Comment by Spivak

Comment by Spivak 5 days ago

16 replies

View on Hacker News

https://0pointer.net/blog/authenticated-boot-and-disk-encryp...

You. The money quote about the current state of Linux security:

> In fact, right now, your data is probably more secure if stored on current ChromeOS, Android, Windows or MacOS devices, than it is on typical Linux distributions.

Say what you want about systemd the project but they're the only ones moving foundational Linux security forward, no one else even has the ambition to try. The hardening tools they've brought to Linux are so far ahead of everything else it's not even funny.

direwolf20 5 days ago

This is basically propaganda for the war on general purpose computing. My user data is less safe on a Windows device, because Microsoft has full access to that device and they are extremely untrustworthy. On my Linux device, I choose the software to install.

Reply View 13 replies
  • egorfine 4 days ago

    Propaganda begins with reframing. What russia is waging is not a war, it's a special military operation. War is peace. Data on Windows is secure. Linux's security is far behind.

    That sort of things.

    Reply View 0 replies
  • Spivak 5 days ago

    What are you talking about? This has nothing to do with general purpose computing and everything to do with allowing you to authenticate the parts of the Linux boot process that must by necessity be left unencrypted in order to actually boot your computer. This is putting SecureBoot and the TPM to work for your benefit.

    It's not propaganda in any sense, it's recognizing that Linux is behind the state of the art compared to Windows/macOS when it comes to preventing tampering with your OS install. It's not saying you should use Windows, it's saying we should improve the Linux boot process to be a tight security-wise as the Windows boot process along with a long explanation of how we get there.

    Reply View 11 replies
    • direwolf20 5 days ago

      Secure boot is initialized by the first person who physically touches the computer and wants to initialize it. Guess who that is? Hint: it's not the final owner.

      It's only secure from evil maker attacks if it can be wiped and reinitialised at any time.

      Reply View 2 replies
      • Cu3PO42 5 days ago

        You seem to be under the impression that you cannot reset your Secure Boot to setup mode. You can in the UEFI, doing so wipes any enrolled keys. This, of course assumes you trust the UEFI (and hardware) vendors. But if you don't, you have much bigger problems anyway.

        Is it possible someone will eventually build a system that doesn't allow this? Yes. Is this influenced in any way by features of Linux software? No.

        Reply View 1 reply
        • uecker 5 days ago

          It is certainly influenced by the features of Linux software. If Linux does not support this then this preserves a platform as an escape route where this is not possible and this substantially reduces the incentive to provide certain content and services (!) only when this is enabled.

          Reply View 0 replies
    • egorfine 4 days ago

      > allowing you to authenticate the parts of the Linux boot

      No, not you. Someone else for you. And that's the scary part.

      Reply View 2 replies
      • Spivak 3 days ago

        Yes you. The parts being expanded upon happen after the shim is authenticated by SecureBoot and are fully in your control. The scary part has already happened, Linux distros support SecureBoot right now and have for a while. Right now the current state of the Linux boot process is all the downsides (in your view) of SecureBoot with none of the upsides because very little is authenticated after that.

        Reply View 1 reply
        • egorfine 3 days ago

          It's temporary.

          In a few years running random code on your computer would be seen a bit unethical.

          Reply View 0 replies
    • egorfine 4 days ago

      > we should improve the Linux boot process to be a tight security-wise as the Windows

      I hope this never happens. I really want my data secure and I do have something to hide. So, no Microsoft keys on my computer and only I will decide what kind of software I get to run.

      Absolutely fuck that.

      Reply View 4 replies
      • Spivak 3 days ago

        So to I guess spite Microsoft or something you're going to make your data less secure?

        Turning off SecureBoot only means any rando can decide what software runs on your device and install a bootkit. Not authenticating the rest of the boot process as outlined here (what Microsoft calls Trusted Boot) only means that randos can tamper with your OS using the bits that can't be encrypted.

        Literally an own-goal in every sense of the word.

        Reply View 1 reply
        • egorfine 3 days ago

          > Turning off SecureBoot only means any rando can decide what software runs on your device

          I see it as exactly the opposite: turning SecureBoot on means someone else can and will decide what software runs on my device.

          > spite Microsoft or something you're going to make your data less secure

          We all know very well Microsoft's track record with security and with data protection measures and practice. Trusting Microsoft is... irrational, let's put it that way.

          Reply View 0 replies
dTal 5 days ago

Considering that (for example) your data on ChromeOS is automatically copied to a server run by Google, who are legally compelled to provide a copy to the government when subject to a FISA order, it is unclear what Poettering's threat model is here. Handwringing about secure boot is ludicrous when somebody already has a remote backdoor, which all of the cited operating systems do. Frankly, the assertion of such a naked counterfactual says a lot more about Poettering than it does about Linux security.

Reply View 0 replies