Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 10 submissions in the queue.

Tivoisation of Linux

posted by LaminatorX on Monday September 15 2014, @11:59AM   Printer-friendly
from the Trustix dept.

jbernardo writes:

One thing I have yet to see discussed about systemd and the "unified package manager" proposed by Poettering is the stated objective [among others] of tivoisation of linux:

We want our images to be trustable (i.e. signed). In fact we want a fully trustable OS, with images that can be verified by a full trust chain from the firmware (EFI SecureBoot!), through the boot loader, through the kernel, and initrd. Cryptographically secure verification of the code we execute is relevant on the desktop (like ChromeOS does), but also for apps, for embedded devices and even on servers (in a post-Snowden world, in particular).

Am I the only one who is scared of this "tivoisation" by design? If this ever makes it to arm devices, say goodbye to DD-WRT, OpenWRT, Tomato, etc. And that will be just the beginning. Be ready for all your devices becoming appliances, non-customizable and to be thrown out as soon as they become obsolete by design. Being allowed to only run signed code will probably be good for redhat, but will it be good for the user?

Strange that a few years ago "trusted computing" was stopped, and now it seems almost inevitable even in Linux.

 
This discussion has been archived. No new comments can be posted.
Tivoisation of Linux | Log In/Create an Account | Top | 54 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by tangomargarine on Monday September 15 2014, @04:04PM

    by tangomargarine (667) on Monday September 15 2014, @04:04PM (#93500)

    sudo load fuck_yall_you_just_do_what_i_tell_you.cert

    A lot of developments the last few years have been trying to crowbar us away from the original spirit of computing: This is my hardware. It runs the bits I tell it to. If they don't work, it crashes.

    --
    "Is that really true?" "I just spent the last hour telling you to think for yourself! Didn't you hear anything I said?"
    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2  

  • (Score: 1) by wantkitteh on Monday September 15 2014, @04:29PM

    by wantkitteh (3362) on Monday September 15 2014, @04:29PM (#93510) Homepage Journal

    That's completely understandable. For the vast majority, computers are the applications you are productive in, not the underpinnings that someone else sets up and maintains for you. Any time spent away from those productive applications is a bad thing that harms your bottom line, so any method you have of trusting your infrastructure even more to reduce preventative maintenance, the better. And yes, I'm disappointed this attitude seems to be popping up in Linux, but I won't be worried until it turns up in Debian Stable standard distros.

    • (Score: 2) by q.kontinuum on Tuesday September 16 2014, @05:25AM

      by q.kontinuum (532) on Tuesday September 16 2014, @05:25AM (#93856) Journal

      I'm worried already, I just maintain that the actual problem is not the implementation of the feature in the Linux kernel but the abusive way it might be used by vendors (e.g. by not allowing the customer to install his own root-certificate).

      --
      Registered IRC nick on chat.soylentnews.org: qkontinuum