claims to be secure, it means there are hardware controls in place)

                And if the user (that’s what we call the person who owns the device, if you don’t know much about these things) doesn’t want it?

                  • tomalley8342@lemmy.worldEnglish
                    11·
                    27 minutes ago

                    I unfortunately accept the reality of our corporate dominated technology landscape, I’m just confused about your downright enthusiasm for the same.