SoylentNews is people
SoylentNews
from the "I've-got-that-'impending-doom'-feeling-again" dept.
Arthur T Knackerbracket has processed the following story:
The Linux ecosystem is buzzing with news of Amutable, a new company founded by some of the most influential figures in modern Linux development. Led by Lennart Poettering (creator of systemd), Christian Brauner (Linux VFS subsystem maintainer), and other prominent Linux kernel developers, Amutable aims to deliver "verifiable integrity to Linux workloads everywhere."
[...] Amutable's stated mission is ambitious: to build cryptographically verifiable integrity into Linux systems. Their approach focuses on three key areas:
Ensuring that software builds are verifiable and tamper-proof from the development stage through deployment.
Implementing secure boot processes that can cryptographically verify the integrity of the entire boot chain.
Maintaining verifiable system state throughout the operational lifecycle of Linux workloads.
The company's tagline, "Every system starts in a verified state and stays trusted over time," encapsulates their vision of comprehensive system integrity.
While Amutable has been relatively secretive about specific technical details, the company appears to be building on remote attestation technology. This involves using hardware security features (like TPMs - Trusted Platform Modules) to cryptographically prove the state of a system to remote parties.
The technology builds on existing standards and protocols but aims to make them more accessible and user-controlled in Linux environments. According to founding engineer Aleksa Sarai, the models they have in mind are "very much based on users having full control of their keys."
The announcement has generated significant discussion in the Linux community, with reactions ranging from excitement about improved security to deep concerns about potential implications for user freedom.
However, a significant portion of the Linux community has expressed serious reservations, drawing parallels to how similar technologies have been used to restrict user freedom on mobile platforms.
Remote attestation inherently involves revealing information about your system to third parties. Even with privacy-preserving protocols, concerns remain about:
One of the key technical challenges is providing attestation without compromising user privacy. While protocols like Direct Anonymous Attestation (DAA) exist, they often require trusted intermediaries and can still be vulnerable to correlation attacks.
[...] As one community member noted, attestation can only verify that known vulnerabilities are still present, not that a system is actually secure. With thousands of CVEs discovered in Linux annually, "verified" doesn't necessarily mean "safe."
Lennart Poettering's involvement adds another layer of complexity to the discussion. His previous work on systemd was similarly controversial.
Supporters counter that systemd solved real problems and modernized Linux system management. The parallel concerns about Amutable suggest the Linux community is wary of another potentially disruptive change from the same architect.
Amutable has been notably quiet about their business model, which has fueled speculation and concern. Possible approaches include:
The lack of clarity around monetization has led some to worry about potential future restrictions or lock-in mechanisms.
Amutable enters a space where several major players are already active:
A Linux-native solution could either complement these existing systems or compete directly with them.
Government regulations around cybersecurity are increasingly requiring organizations to demonstrate system integrity. Amutable's technology could help organizations meet these requirements, but it could also become a compliance requirement that effectively mandates its adoption.
[...] Amutable represents a significant moment for the Linux ecosystem. The company's success or failure could determine whether Linux develops robust, user-controlled security attestation or whether the platform remains vulnerable to the kind of lockdown that has characterized mobile computing.
The involvement of respected Linux developers like Poettering and Brauner lends credibility to the project, but their track record also shows they're willing to make controversial changes they believe are necessary for Linux's evolution.
The key question is whether Amutable can thread the needle between providing the security guarantees that enterprises need while preserving the freedom and openness that Linux users value. The answer will likely shape the future of Linux security for years to come.
For now, the Linux community watches and waits, hoping that this new venture will enhance rather than restrict the platform they've helped build. The stakes couldn't be higher: the future of open computing may well depend on getting this balance right.
(Score: 1, Insightful) by Anonymous Coward on Thursday February 05, @03:45PM (1 child)
Phones are ALREADY locked-down appliances
Good luck modifying anything on your baseband processor today.
The new term for "phones" will be anything that requires connection
to a corporation.
Pretty much everything controlled by The Man
(Score: 2) by VLM on Thursday February 05, @05:00PM
I can write apps and download them to my phone all day. In fact I can put my projects on github and others can compile in android studio and transfer to their phones over a usb cable. Or (for now, probably ending soon) I can upload to FDroid and and they distribute my compiled code. For now.
But there's another level of appliance like my microwave oven or a 1980 Sony television or an old cordless phone from the 90s where there's no user level firmware access.
Yeah, that also applies to pretty much every wifi device. Anything needing FCC certified type acceptance is already a pain in the butt:
https://www.ecfr.gov/current/title-47/chapter-I/subchapter-A/part-2/subpart-J/subject-group-ECFR55475dd0ca1a058/section-2.1043 [ecfr.gov]