back to article Microsoft's Lennart Poettering proposes tightening up Linux boot process

Lennart Poettering's latest blog post proposes moving the Linux boot process into a "Brave New Trusted Boot World" of cryptographically signed Unified Kernel Images. Agent Poettering offers a mechanism for tightening up the security of the system startup process on Linux machines, using TPM 2.0 hardware. In brief, what he sees …

  1. Alumoi Silver badge

    ...using TPM 2.0 hardware

    Ha, so now Linux will only run on machines that can (officially) run Windows 11. And maybe there will be a little pop-up during boot telling you to upgrade to Windows 11 for a better experience?

    1. Anonymous Coward
      Gimp

      Re: ...using TPM 2.0 hardware

      "And maybe there will be a little pop-up during boot telling you to upgrade to Windows 11 for a better experience?"

      Nope, I just get offered Arch Linux and off it trots (if I even notice the boot menu flying by)

    2. bombastic bob Silver badge
      Unhappy

      Re: ...using TPM 2.0 hardware

      Embrace, extend, ... (what was that last one again?)

      Of COURSE Poettering is involved in this.

      https://www.youtube.com/watch?v=eD4TLmNyGYA (not the ad, the video content)

    3. Gerhard Mack

      Re: ...using TPM 2.0 hardware

      None of this is mandatory and the existing secure boot can be disabled in the BIOS settings. I already have all of this disabled since I like to run custom kernels.

      1. Missing Semicolon Silver badge

        Re: ...using TPM 2.0 hardware

        "existing secure boot can be disabled in the BIOS settings" for some machines. Not the cheap ones.

        1. Gerhard Mack

          Re: ...using TPM 2.0 hardware

          I would not call that a Linux issue. What Pottering is working on will make the people who fund my paychecks very happy so I don't have complaints as long as I can turn it off.

          1. John Brown (no body) Silver badge

            Re: ...using TPM 2.0 hardware

            "so I don't have complaints as long as I can turn it off."

            But what of the future, when everyone is building system boards with Secure Boot turned on by default and there is NO option to turn it off? For all sorts of reasons, manufactures build for the majority because it's easier for them and those wanting different gradually become more and more marginalised with fewer and fewer choices. Have you tried buying a "dumb" TV recently?

      2. Zippy´s Sausage Factory

        Re: ...using TPM 2.0 hardware

        Definitely not for all machines. And if they're pulling stunts like this, then I suspect MS might soon start saying that if it can be disabled, then you won't be getting OEM Windows any more...

        1. Gerhard Mack

          Re: ...using TPM 2.0 hardware

          More likely at some point it will just fail to boot if it doesn't have the TPM enabled for it's boot. Anything else will generate too much of a backlash since Microsoft does not own most of the server market.

        2. bombastic bob Silver badge
          Devil

          Re: ...using TPM 2.0 hardware

          Unless I buy a used machine on e-bay (or similar) I typically build it myself using "gamer" motherboards, then install FreeBSD or Linux on it.

          Those gamer motherboards tend to NOT require 'secure boot' (if they did I'd never buy their brand EVAR again!) as they are intended for people like me who do NOT settle for "the defaults". And I bet I can build something as good as or better than something from a major computer maker that costs as little as HALF as much, without an OS because downloading Linux or FreeBSD and burning+booting the DVD is all I need.

          1. John Brown (no body) Silver badge
            Happy

            Re: ...using TPM 2.0 hardware

            " because downloading Linux or FreeBSD and burning+booting the DVD is all I need."

            Really? How quaint! I just create the bootable USB stick image. :-)

      3. davcefai

        Re: ...using TPM 2.0 hardware

        Yes, but for how long?

    4. John Smith 19 Gold badge
      Thumb Down

      ...using TPM 2.0 hardware

      Indeed.

      That would be the issue with this.

      In theory. Yes.

      In practice. What does MS really care about?

      Anyone saying "Improving the user experience" is too f**kwitted to participate in the discussion.

  2. oiseau
    WTF?

    *I* propose ...

    Lennart Poettering proposes tightening up Linux boot process ...

    Yes?

    Well ...

    How about I propose he tightens up his bloody mouthhole?

    ... and for those who don't want others, or corporations, to be able to control their computers.

    Yes, I am and will always be one of those.

    What about it?

    O.

    1. VoiceOfTruth Silver badge

      Re: *I* propose ...

      While I share some of your sentiment the thing is... kernel development is mostly in the hands of people who are paid to do it. The "anyone can contribute" is a bit of myth. In theory that is true, but in practice it is not really. So the "doers" do and the "don't doers" don't. We can see this with the top contributors to the kernel are companies.

      I don't count writing a driver as contributing to the kernel any more than somebody who writes a Windows driver is contributing to the NT kernel. I know it's different, but a driver is a driver not a kernel.

      1. jake Silver badge

        Re: *I* propose ...

        "The "anyone can contribute" is a bit of myth."

        Bullshit. Anybody[0], even you, can contribute to kernel development. If you're not a coder, documentation always needs work.

        [0] Unless you get kicked out for not playing nice with others, as so ably demonstrated by one Mr. Poettering.

        1. VoiceOfTruth Silver badge

          Re: *I* propose ...

          Congratulations on failing so badly to understand my point.

          Poettering (whether you or I agree with him or not) contributes to the kernel. He has a say. A very large number of people who complain about his work do not themselves contribute so much as a line of documentation (as you rightly point out, that too is a contribution). The people who "do" do, and the people who "complain" complain. Complaints will fall on deaf ears because 99% of Linux users do not contributed a single thing. They are users, not contributors.

          1. jake Silver badge

            Re: *I* propose ...

            "Poettering (whether you or I agree with him or not) contributes to the kernel."

            Present tense, plural? Presumably you are prepared to prove this assertion.

            Oh, I understand your point alright. Methinks you should consider a new handle.

    2. Dazed and Confused

      Re: *I* propose ...

      > Lennart Poettering proposes tightening up Linux boot process ...

      Given Lennart Poettering's history when it comes to security he's hardly a good one to lecture us is he. This is the man who invented systemd and moved us from the classic init model with a tiny attack surface to the monster systemd with a massive attack service. He's clearly never heard of "least privileges" he's clearly never heard of modularization or he'd never have included network functions into the orphan catcher, let us remind ourselves that PID 1 is so critical that if you can kill it the kernel dies! Systemd is much bigger than a classic init and therefore will contain a lot more potential bugs and possible ways of dying.

      I know he's now departed from RH but has he forgotten everything he ever knew about RHEL? You need to be able to build your own initrd files. Just look at how many config files are on there and are acted upon before we perform the pivot to the "real" root disk. You want to set load time options on drivers (I know drivers should use SYSFS and udev for tuneables but they don't all do it and some are a pain to implement that way) then you need to write a modprobe.d/*.conf file and you then need to get that onto your initrd as the driver is loaded from there and not from the real root. Even the bloody hostname is read from the initrd, look at your logs file in the first week after boot FFS!

      Then there is the issue that system vendors often provide "tweaked" versions of drivers. For example HPE have drivers on the SPP, for RHEL8 these are digitally signed but not by MS they're signed by HPE and since they produced the FW they've loaded their own secure boot public keys into the FW's keystore. BTW they've also loaded the SUSE public keys, not just the MS ones.

      Since these drivers are signed for secure boot there is no problem with using them with secure boot enabled.

      1. Anonymous Coward
        Windows

        Re: *I* propose ...

        "the classic init model"

        Miguel van S's vision was lovely and all but bloody hard to work with. All those scripts and symlinks. Not to mention SuSE and RH and Mandrake/whatevs, Debian, Yggdrasil, Slackware and uncle Tom Cobbley and all having their own somewhat weird varieties of a very weird service start up scheme.

        I recall deploying daemontools on Mandrake for Qmail and thinking "this works but its not pervasive". I ran Gentoo for many years too, here and there - yay, another init system rc n that - Uberlord did a remarkable job with that. The network setup was a work of art years before NetworkManager turned up and did the job properly. Arch used to do a weird BSD style init. Ubuntu went somewhat deranged with upstart.

        Classic init! Fuck me what a bloody mess - all of them. How many times did you end up putting in dodgy work arounds in a local script. "systemctl edit lol" - genius! That last command enables you to make your own changes to a service in a deterministic way. classic init never worried about the sysadmin or end user but systemd does.

        1. Anonymous Coward
          Anonymous Coward

          Re: *I* propose ...

          I think both DJB and Poettering have a lot in common - they both seem to want to do things differently for some perceived advantage that isn't apparent to 99.9% of the human race.

          1. Anonymous Coward
            Anonymous Coward

            Re: *I* propose ...

            Considering that 99.9% of the human species has no idea what the Linux boot process is, or isn't even aware that it exists inside those shiny magic boxes they buy - yup, you're technically right.

        2. Graham Dawson Silver badge

          Re: *I* propose ...

          If all that systemd did was replace the init with a bunch of nifty tools, it would be tolerated. It doesn't need to take over logging, cron, device management, DNS, hostname provision, network management, interprocess communications, home directory management, ntp, container management, and everything else poettering sets his sights on.

          And don't reply with any variation of "it's modular". The modules are all non-trivially interlinked, with core system components such, as udev, now being so deeply tied to systemd that they cannot be used independently.

          1. FeepingCreature Bronze badge

            Re: *I* propose ...

            Though note that the eudev fork exists.

            1. Steve Graham

              Re: *I* propose ...

              I use mdev, which is in fact BusyBox, but I tolerate the violation of "do one thing and do it well" because it's still lightweight and does what I need. (Which is mainly auto-mounting a USB drive with a descriptive mountpoint name.)

              1. jake Silver badge

                Re: *I* propose ...

                Arguably BusyBox does do one thing, and does it well... it packages a customizable set of core tools (including init and the fore mentioned mdev) in as minimal a footprint as possible. Kinda handy in embedded work, and other low memory situations. Recommended.

            2. jake Silver badge

              Re: *I* propose ...

              Yes, eudev exists.

              But it exists ONLY to get rid of the systemd-cancer clusterfuck.

              What a wonderful world we would live in were that need were unnecessary.

          2. oiseau
            FAIL

            Re: *I* propose ...

            ... doesn't need to take over logging, cron, device management, DNS, hostname provision, network management, interprocess communications, home directory management, ntp, container management, and everything else ...

            Indeed ...

            Like I have said before:

            ---

            Systemd is a virus, a cancer or whatever you want to call it. It is noxious stuff.

            It works just like the registry does in MS operating systems.

            It's a developer sanctioned virus running inside the OS, constantly changing and going deeper and deeper into the host with every iteration and as a result, progressively putting an end to the possibility of knowing/controlling what is going on inside your box as it becomes more and more obscure.

            Systemd is nothing but a putsch to eventually generate and then force a convergence of Windows with or into Linux, which is obviously not good for Linux and if unchecked, will be Linux's undoing.

            There's nothing new going on here: it's nothing but the well known MSBrace at work.

            Now go and tell me that Microsoft has absolutely nothing to do with how systemd is crawling inside/infecting the Linux ecosystem.

            ---

            This started over 25 years ago and was finally put out into the light thanks to the infamous 1998 internal MS report.

            Like if the browser wars were not enough to catch it.

            It is in many ways understandable that the problem at hand is still absolutely transparent for the every day home user who only wants to browse, chat, send web mail, watch porn or play games.

            By the time it is evident to them it will be far too late to do much about it.

            But anyone else ie: involved with their PCs/servers/etc. installations and with a modicum of experience with their hardware who at this stage does not understand what has been/is going on has their brain-box either buried in the sand or up their ass.

            O.

        3. jake Silver badge

          Re: *I* propose ...

          "How many times did you end up putting in dodgy work arounds in a local script."

          I think I can safely say that in around half a century of working with various forms of UNIX init scripts, I have never done that in a production system. From here it looks like your gripe is your own inability.

          Remember back when it took more than installing Ubuntu to be called a sysadmin?

          1. Anonymous Coward
            Anonymous Coward

            Re: *I* propose ...

            It's not like the rc mechanism is very difficult (They seem to be complaining about rc and not init). The rc scipt basically contains a section

            for i in /etc/rc.$runlevel.d/*

            do

            $i start

            done

            What's the problem?

            1. Anonymous Coward
              Anonymous Coward

              Re: *I* propose ...

              Bugger! typos

              for i in /etc/rc.$runlevel.d/S*

              1. bombastic bob Silver badge
                Linux

                Re: *I* propose ...

                I think there is a numeric sort in there somewhere also, so that S01* is done first, S02* next, etc. but yeah what you said

                Simple. Easy to understand. Easy to fix and maintain. "Do one thing, well"

                And in particular, requires no monolithic "weak point" to work

                1. Havin_it
                  Boffin

                  Re: *I* propose ...

                  Assuming the numbers in the names are all zero-padded as your examples are, the glob should return them in the desired order already through the default alphabetic/lexical sorting.

                  1. Anonymous Coward
                    Anonymous Coward

                    The glitch in init (not that systemd is a great solution to this)

                    was that it wasn't great about deterministic loads, and while you could control the order they loaded in, unless you forced the system to wait for each to finish loading successfully before going on to the next line(also quite slow), you couldn't guarantee that a service would be ready when you loaded a dependency.

                    So we needed an Init update, but systemd was never willing to stop there and just do a good job of that. Instead it broke and rewrote most of the basic system config files and startup process, forcing new commands and syntax and breaking decades of tooling. None of those problems were necessary to solve the problems with initd. All of them have since been sovled by other PID 1 solutions that aren't systemd, better in most cases.

                    But the damage is done as long as the big mother distros use systemd's cancerous mass of dependencies it's too much hassle to maintain both systemd and another PID 1 manager without still requiring systemd. Just like it is too much work for most of the re-mix distros to maintain a fork that deep. The only route I can see out of it would be to team up with one of the BSDs to support their config and initialization system with a Linux kernel to make the forking more manageable. Slackware was close to that back in the day, and last I looked still blessedly systemd free, but as a one man show it wouldn't even be fair to ask of him to take that kind of mess on.

          2. MrBanana
            Devil

            Fixable

            I've not put dodgy workarounds into init scripts. But I have put carefully crafted fixes into them on a few occasions, including production environments. And I could do so very easily, as it was just simple debugging and editing a basic shell script. When systemd went tits up on me... fuck what a nightmare. Over an hour to track down any kind of debugging logs, and even longer to wind through the maze of config files to try and fix it. I cannot wait for Microsoft to get to Extinguish, for Mr Poettering.

            1. bombastic bob Silver badge
              Unhappy

              Re: Fixable

              I just got done spending HOURS trying to trace down whatever it was that was causing power button behavior to be "that way". No simple acpid, no, no, HAD to be logind as a part of systemd, and after HOURS of searching docs AND an e-mail to the board maker (a board similar to RPi that had a power switch thing on it that wasn't very well documented) I discovered (without their help) that logind was sending 'power key' events to the GUI and xfce-power-manager was handling it [so I had to alter THAT config file, and not one at system level].

              In the days of 'init' this was a LOT easier to track down!!! [but the board has IT'S flavor of debian,with special drivers, and so I have to deal with that cancerous malignant tumor known as 'systemd').

        4. -v(o.o)v-

          Re: *I* propose ...

          Ah, NetworkManager. Another crapshow from the loonies at freedesktop.org. Bane of server administrators around the world.

          There is no place for this crap on a server. I know how to configure a network interface and once it is configured it stays that way.

          It is totally crazy that Red Hat forces these on servers.

      2. Frumious Bandersnatch
        Windows

        Re: *I* propose ...

        He's clearly never heard of "least privileges"

        "Zero Truss" as we call it around these parts...

        (too soon? too late? Welcome to Groundhog day...)

        1. TimMaher Silver badge
          Pint

          Re: *Truss”

          Nice comment @frumious, perhaps she is a Jubjub bird?

      3. TVU Silver badge

        Re: *I* propose ...

        "Given Lennart Poettering's history when it comes to security he's hardly a good one to lecture us is he"

        Indeed, given all the damage that he has already done over the years. I'm with the sloth on the gif on this one, "How about...No!".

    3. vtcodger Silver badge

      Re: *I* propose ...

      If Potty favors it, I'm against it?

      Yeah, I think I can live with that.

      (And I can sure as hell live without TPM, UEFI and secure boot -- at least on my own home machines. Might feel differently if I were crazy enough to sign up for the thankless and very likely impossible task of securing the software on corporate machines.)

      1. jake Silver badge

        Re: *I* propose ...

        "Might feel differently if I were crazy enough to sign up for the thankless and very likely impossible task of securing the software on corporate machines."

        A riff on that thought ... In early 1981[1] I was working for Bigger Blue when the PC-DOS 0.98 beta & original IBM 5150 PC came out in pilot build ... everyone in the Glass House looked at each other and said "WTF is IBM thinking? Thank gawd/ess it can't do networking!" ... The rest, of course, is history.

        [1] I can't remember the exact month, but it was raining when I signed for the new kit. Naturally.

  3. b0llchit Silver badge
    Mushroom

    TPM? No thanks

    I have ten fingers.

    Please identify the two relevant, centrally located ones, to show. I'm already showing them for you to identify.

    1. wolfetone Silver badge

      Re: TPM? No thanks

      You're only using two of them?

      Why not use 3? Tell him to read between the lines.

      1. georgezilla Silver badge

        Re: TPM? No thanks

        " ... Why not use 3? Tell him to read between the lines. ... "

        Because in my opinion, I doubt that he's capable of understanding what it is that you mean. He can't see the metaphorical "lines".

    2. BenDwire Silver badge

      Re: TPM? No thanks

      You forget that El Reg is now a US centric site: Only a single middle finger is required.

      1. georgezilla Silver badge

        Re: TPM? No thanks

        " ... a US centric ... "

        As an American i resent that.

        < showing my "pinkie" in your general direction >

        1. BenDwire Silver badge
          Angel

          Re: TPM? No thanks

          Please, no offence was intended.

          But "Pinkie in my general direction"? Are you drinking tea at me ?? Or is your mini-me flexing its muscles ???

          Peace and love, cousin.

          1. Anonymous Coward
            Anonymous Coward

            Do you bite your thumb at me sir?!

            Leave the style guide for the people drawing paychecks with vultures on them. The rest of the new kids in the forums will get used to being insulted in both version of english soon enough.

            It might be different if your little island wasn't so devilishly good as dishing out such abuses. You'd have to dig around an army base in the deep south to find something near as poetic. Or silly. "Devil damn thee black thou cream-faced loon" manages both admirably, as did the last cabbie I had in London.

      2. drankinatty

        Re: TPM? No thanks

        one finger ... That's just to show how many friends he had before his dog died.... Never saw the need for TPM on home machines (or small office for that matter). If you play a TPM 2.0 lockout out to its logical conclusion, there would be no more build your own kernel or initrd image, no way to sign for the normal person. What then, download your pre-built and M$ signed kernel from the windows download area? No thanks. GPT boots fine without UEFI or TPM, and long may it be that way.

        1. Anonymous Coward
          Anonymous Coward

          Re: TPM? No thanks

          Let us not cross the line between strongly worded criticism, which may legitimately include questioning someone's competence or allegiance, and gratuitous ad hominem attacks, shall we?

          1. oiseau
            FAIL

            Re: TPM? No thanks

            ... gratuitous ad hominem attacks, shall we?

            Yes, you're right.

            But it's not only a question of competence or allegiance anymore.

            It is way beyond that now.

            Poettering's incompetence has been there for all to see for the longest while, not news and examples abound.

            I've always suspected his allegiance, been criticised for saying so but now that is also now out there for all to see.

            Poettering is the brainchild of what will be the end of privacy/independency for all of us wanting to use a computer.

            He first screwed up Debian and now he wants to screw up everything else.

            He knows what he is doing and why.

            So, ad-hominem or not, I want him to get his bloody paws off my #$"&= computer.

            O.

            1. Dave314159ggggdffsdds Silver badge

              Re: TPM? No thanks

              So basically, you don't know anything, but you don't like him so you're making stuff up? Got it.

              1. Michael Wojcik Silver badge

                Re: TPM? No thanks

                Angry that someone's taking a page from your book, Dave?

                1. jake Silver badge

                  Re: TPM? No thanks

                  Projection has become the new black.

  4. Lorribot

    Someone points out what they perceive to be a weakness in the boot process of Linux, offers up some suggestions on fixing it and all Linux people can focus on is that Microsoft are trying to take over the world (Google already have that covered) and destroy Linux.

    Would seem to me that the noisy minority that advocate Linux seem to be doing a great job of turning people off the OS with their rude and condescending attitudes.

    Open Source obviously doesn't always mean open minds.

    1. Richard 12 Silver badge

      Depends on the someone

      In this case, there is a lot of prior history proving that while the overall idea might be reasonable, neither of the entities related to the proposal should be permitted within ten thousand miles of the implementation, because they will screw it up.

    2. Will Godfrey Silver badge
      Unhappy

      May I remind you (as reported in this very rag) that other security 'improvement' - so-called secure boot - has proved to be a vector for malware?

      Fool me once - shame on you.

      Fool me twice - shame on me.

      1. oiseau
        Facepalm

        Fool me twice - shame on me.

        Well ...

        I beg to differ.

        In matters regarding security -> Fool me twice? -> I'm a certified idiot.

      2. georgezilla Silver badge

        Fool me once- shame on me.

        TRY to fool me twice ...............

        Fuck off. Just fuck off!

        And neither Microsoft, nor Pottering have ever fooled me.

        1. Vometia has insomnia. Again. Silver badge

          MS managed to fool me when I was a kid with no experience of computers. I remember being confounded for ages by "but it has MS BASIC which is supposed to be some sort of gold standard... but it's crap." I was 13 or 14 and not yet cynical enough.

          1. jake Silver badge

            It's pretty sad commentary that Microsoft considered MS-BASIC to be a part of their crown jewels ... worse, people actually believed them! I hear the Emperor is getting a new suit fitted ...

            1. Vometia has insomnia. Again. Silver badge

              What I found to be quite interesting was my experience of using VaxBASIC quite a few years later (this would've been when I worked at DEC rather than my time at college: lecturers at the latter were obsessed with Pascal, Modula-2 and the usual academia-oriented stuff) and thinking, "hmm, this looks familiar": I'd used various other BASICs by that point e.g. BBC BASIC (one of the main instigators of that "but it's crap!" feeling about MS BASIC, but not the only one) and thinking VaxBASIC felt oddly familiar; kinda like MS BASIC but actually good, with proper structured programming and so on. Obviously any speed comparison was meaningless: as much as I liked the 6809 of my first computer, a 900KHz example running an interpreter is hardly a fair match for compiled BASIC on a Vax KA46 CPU at 40MHz or whatever it was our Vax 6000 cluster had a dozen of, but it was clearly a much better implementation.

              The relevant bit is that it was of course a re-implementation of DECBASIC from the PDP-10, which AIUI was much the same (at least going by the documentation: if DEC still had any 10s running when I was there, I never found them, and didn't use it on my college's 10s); and Gates famously (mis)used his university's PDP-10 back in the day which was probably a key part behind him "dropping out". It was interesting when MS finally published the source code for their 8-bit-era BASIC, possibly an immediate forerunner of what teenage me had encountered all those years before; not least all those idiosyncratic 6.3 filenames. I mean I'm sure that was just a sign of the system they shouldn't've been using to cross-compile it and not evidence they'd been influenced by the source code that would've been available on the same... but theirs did seem remarkably similar, just less good.

      3. bombastic bob Silver badge
        Megaphone

        There are 2 things that can be done to any computer to secure the bootup

        1. a jumper on the motherboard that disallows writing anything but TRIVIAL CONFIG to the BIOS (etc.) unless you physically remove it (installed by default) [such trivial config excludes things like BOOT ORDER]

        2. A proper OS that does not allow unprotected writes to the boot partition or OS files (like Linux or the BSDs).

        Couple THAT with "no physical access to the computer" and proper settings (i.e. no net boot) and you're fine. NO NEED for "[in]secure boot"

        1. Binraider Silver badge

          Lots of 80s computers solved this with the OS largely in ROM.

          Now calling commodore basic an OS is a bit of a stretch, but Amiga/Intuition is not.

          1. John Brown (no body) Silver badge

            "Now calling commodore basic an OS is a bit of a stretch, but Amiga/Intuition is not."

            Of course, having to patch the "OS" on every boot by having the correct version of setpatch with the correct options in startup-sequence causing many issues with different software, especially for the uninitiated. It's not really a great example of a "secure" OS in ROM :-)

            1. Binraider Silver badge

              The point was the content in ROM can't (easily) be faffed with. Faffing with it post-boot because reasons is something else!

              1. John Brown (no body) Silver badge

                And I agree, it's a very good point. If it's truly unfaffable :-) But most ROM based OS (or BIOS and similar) have "hooks" so external programs can "patch in" to change how things work and setpatch on AmigaDOS/Intuition is a prime example of that.

                I would imagine that it's primarily embedded system or areas of very very high security that would be running kit with immutable, un-patchable, hook free ROM based OS :-)

        2. Anonymous Coward
          Anonymous Coward

          Fine, but then you can still walk into a colo with a screwdriver

          And crack a box wide open. Some of the use cases are to protect systems at rest, even with limited access to hardware. Not that I want Lenny deuce to own that process at all, but something that looks alot like what they propose would be needed to bolster those protections.

          Sadly this will end up joining the rest of the cancer that dolt insists on making, and will probably be the basis for the "Ad supported" computers M$ has started chatting up.

          Best of luck with that lads. Leave us something funny in the TPM we can post when it gets cracked due one of LP's screw ups causes the new secure bootloader to get Punkt. Betting pool anyone?

    3. tekHedd

      "Someone points out"

      Saying "Someone" when it's Lennart talking about Linux is intentionally misrepresenting the issue.

      Lennart Poettering points out something he perceives as a "weakness" in Linux? Translation: they've found what they think is a weakness in the Linux ecosystem and are about to go on the attack. This is not about improving Linux for anyone but Microsoft.

      The word "disingenuous" doesn't even begin to describe what's happening here.

      1. Anonymous Coward
        Anonymous Coward

        Re: "Someone points out"

        Have you actually read the post? There really is a snag with attestation in Linux. Find mjg's (Matthew Garret) blog and have a good read.

        There is a problem with attestation and it isn't a German bloke wot is trying to improve the situation in Linux. Attestation is being able to cryptographically prove or enforce from power on to logon that the software in use is what is desired. Who does the desiring may not be the end user.

        There are a few snags here. Who is the root authority? At the moment it seems to be Microsoft and Microsoft alone. That is the alarm bell - I have nothing against MS but they are a foreign commercial company. They certainly don't have my best wishes at heart.

        There are villains in this story but LP is not one of them.

        1. georgezilla Silver badge

          Re: "Someone points out"

          " ... There are villains in this story but LP is not one of them. ... "

          When you knowingly and willingly work for known "villains" that actually makes you one too.

          1. seven of five

            Re: "Someone points out"

            Maybe he just followed orders?

            1. bombastic bob Silver badge
              Big Brother

              Re: "Someone points out"

              Maybe he just followed orders?

              Whenever a (sinister) agenda exists, those at the top (read: evil overlords) tend to hire others (read: minions) that are like-minded so that they do not HAVE to be given orders. It is all part of the "plausible deniability" coverup "Plan B". Just in case.

              Key words: "You know what to do"

        2. Lorribot

          Re: "Someone points out"

          Is this a vector for attack or is it just a bunch of FUD (its a binary answer)

          Does it need to be looked at by those that manage these things (again, a binary answer)

          Is the proposed solution the best on offer (again, a binary answer)

          Are there other solutions, such as do we need a Open Source UEFI thingy (here we go analogue and open up the debate)

          This is what open mind means, review all data from whatever source and come to a conclusion on the best course of action to address an issue if it actually exists.

          Responding "the guy is a dick head Microsoft nut case therefore nothing needs to be done" is just head in the sand, going get rammed in the arse type mentality.

          1. dl1jph

            Re: "Someone points out"

            There's one crucial question you've forgotten - "Does the proposal actually fix the problem?"

            So yes, there is an issue here, at least for large companies running large linux server fleets and trying to keep their ducks in a row (let's not forget that M$ are one of those now - not something I ever expected to say out loud). The more paranoid among us wouldn't mind a decent solution either.

            Is the proposed solution a good one - Yes, because it's simple and gets the job done.

            Are there other solutions - Possibly, though I'm not aware of any that aren't some (older) variant of this one.

            Does is actually fix the problem - Only partially. We still have to put an undue amount of trust in a single, far from neutral, actor with a long history of extremely shady behaviour. As long as secure boot does not allow for the authentication keys to be changed by the machine's owner, this problem will remain, no matter how much the remaining process gets secured. Even if that were to be fixed, we still have to trust the hardware itself, though that's a bit less bad (more options/competition).

            1. ChoHag Silver badge

              Re: "Someone points out"

              > Does the proposal actually fix the problem?

              The problem of Linux being a bloated mess which requires a separate ram disk to boot, making the attestation problem an order of magnitude more complex than is necessary? No. They did not fix that.

              1. AJ MacLeod

                Re: "Someone points out"

                Since when has Linux required a separate ram disk to boot? You really shouldn't comment on things you know nothing about.

            2. Anonymous Coward
              Anonymous Coward

              Re: "Someone points out"

              > We still have to put an undue amount of trust in a single, far from neutral, actor with a long history of extremely shady behaviour.

              …which is under US control.

              That alone is a reason why this will not actually fly.

            3. Anonymous Coward
              Anonymous Coward

              Someone points out cognitive D

              "Yes, because it's simple and gets the job done"

              "Does is actually fix the problem - Only partially"

              So it doesn't get the simple part of the job fully done and creates a bunch of larger concerns?

              So it doesn't get the job done

              So it doesn't fix the problem

              And per form, when LP get's something wrong, he fights instead of fixing it. And once one if his frankenhacks sets up shop, it blocks other projects from being adopted.

              So I'm not saying he's wrong about the problem needing to be fixed, just that he shouldn't be the one architecting this, and he neither takes direction well nor plays nice with others. By prior history, by the time he finished publicly disclosing enough of the details it will be too late to stop any of the problems that arise.

          2. John Brown (no body) Silver badge

            Re: "Someone points out"

            "(its a binary answer)"

            Requesting, even demanding a binary yes/no answer is rarely helpful. In the vast majority of cases, it more nuanced than that. It's the sort of thing lawyers do in court when they want the jury to misunderstand a witnesses testimony and create a narrative pointing in a favourable and not necessarily truthful or correct direction.

        3. Steve Davies 3 Silver badge

          Re: There are villains in this story but LP is not one of them

          Correction,

          He is very much one of them. As an agent of MS you have to wonder if he is doing his best to make Linux Extinct.

          I don't like systemd but I've learned to live with it. From a user POV it is ok but internally, it is IMHO, akin to the Windows Kernel, a mass of interconnected code that has patches of top of patches on top of patches.

          LP has a lot to answer for when it comes to Linux but crying over systemd is a waste of time. That ship has sailed.

          1. Graham Cobb Silver badge

            Re: There are villains in this story but LP is not one of them

            Upvote for the systemd comment... it may be crap but it is the option the real world has agreed to use to startup modern Linux environments. Live with it.

            However, I don't think Microsoft want to make Linux extinct. I have said it before, and I have not seen anything in the last 5 years to change my mind: Microsoft aren't interested in the OS business any more, and would be very happy to let that be Linux. They see two sources of money:

            1) The tax on all new end-user PCs (aka Windows licence). They know this is gradually disappearing but they want to keep their hold over client PCs (not servers) as long as they can. This is the only reason they continue to invest in Windows at all and they know it won't be long before the world stops being willing to pay. They have already prepared for the end of this stream by adopting Chromium as the basis for their browser so that they can just ship that, running on Linux, instead of an OS once they decide to exit Windows altogether.

            2) Enterprise and personal software. This is no longer a software business, of course, it is a services business. This is where their future money comes from. All pay-as-you-use. For consumer and business users - with whatever device or OS they are using. Increasingly consumers will use Apple or Android devices and enterprises will use Linux PCs - they want to make sure they all use Microsoft SaaS apps.

            1. jake Silver badge

              Re: There are villains in this story but LP is not one of them

              "it may be crap"

              No "may be" about it. It is crap. 100% grade A pig shit, in fact.

              "but it is the option the real world has agreed to use to startup modern Linux environments."

              Bullshit. Redhat's Management decided to use it to make Linux look closer to Windows, purely for marketing reasons. Nobody else was asked their opinion, probably not even Red Hat's engineering department. Then Debian (which was in the middle of a not very civil war over control) had a very dodgy vote on whether or not to use it. The winners of the civil war went with the clusterfuck as proof of their new-found power, despite pretty much the entire technical side not wanting it.This precipitated the Devuan split

              Pretty much all of the rest of the distros that switched to it were using the RedHat and Debian repos. The ONLY reason they made the switch is because their devs were either too ignorant, too apathetic, too lazy, or too technically incompetent to actually build their own distro, they preferred piggy-backing on the two primary distros.

              The "RealWorld" was never even asked their opinion, much less allowed to agree on anything.

              "Live with it."

              I don't think so, Sunshine. I run Slackware.

          2. Mike_R
            Linux

            Re: There are villains in this story but LP is not one of them

            Suggestion: Have a look at MX Linux; some faults but two possibly great advantages:

            No pottering by Poettering

            A very (in my opinion) convenient backup method

        4. Corporate Scum

          There are villains and LP is also one of them

          Not the only one, and perhaps in the fullness of time not the worst. But is refuses to work with the community once he has decided in his head how he wants to do something, he has no heed for causing problems for other teams or end users, and makes no attempt to limit the sprawl or isolate the scope of his work to the minimum needed to solve the problem at hand. He has done this over and over.

          The key line from the article was that comment about "needs some work". I've seen LP ramrod one major change after another into the Red Hat code base while ignoring negative feedback and alternate ideas to many times. The secure boot process needs work, and it needs to be done by people that can take criticism and will change their approach if someone points out issues with what they are doing. And it absolutely needs to treat parties other than Microsoft and Red Hat as first class citizens.

          Happy to see him do it the right way for a change, but his performance is remarkably consistent in that regard, all the way back to the pulse audio train wreck. Putting him up for this task is like putting a cruise ship operator up for running the NHS.

    4. Ideasource Bronze badge

      If the goal is to secure the system against utility, then Microsoft argument makes sense.

      reduce that to its simple form of verbage and proper orientation and we are essentially talking about Microsoft demanding sabotage rights.

      So yeah they got called out their inappropriate objective and manipulative methodology.

    5. Anonymous Coward
      Anonymous Coward

      Re: Open Source obviously doesn't always mean open minds.

      Except this is a proposal which basically stops everything being open source.

      The reason the whole open source movement started was so that people could control their own software, they could make changes they needed. This proposal is explicitly intended to remove that freedom.

      1. Anonymous Coward
        Anonymous Coward

        Re: Open Source obviously doesn't always mean open minds.

        I'd say it's UEFI step 2.

        UEFI was originally designed to ensure you could no longer install Linux without, well, permission from Microsoft. Coupled with the usual discount blackmail of OEMs who only got license "discounts" if they installed Redmond's global virus on all new systems, the idea was to make it as hard as possible to install Linux on a new machine. The problem was that that became too blatantly obvious monopol;y behaviour which would (again) get them into troubel so they backed off just enough to make that harder to prove.

        This is simply step 2 after a long campaign of make believe playing nice with Linux.

        It's not that I don't understand it, it's all about lots of money. It's just the underhand way in which they go about it that really pisses me off. It's almost as if they are scared of honest competition, which raises the question: why?

        1. Anonymous Coward
          Anonymous Coward

          Re: Open Source obviously doesn't always mean open minds.

          UEFI grew out of EFI which was Intel's baby. Most early EFI based systems didn't have an x86 processor and very very few of them ever saw a Microsoft OS. Intel handed control of the spec over to the Unified EFI forum when they realised it was never going to take off if they insisted on keeping control. OK Microsoft are a member of the forum but then so are AMD, ARM, Intel, Apple, Dell ... See uefi.org.

          There are open source implementations of UEFI, you can configure QEMU/KVM based virtual machines to use these.

          The bit which MS is trying to control is the secure boot feature where they place contractually limitations on systems which are certified to run Windows, but you can have systems which provide non MS keys in their FW out of the box. Manufactures tend to put their own keys into their FW so that they can produce support tools.

          Have a look under /sys/firmware/efi and you can see the secure boot keys your system has.

        2. Anonymous Coward
          Anonymous Coward

          Re: Open Source obviously doesn't always mean open minds.

          "It's almost as if they are scared of honest competition, which raises the question: why?"

          You obviously haven't used Windows 11 or you'd know the answer to that question!

          1. jake Silver badge

            Re: Open Source obviously doesn't always mean open minds.

            "You obviously haven't used Windows for the last decade and a half or you'd know the answer to that question!"

            FTFY

        3. ske1fr
          Windows

          Re: Open Source obviously doesn't always mean open minds.

          "It's almost as if they are scared of honest competition, which raises the question: why?"

          Competition, particularly honest competition, prevents monopoly. A market means choice. This is Microsoft. They have form. They only back down when faced with litigation and potential for losing their place as the biggest kid in the sandpit. (I guess hanging around economists must have given me some basics. Or fleas.)

    6. werdsmith Silver badge

      Would seem to me that the noisy minority that advocate Linux seem to be doing a great job of turning people off the OS with their rude and condescending attitudes.

      Yes. But you can’t say it here. You will make people cry, which is not very nice.

      Yes Linux’ worst enemy is indeed the approach of Linux zealots, but you can’t tell them that. And trying to gaslight everyone about Microsoft when their own house isn’t in order is really not helpful either. There are other alternatives, I’ve long since become sick of Linux.

      1. Anonymous Coward
        Anonymous Coward

        There are other alternatives, I’ve long since become sick of Linux.

        You're very welcome to use Microsoft software - it's your problem. Some people, however, work at a level of security and confidentiality that pretty much excludes their products, and who have in general a massive aversion of being lied to.

        As for Linux, let me put it this way.

        I'm about to start up a number of businesses that as of next year need in the region of 30..40 people who have a deep level of IT expertise, and a number of developments suggest I may have to double that before the year is out. If they haven't worked with Linux to more than just end user level they will not even make it past first screening.

        Are there zealots? Yes, and they are of no use to us because zealotry and fanatism means having a closed mind to options. Enthusiasm is great, but it should never cloud objectivity. It is exactly that objectivity that made us exclude a number of companies from our IT platform - we look at the complete picture, and risk exposure also comes at a cost.

    7. georgezilla Silver badge

      " ... with their rude and condescending attitudes. ... "

      Well we actually wouldn't need to be, if it weren't the only way to deal with some people.

      " ... Would seem to me ... "

      Which is actually "rude" and "condescending". Ironic, isn't it.

    8. eldakka

      Would seem to me that the noisy minority that advocate Linux seem to be doing a great job of turning people off the OS with their rude and condescending attitudes.

      That's an interesting statement to make about the most widely used operating system in the world.

    9. b1k3rdude

      Er thats not what said group are saying, even I as a non linux persona recognise and understand TPM and SecureBoot(which is nothing of the sort) are both a bad thing.

      On a parltly related note, I got around to doing a RL test of Win11 on a non-critical potato (media PC). No Tpm, No SecureBoot and far below the rec-specs and its running just fine.

      1. ske1fr
        Trollface

        Drive-by update

        It's currently running just fine. Microsoft will be along shortly to fix that for you ...

    10. jake Silver badge

      "Open Source obviously doesn't always mean open minds."

      An open mind doesn't mean having holes in one's head.

  5. The Velveteen Hangnail

    He's with Microsoft?

    This is the first time I heard he works for Microsoft. And yet somehow this doesn't surprise me in the least.

    He's against everything that the "unix way" stands for so naturally he works for the king of monopolistic monolithic software kingpins.

    And naturally his "recommendation" is to inextricably tie the core of linux into Microsoft. What a douche.

    1. Liam Proven (Written by Reg staff) Silver badge

      Re: He's with Microsoft?

      [Author here]

      > This is the first time I heard he works for Microsoft.

      Yep. I wrote about it:

      https://www.theregister.com/2022/07/07/lennart_poettering_red_hat_microsoft/

  6. Ken Moorhouse Silver badge

    Wait for Microsoft to reinvent the wheel...

    No doubt inserting a U into the Initrd process.

    Let's hope we don't need to distinguish between hard and soft varieties...

  7. wolfetone Silver badge

    Out of all the people on the internet, I really wish Poettering would just fuck off. Stick him on a rocket to Mars with Musk and Bezos.

    It's no surprise me to he's decided to go to Microsoft. They couldn't kill Linux while Ballmer flirted with high blood pressure, so they've gone on to Embrace and Extend Linux. This entitled gobshite is now moving them on to the Extinguish stage. First with the systemd cancer, now this bollocks?

    Yet here we are, giving the cretin air time for yet another one of his idiotic, awful, fetishes.

    1. Vometia has insomnia. Again. Silver badge

      I remember the first time I encountered him in the wild. There was a discussion between various developers and users which was the usual mix of friendly, sometimes a bit snarky, and was mostly fairly informed albeit opinionated with a bit of arguing here and there. Just the usual stuff, nothing out of the ordinary; except for this one guy who kept on popping up in various parts of the discussion with the most unnecessarily abrasive, confrontational and childish attitude problem. I was kinda surprised that nobody else was just telling him to fuck off: they were more thick-skinned than I would've been, and if I'd seen someone behaving like that on a forum I moderated I would've banned them. After the nth occurrence, out of curiosity I looked at the name. It was Poettering. That told me all I needed to know.

      1. Anonymous Coward
        Anonymous Coward

        Well, OK, but if you have ever met Richard Stallman in the wild you would not exactly be endeared to Linux either as he comes over as a fanatic with a massive chip on his shoulder combined with a black hole where social skills are supposed to be. When you then talk to him you'll discover that having tenure has allowed him to drift so far off the real world that it's like talking to an unpleasant, hippie shaped alien.

        You wouldn't want him in a team either, but at least he has been at the root of a lot that lives on top of the kernel.

        Anyone joining Microsoft to work on anything Linux is suspect because that work can perfectly be done without joining Microsoft unless there are ulterior motives. For them it's a cost centre so there's another agenda.

        1. georgezilla Silver badge

          " ... if you have ever met Richard Stallman in the wild you would not exactly be endeared to Linux either ... "

          Wellllllll ..................

          I have actually met Mr. Stallman. And as to "endeared" to Linux? 2 plus decades of daily driving Linux says otherwise. I'm not forced to use anything of his. But this is an effort to force me to use Potterings, and Microsoft's shit.

          And it appears that you don't understand that Mr. Stallman actually has nothing to do with Linux. GNU really has nothing to do with "Linux". GNU is just used by OS's that use the Linux "kernel". That's why "some" people insist that if you use a Linux OS that you call it GNU/Linux.

          Linux, GNU are two different things.

          So yes, I have met him. And usually he can fuck off just like Pottering can. And I will keep using Linux in spite of them.

          1. ChoHag Silver badge

            I'd just like to interject for a moment.

            What you're referring to as Linux, is in fact, GNU/Linux, or as I've recently taken to calling it, GNU plus Linux. Linux is not an operating system unto itself, but rather another free component of a fully functioning GNU system made useful by the GNU corelibs, shell utilities and vital system components comprising a full OS as defined by POSIX.

            Many computer users run a modified version of the GNU system every day, without realizing it. Through a peculiar turn of events, the version of GNU which is widely used today is often called "Linux", and many of its users are not aware that it is basically the GNU system, developed by the GNU Project.

            There really is a Linux, and these people are using it, but it is just a part of the system they use. Linux is the kernel: the program in the system that allocates the machine's resources to the other programs that you run. The kernel is an essential part of an operating system, but useless by itself; it can only function in the context of a complete operating system. Linux is normally used in combination with the GNU operating system: the whole system is basically GNU with Linux added, or GNU/Linux. All the so-called "Linux" distributions are really distributions of GNU/Linux.

            1. Rich 2 Silver badge

              Re: I'd just like to interject for a moment.

              “ What you're referring to as Linux, is in fact, GNU/Linux…”

              Well you may as well call it GNU/BSD/UNIX/POSIX/…./Linux

              Linux is built from a whole load of different stuff so singling out GNU makes no sense. Except to stroke the ego of the GNU people

            2. ske1fr
              Windows

              Re: I'd just like to interject for a moment.

              Potayto, potahto, tomayto, tomahto. I suspect most people don't care what it's officially called, but they care that it works. I care, because it does work, and does what I want it to do. I'vebeen using it for... I've forgotten how long, Mandrake 9.1 long, and I can't even be sure I remember what GNU stands for! Oh, wait! I remember!

            3. Liam Proven (Written by Reg staff) Silver badge

              Re: I'd just like to interject for a moment.

              For those that did not spot this -- it is a quotation, of something _allegedly_ but not really by RMS:

              https://www.gnu.org/gnu/incorrect-quotation.en.html

        2. Vometia has insomnia. Again. Silver badge

          Well, OK, but if you have ever met Richard Stallman in the wild you would not exactly be endeared to Linux either as he comes over as a fanatic with a massive chip on his shoulder combined with a black hole where social skills are supposed to be.

          Yeah, that's what I concluded back in the '90s: the GPL licensing wars and attempts to coerce people into doing things His Way got old fast (specific hate for emacsy-type info pages: just gimme a bloody man page like everything else). However, while GNU could be annoying under his leadership, I still feel he and they are a net good as much as I disagree with a great deal; Poettering seems to be a distillation of all the bad bits and is very much more aggressive in trying to force people to conform.

          1. Rich 2 Silver badge

            “… emacsy-type info pages….”

            Oh, is that where those bloody awful info pages stem from? I didn’t realise

            Obviously, I use Vim :-)

            1. Vometia has insomnia. Again. Silver badge

              Well obviously! It's my editor of choice too. I was finally coerced into using vi about 30 years back having used ed since my college days: they were big on emacs even when the Vax 8650 had 100 students who'd left their coursework until the last minute were all using it at once; I dunno how much memory it had, but "not enough" is always going to be the case there. But I found it easier to figure out ed's "find all occurrences of this and change it" incantation so I stuck with it. Discovering ex at my first job provided a sort of bridge even if its main attraction at the time was "cool, it has a prompt!"

              Anyway, digression aside, I'm still finding stuff it can do after all this time. And I don't even mean the obscure stuff either but basics like using % for "do this on all lines". Yeah, I can say "1,$" but that's two extra keystrokes! Which actually is a big deal for someone who makes as many typos as me. I should probably read a user guide one day instead of only ever looking stuff up when I'm feeling confounded.

              And vim? Well if ex made me go "wow!" because it has a prompt, imagine how I felt when I discovered vim had colour! Truly space-age stuff. I mentioned my amazement to some Java-heads I was working with at the time and they just laughed at me. Bastards.

        3. jake Silver badge

          "Well, OK, but if you have ever met Richard Stallman"

          Misdirection noted.

        4. jake Silver badge

          I've never found rms to be a pain to deal with. He's actually quite easy to work with ... as long as you don't expect him to change to fit into your image of what he should be.

      2. wolfetone Silver badge

        "I remember the first time I encountered him in the wild."

        You've met him in person? You poor bastard.

        1. Anonymous Coward
          Anonymous Coward

          Worse, that happened twice..

    2. Dan 55 Silver badge
      Flame

      This entitled gobshite is now moving them on to the Extinguish stage. First with the systemd cancer, now this bollocks?

      That's what he's getting out of joining MS, he can finally Poeterrise the kernel.

      He'll probably trap it in some pincer movement between secure boot and systemd, requiring code of his at each step to verify previous and next steps, then once he's got his foot in the door he can start with the feature creep.

  8. Maventi
    Black Helicopters

    No mention of the elephant in the room: remote attestation? Lennart makes brief reference of this in his own post: https://0pointer.net/blog/brave-new-trusted-boot-world.html

    This is already being used by popular apps on mobile phones, almost completely killing the custom ROM scene as they aren't 'approved' builds. Windows 11 now requires a TPM.

    Apple and CloudFlare have been quietly bringing this to the web as well: https://gabrielsieben.tech/2022/07/29/remote-assertion-is-coming-back-how-much-freedom-will-it-take/

    Joining the dots start to create an ugly picture.

    1. jake Silver badge

      Remote attestation has it place, or places, in the world of computing ... BUT (and I stress the BUT!) anyone attempting to make it ubiquitous on Personal Computers is evil incarnate.

      It's my PERSONAL computer, it does not belong to the corporate world. What I do on it, and with what, is not any of their business.

  9. hayzoos

    I was tempted to reject outright

    My first thought upon reading the article title was "Oh, what the fuck does he want to do know?"

    Uponn reading the article, I see he has a point. There is a security issue.

    I am familiar with the unified kernel image concept. I had a laptop configured to use one I built with a UEFI shim called straght from UEFI bootstrap. Not much different than building a kernel, then initrd, then configuring a bootloader.

    Now for actually implementing UKI as the defacto standard for Linux bootstrapping, NOT for MS and Poettering to to do or even with a consortium of systemd friendlies. I can already be done with existing tools.

    As far as the boot process being corrupted whilst building an initrd, the same can happen whilst building a kernel, or building anU UFI image. NOT a good reason to push an MS/Poettering/RH/Debian systemd like solution to the problem.

    OK, so I still reject the proposal based on track records.

    1. DrSunshine0104

      Re: I was tempted to reject outright

      I am not saying this is a slippery slope but you can keep extending this, "What can you trust?" mentality until you arrive at the light passing to your eyeballs. Can you trust your init, your DE, your application, your display manager, etc? Pretty soon you have to have all the applications on your system signed by a 'trusted authority' and we have arrived at the hellscape of MacOS development. The initrd isn't built with bits that are not already on your hard disk. The bad actor would have to be already on the disk and would be in a place where it could be discovered.

      This isn't my bailiwick and would gladly be told how I am mistaken but this just seems to keep kicking the trust problem down the road without actually solving anything.

      1. nijam Silver badge

        Re: I was tempted to reject outright

        > Pretty soon you have to have all the applications on your system signed by a 'trusted authority'.

        The phrase "trusted authority" is self-contradictory, as illustrated by, oh, the whole of history...

    2. jake Silver badge

      Re: I was tempted to reject outright

      "There is a security issue."

      Yes. But who is affected? I'm not. Neither are you. Nor is pretty much anybody else who is reading this. Not really. Not in the RealWorld. So why in the name of Ada Lovelace's shiny brass punch cards should it be implemented on all of our computers?

      Unless it's there to make money for the implementer, at all of our expense, of course.

  10. Anonymous Coward
    Anonymous Coward

    "Needs some work"

    Yeah, that's a laugh. Lennarts signature move, actually.

    Here's a clue, that work isn't going to happen. Lennart has already decided how this will be built, and is already building it. The parts that need work aren't getting fixed.

    His eBPF that dosen't support any of the syntax of the actual BPF and uses a totally different architecture is another great example of a project that early on people said, "sounds interesting but needs some work".

    Torvalds doesn't want him in the kernel, now he wants to put a wrapper around the kernel? Like people have said for years, it's not that it doesn't need to be done, just don't let Poettering do it.

  11. willfe

    Sigh. It's a losing battle, isn't it?

    A Microsoft employee, already infamous for absolute garbage software and unmatched arrogance, proposes yet another in a long line of overly complex "solutions" to imaginary problems that wrest control from the users and hand it to corporations in charge of the crypto keys, and people are cheering him on and mocking Linux users for being closed-minded.

    People are just handing over the keys without realizing they'll soon be locked out of their own cars, and trying to explain why that's a bad idea is always just met with incredulity and mockery.

    What's the point anymore? Maybe it's just time to move on to different architectures without this hardware security garbage in it, roll over to a Linux fork that doesn't entertain this nonsense, and leave the self-flagellating users to the walled garden they seem to be begging for.

    1. robinsonb5

      Re: Sigh. It's a losing battle, isn't it?

      I've thought for a while that if we're going to keep any form of computing freedom in the long term, we desperately need an FPGA board with at least 8 gig of RAM (they typically have half a gig or less), capable of running a RISCV system that can self-host right down to rebuilding its own FPGA bitstream. Realistically we'll be stuck at early to mid 2000's performance, but no-one will be able to tell us what we can or can't run on it.

      (Most of the required pieces already exist - just need a board with enough RAM!)

  12. steelpillow Silver badge
    Megaphone

    Maybe at last

    this will wake up the world to the need to exorcise Microsoft (TM) from the boot process once and for all, secure or otherwise.

    No, sorry, I must have been dreaming.

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe at last

      We're already doing that, and so are many of the big boys (no, we're not big, just stubborn :) ).

      That's why MS marketing is clocking overtime and their security team is so busy finding problems only in other operating systems and applications.

  13. Youngone Silver badge

    Is it just me?

    Does anyone else think "Evil Maid" sounds slightly sexy?

    Probably just me. I'm having weird day.

    1. PRR Bronze badge

      Re: Is it just me?

      > Does anyone else think "Evil Maid" sounds slightly sexy?

      https://youtu.be/-SXbmeFCnTM?t=13

      1. David 132 Silver badge
        Thumb Up

        Re: Is it just me?

        Actually, this is the one that came to my mind: https://youtu.be/vWNJZrdn7i4?t=51

        The question is, does Poettering's suggestion suck or blow?

        (¿Por qué no los dos?)

        1. milliemoo83

          Re: Is it just me?

          "The question is, does Poettering's suggestion suck or blow?"

          First one, then the other.

          1. Anonymous Coward
            Anonymous Coward

            Re: Is it just me?

            Both - at the same time.

            1. TimMaher Silver badge
              Windows

              Re: Both

              Old joke, from Oz magazine I think.

              “Suck, Samantha, suck!

              Blow is just a figure of speech!”

  14. This post has been deleted by its author

  15. Arbuthnot the Magnificent

    Glad I'm a hoarder...

    My stack of pre-TPM, IME / PSP-free motherboards and laptops should see me out...

    1. David 132 Silver badge
      Happy

      Re: Glad I'm a hoarder...

      But on such old hardware, you won't be able to mine crypto! Or trade NFTs in the exciting new world of Web3! Or take part in the cyber future of the Metaverse!

      You're cutting off your nose to spite your face!

      1. georgezilla Silver badge

        Re: Glad I'm a hoarder...

        " ... You're cutting off your nose to spite your face! ... "

        But I don't actually "need" my nose. And as to not having one and me looking "odd"? Have you ever seen my face?

        1. Anonymous Coward
          Anonymous Coward

          Re: Glad I'm a hoarder...

          I find having a radio face to be of great benefit - saves having to wonder if people just like having me around for being decorative.

          :)

      2. Arbuthnot the Magnificent

        Re: Glad I'm a hoarder...

        "But on such old hardware, you won't be able to mine crypto! Or trade NFTs in the exciting new world of Web3! Or take part in the cyber future of the Metaverse!"

        I shall just have to bear it manfully!

        1. I ain't Spartacus Gold badge

          Re: Glad I'm a hoarder...

          Have you tried manning it bearfully?

        2. David 132 Silver badge
          Pint

          Re: Glad I'm a hoarder...

          Your stoicism in the face of such incredible temptation is truly an example to us all!

          Now, let’s go have some of these ——>

          and try to forget all about Lennart Bloody Poettering.

          1. Arbuthnot the Magnificent
            Pint

            Re: Glad I'm a hoarder...

            Now that I can drink to, even though it's not quite Friday yet!

  16. Agamemnon
    Devil

    BSD is Pottering Free.

  17. sreynolds

    If Intel keeps on publsihgin the private keys....

    If you have the private keys for the UEFI BIOS then you are doomed to fail before you even being.

    Mind you I noticed that the new kernels support adding an empty CPIO file during the build process if you are using a built in RAM disk - something you need if you are going to sign the bootx64.efi image.

    1. Anonymous Coward
      Anonymous Coward

      Re: If Intel keeps on publsihgin the private keys....

      Ah is that how you include modules from the current kernel build into the UEFI image?

      so make modules_install and then create a cpio with the current modules? Sounds complicated.

  18. old486whizz

    what's the point in moving the initrd?

    So... Moving initrd and the kernel image into one image file - how does that fix ANYTHING?

    Drivers still need to go in the image, the image still needs to be built on the host, which means you still have a "trust" issue.

    All you need is some sort of signed mechanism on the initrd image, some way to use the RPM to sign the image in the first place.

    .. so why shift to UKI? What's the actual benefits?

    1. Anonymous Coward
      Anonymous Coward

      Re: what's the point in moving the initrd?

      Given who he works for I'd say lock in?

      (so, of no benefit to the user, rather the opposite)

    2. Adrian 4

      Re: what's the point in moving the initrd?

      So .. initrd is there to provide a fixed kernel with some boot options.

      And LP's solution to the problem that people can choose what they boot is to package it in with the kernel and have a fixed image.

      Isn't he missing something ?

  19. georgezilla Silver badge

    Poettering ..............

    " ... Poettering ... " ?

    Two words ............

    Fuck Poettering!

    Oh ......

    And the horse that he rode in on.

    1. Dizzy Dwarf

      Re: Poettering ..............

      https://me.me/i/owhat-the-fuck-othis-othat-the-man-dit-oyes-doff-71b13fe912f948539522959e1c56caae

      They've handlily left a space where you can write in 'Poettering'.

      (although, to save everyone's time, they may as well have pre-printed it)

  20. AdamWill

    well, it can be

    "Trusted Computing, after all, is not about you trusting your own computer."

    But it certainly *can* be. One of the things Matthew is very big on is signing your *own* bootchain. Secure Boot is a mechanism; you can tell it to trust whatever key you like. You can create your own key, tell your system to trust that key (and *only* that key, if you like) and sign your own bootchain. Then nobody else can mess with it. This change would probably make that easier, as it reduces the number of pieces you have to make sure get signed. (The obvious problem with it is that you presumbaly couldn't tailor the initrd to the system, as we've been doing for years to reduce memory use. Initrds would have to be generic - include support for every possible bit of hardware. Maybe lennart has an idea there, I didn't read the post yet.)

    This is seen as an incredibly niche pursuit and the True Freedom Way Man is just to turn secure boot off, but...I think that's rather more just the *lazy* way. But nobody likes to think they're lazy, it's much nicer to think of yourself as sticking it to the Man, man.

    1. An_Old_Dog Silver badge

      Re: well, it can be

      " you can tell it to trust whatever key you like. You can create your own key, tell your system to trust that key (and *only* that key, if you like) and sign your own bootchain."

      Can I? Truly? I thought one of the big issues here is that only OEMs and Microsoft have the magic-sauce computer programs which are used for the creation, loading, and deletion of keys into, and from, TPM storage.

      If the signing and manipulation programs were publicly-available, wouldn't everybody be signing their own stuff and importing those keys into TPM?

  21. Mike_R
    Linux

    Options...

    Best advertisment for Devuan that I've seen in a long time

    1. Anonymous Coward
      Anonymous Coward

      Re: Options...

      Don't you realise this is all Devuan's fault!

      If they hadn't provide a path to escape from Poettering's clutches he wouldn't be trying to make it impossible to install non-systemd based systems in the first place.

  22. Pirate Dave Silver badge
    Pirate

    If this had been brought up by anyone besides Poettering, we could at least look at it and go "Meh, don't care". But as it's Poettering pushing it, how are we supposed to maintain a level of professionalism and not descend into various incantations involving the words "fuck" and "massive horse cock"?

    Seriously, that dweeb's crap software has already had far too much impact on my professional career as a (former) Linux admin, so at this point, there's not much left to lose.

    Fuck Poettering and every goddamned stupid fucking idea he has from here on out.

    Sadly, I don't feel better having said that. Still miss initd and the like, and Linux admin under systemd is at least as bad as Windows Server, maybe worse since most of the old ways still work under Windows. But not Linux. Nope, the main distros all smoked from the same crack pipe and wound up with the same incurable cancer. What used to be a fun little OS to make run like blazes is now usually surrounded by a steaming pile of the most putrescent and nigh-on incomprehensible boot garbage imaginable. And now, NOW, Poettering is muttering into his hat about initrd, and we KNOW the distros will just bend over. Again. But it's even worse than before because now he's calling up the spectre of Microsoft's cold, dark fingers around the neck of the Linux kernel itself. That should never EVER be allowed to happen, and if the distros give in to his bullshit, then there really is nothing much left to Linux except a couple of old shells and a grumpy but subdued (neutered?) Fearless Leader Torvalds. Microsoft will have won, and most of our careers will have been in vain.

    Fuck Poettering.

    1. Anonymous Coward
      Anonymous Coward

      Now tell me how you really feel :).

      I would not worry too much - there are some very big outfits needing Linux to run their companies, and some of these have been screwed over by MS frequently enough not to allow that to happen again. I'm thinking IBM and the like - Linux effectively saved them (read "Who says elephants can't dance?" by Louis Gerstner Jr to see just how close to the brink IBM was before they started with virtualising Linux).

      I'm about to spend a few million with them because I need infrastructure that keeps working (which in itself excludes Microsoft provided software), and Microsoft doesn't get to play. Not even in the offices.

    2. jake Silver badge

      ::shrugs::

      The Kernel itself will always refuse to play his silly games (the dumb-ass burned his bridges there).

      I still have source for init ... and so do you.

      Workarounds will be found for this latest bit of stupidity, as required.

      You'll find this pre-packaged in Slackware, which will outlive Poettering.

      Have you tried the real Linux distro recently?

      1. Pirate Dave Silver badge

        Re: ::shrugs::

        No, last time I touched Slackware was probably 2001-2002. Roughly the same time frame that I played with Gentoo for a bit. Maybe Caldera too, before the darkness came. I stuck with RedHat until CentOS came out, then hung with them until a couple of years ago (and was still running the aged 6.x line since it was sans systemd).

  23. Anonymous Coward
    Anonymous Coward

    Going out on a limb here…

    …I'm actually going to make a case for deflecting some of the blame off this man and onto myself and other Linux contributors and enthusiasts.

    To his credit, he did have some good conceptual ideas, such as networked sound, or standardising the init process.

    What is more, unlike the rest of us, he actually went on to do something about things he, rightly or wrongly, thought needed to be done.

    The problem is that he happens to be such an incompetent programmer and, from what I've heard, a terrible technical manager (he's clearly good at playing the corporate game, though).

    So, in a way, through our own laziness and inability to make things happen, we created Poettering. Nostra culpa. :(

    1. Anonymous Coward
      Anonymous Coward

      Re: Going out on a limb here…

      To his credit, he did have some good conceptual ideas, such as networked sound, or standardising the init process.

      ...

      The problem is that he happens to be such an incompetent programmer

      While he might have some good conceptual ideas such as a unified service manager I feel he falls down before he gets as far as the actual programming bit. It is the basic design bit of the process which is the real problem.

      1. Anonymous Coward
        Anonymous Coward

        Re: Going out on a limb here…

        > It is the basic design bit of the process which is the real problem.

        Yeah, good point.

    2. nijam Silver badge

      Re: Going out on a limb here…

      > ...he happens to be such an incompetent programmer and, from what I've heard, a terrible technical manager...

      You left out "inept designer".

    3. Adrian 4

      Re: Going out on a limb here…

      > To his credit, he did have some good conceptual ideas, such as networked sound, or standardising the init process.

      Hadn't Jack already done that for those who needed it ?

      1. jake Silver badge

        Re: Going out on a limb here…

        Yes, Jack has been around for a couple years longer than polypaudio pulseaudio.

    4. jake Silver badge

      Re: Going out on a limb here…

      He standardized the boot process? Really?

      What did we have before that was non-standard?

    5. Arbuthnot the Magnificent

      Re: Going out on a limb here…

      "...standardising the init process..."

      I would respectfully disagree that standardising the init process is a good idea; I personally like having the freedom to choose which init system I want to use.

  24. Bartholomew
    Facepalm

    Extend, Embrace, Extinguish

    I have already ended up migrating from Debian to Devuan (A Debian based distribution without systemd) because of that .....*censored* *censored* *censored*. I will migrate to *BSD if he somehow manages to drop yet another steaming pile of *censored* into Linux from Microsoft.

    I will never forget the Microsoft solution to open source, in the leaked internal report from 1998 - "Extend, Embrace, Extinguish".

    I honestly hoped that he would bring his vision to Extend Windows, where hopefully it would be fully Embraced by Microsoft.

    1. Binraider Silver badge

      Re: Extend, Embrace, Extinguish

      Honest question. Devuan was easy enough to install as a "desktop", but how is it for e.g. Steam?

      As that rare thing, the linux gamer, I did not get on well with early releases of Devuan; probably because I ended up having to prat about with video drivers in CLI (thus needing a second device to look up what command line incantations to run. Fortunately phones are a thing).

      Whereas Manjaro (albeit SystemD infected) you can basically boot, install updates and you're off. Proton does an excellent job of cutting (most) of the WINE configuration out. I'm also quite a fan of the AUR functionality - a genuine step towards "not" needing to mess with the command line to install something that your distro decided not to package itself.

      I have lived through a Gentoo install as a learning exercise, and while interesting of itself, it's not especially practical for an install-and-forget user.

      I am, at both desktop and server level, a massive advocate of BSD; with again, the main grumble of how to be a gamer the primary blocker to uptake on personal machines.

      1. Liam Proven (Written by Reg staff) Silver badge

        Re: Extend, Embrace, Extinguish

        *cough*

        https://www.theregister.com/2022/08/31/mx_linux_212/

        1. Binraider Silver badge

          Re: Extend, Embrace, Extinguish

          I did try MX before settling on Manjaro at last rebuild. Didn't play well with Steam (but happy to give it another go!)

      2. Bartholomew

        Re: Extend, Embrace, Extinguish

        Sorry, but I don't use steam - gaming is not really my thing.

  25. Stuart Castle Silver badge

    Sadly, I think we are going to get to the point where corporate machines at least *are* locked down to the point where every component (software, and where feasible, hardware) has some sort of digital signature or key, and is locked down to the point where it's nearly impossible to run anything unauthorised. If the computer you are using has a well designed OS install, you are likely already nearly there. I think we will get to the point where things like TPMs are required.

    Home use is a different matter entirely. Home users should be free to run what they want.

    That said, one of the best security procedures is to reduce your attack surface. System D (as written by the guy this article is about) is *way* to bloated and has a massive attack surface..

    1. Havin_it

      I'd say it is more the opposite way around in practice.

      Corporates (the big-enough-to-be-influential ones) expect a high degree of lockdown capability *that they can control*. Letting MS or anyone external be gatekeeper of that lockdown, not so much.

      It's cheapskate consumers who get properly reamed, because they aren't spending enough to have a vote, and most aren't bothered by the impositions the way power-users are anyway as it doesn't affect their lives (usually).

      That's why the Corporate/Enterprise versions of Windows XP/2003 (can't speak for later iterations) had license keys that bypassed the fiddly activation process consumers were subjected to. That's why "business-grade" laptops have configurable SecBoot whereas cheap-shit consumer ones have it welded shut or so nobbled that it takes serious emotional investment to workaround in order to get Linux booting.

  26. nijam Silver badge

    > ...some forms of full-disk encryption can unlock encrypted disks without a password using information stored in the TPM chip...

    So, TPM is intrinsically unstrustworthy; worse, in fact: untrustable.

    Does TPM stand for The Poettering Madness?

  27. Binraider Silver badge

    Some of the arguments he makes are sound in terms of threat vectors. However, the solution offered sounds remarkably close to "please buy only a trusted combined package from a vendor, probably that of my employer".

    Not unlike an extension of previous assaults made under a different employer in the form of SystemD and PulseAudio.

    And how long before the content of that "trusted" package is not open to scrutiny?

    So, the next question is can we roll a distro that does what we want, before this next move into Kernel feature creep wearing a Microsoft suit takes over? Devuan is part of the way there, if ease of use can be resolved to put it on par with Manjaro.

    1. bigtreeman

      Devuan is working for me.

      no Poettering

  28. no user left unlocked

    The horses have already bolted

    So if I understand this correctly part of his rationale is that "bad actors" may interfere in an initramfs update/rebuild when your system changes?

    If that is happening then I've already lost control of the computer and nothing less than a full wipe is needed.

    *sigh*

  29. Anonymous Coward
    Anonymous Coward

    At least ..

    .. it has now become very clear why Microsoft is employing him.

  30. razorfishsl

    So basically the start of caging linux... putting it under the control of MS

  31. Fruit and Nutcase Silver badge
    Joke

    Poettering About

    "Poettering About" would be an apt name Agent Poettering's blog

  32. x 7

    How did.............

    Can someone explain just how-the-**** one misguided fool became so important to Linux?

    Who are the idiots who promoted him?

    1. Anonymous Coward
      Anonymous Coward

      Re: How did.............

      Who?

      These ones:

      https://www.linux.com/images/stories/41373/GregKH-systemd-hackfest.jpg

      Persons in photo: Lennart Poettering, David Strauss, Linux Foundation Fellow Greg Kroah-Hartman, and Kay Sievers

      Time: 2014

      Event & Place: Systemd hackfest

      And yes, I am very well aware that Greg & Kay are Kernel developers. The cancer has spreaded already far and deep ...

      Maybe Linus not know that there is serpents in the nest ? Or maybe he does but not care anymore?

  33. bigtreeman

    Lennart works for Microsoft

    So why does his odour still linger in Linux.

    Butoutsky

    He now has to do what his employer tells him to do

    and if that is detrimental to Linux ?

  34. An_Old_Dog Silver badge

    Disabling Secure Boot in BIOS

    "the existing secure boot can be disabled in the BIOS settings."

    For the moment, yes. Where are we when an industry-wide manufacturers' consortium implements "secure boot always-on", for, of course, "the security of our customers"?

    Icon, 'cause I won't be able to boot my "insecure", home-brewed initrd.

  35. vekkq

    Brave New World. Talking about hints ..

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like