Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 10 submissions in the queue.

Tivoisation of Linux

posted by LaminatorX on Monday September 15 2014, @11:59AM   Printer-friendly
from the Trustix dept.

jbernardo writes:

One thing I have yet to see discussed about systemd and the "unified package manager" proposed by Poettering is the stated objective [among others] of tivoisation of linux:

We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular).

Am I the only one who is scared of this "tivoisation" by design? If this ever makes it to arm devices, say goodbye to DD-WRT, OpenWRT, Tomato, etc. And that will be just the beginning. Be ready for all your devices becoming appliances, non-customizable and to be thrown out as soon as they become obsolete by design. Being allowed to only run signed code will probably be good for redhat, but will it be good for the user?

Strange that a few years ago "trusted computing" was stopped, and now it seems almost inevitable even in Linux.

 
This discussion has been archived. No new comments can be posted.
Tivoisation of Linux | Log In/Create an Account | Top | 54 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by VLM on Monday September 15 2014, @02:50PM

    by VLM (445) on Monday September 15 2014, @02:50PM (#93471)

    "As long as the device-owner (by which I mean the customer, not the vendor!) can install any root-certificate he likes"

    The whole concept is a waste of time, because either you don't own your device anymore, or the same idiots who install toolbars and comet cursors and weather bugs will simply add root-certs, bringing you back to where we are, but more complicated, harder to fix, and less useful. Even worse someone will break the system and back door it, but "the computer never lies and it says its trustworthy" so you get a false sense of security. Its literally a waste of time to even try to implement. Assuming you're looking for security and not profitable tivo-ization.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 2) by q.kontinuum on Monday September 15 2014, @03:11PM

    by q.kontinuum (532) on Monday September 15 2014, @03:11PM (#93481) Journal

    Depends how hard it is to add root certificates. This should only be possible at boot time, via an additional HW switch to enable root certificate update, and the switch can be disabled via jumper on board. I'm pretty sure my wife or son, or average secretary, wouldn't go through this just to install skye + "Bing Bar Helper for 3rd party browsert" + "Ask bar". And where it's justified, there is always the option to put a padlock on the casing.

    --
    Registered IRC nick on chat.soylentnews.org: qkontinuum