Home Business IT Open Source OpenBSD's de Raadt slams Red Hat, Canonical over 'secure' boot

OpenBSD founder Theo de Raadt has slammed Red Hat and Canonical for the way they have reacted to Microsoft's introduction of "secure" boot along with Windows 8, describing both companies as wanting to be the new Microsoft.

Responding to a query from iTWire about what OpenBSD, widely recognised as the most security-conscious UNIX, would be doing to cope with "secure" boot, De Raadt said: "We have no plans. I don't know what we'll do. We'll watch the disaster and hope that someone with enough power sees sense."

Microsoft will launch Windows 8 exactly three months from today. The company has said that a "secure" boot process will be needed to boot the operating system on any platform, which means that keys will be used at two stages to recognise what is being loaded. The process is done through the Unified Extensible Firmware Interface, or UEFI.

There will be a mechanism to turn off this method of booting on x86 hardware; however, Microsoft has said that this will not be provided on the ARM platform.

De Raadt foresees issues for "secure" boot in Europe. "I expect that the Intel/Microsoft plans will face big problems in Europe," he said.

"It would be interesting to see a bunch of consumer-unfriendly laptop vendors locked out of European markets, wouldn't it?"

He did not see any positives in the move. "I sense that disaster is coming, and hope that someone has the moral strength to do the right thing," he said.

"I fully understand that Red Hat and Canonical won't be doing the right thing, they are traitors to the cause, mostly in it for the money and power. They want to be the new Microsoft."

Red Hat's method of ensuring that PCs certified for Windows 8 can boot GNU/Linux, announced by its community distribution Fedora, is to sign up to the Microsoft developer program and obtain a key which will be used to sign a "shim" bootloader.

This shim would then load the GRUB2 bootloader which will boot the operating system kernel, which will also be signed. All kernel modules will be signed too. As the first key comes from Microsoft, it will be recognised by most PCs and laptops.

Canonical's plan for its well-known Ubuntu GNU/Linux distribution involves having a key which is distribution-specific in the firmware, and also a key vouched for by Microsoft.

CDs which are sold or distributed separately from hardware will need Microsoft's key to be present in the firmware to boot while bootloader images from the Canonical website will have Ubuntu's own key.

FREE WHITEPAPER - REMOTE SUPPORT TRENDS FOR 2015

Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.

DOWNLOAD!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect