[erglkjahlkh]

The problem with secure boot is that most want to choose what parties to trust for managing the security of the boot chain. Microsoft is not on the list of many, and many large corporations and such would want to certify the sources themselves with more granularity. Whether this is a perceived or a real problem, I can not say, but until it is corrected this will slow the adoption of these new features.

[crdoconnor]

>The problem with secure boot is that most want to choose what parties to trust for managing the security of the boot chain.

The problem is that this process of whom to choose is completely opaque and usually based upon who has the most market power, definitely not who is the most trustworthy.

Hence tons of OEMs ship with Microsoft's key being the only trusted one.

Imagine if the only CA trusted in 95% of browsers was Microsoft's CA. We'd be seeing blog posts like this telling us that since we didn't read the SSL spec, and because it's open, we're all just a bunch of know-nothing whingers :)

[adambatkin]

What other keys should they pre-install?

Let's face it, most motherboards will run Windows, so it makes sense to ship Microsoft's keys (also they have to do that to get certified by Windows). Do you really expect OEMs to go hunting down keys from Red Hat, SuSE and Canonical? What about all the other little distros? I would expect that companies like Microsoft know how to handle key material properly (plus they have a vested interest in doing it correctly), but how much do you trust all the little distros? Once a key is trusted, it's trusted, so if you want Secure Boot to do-what-it-says-on-the-tin, you need to have confidence that the pre-installed keys are all kosher.

And the CA model will definitely not work - we have seen what happens in the browser world. One bad CA, one bad signed certificate and the game is lost. And since it's running in firmware, there's no easy way to revoke or blacklist certificates.

I run Linux exclusively on my PC (and have for 15 years) so I'm sympathetic with everyone's concerns with Secure Boot, but I also completely understand why only Microsoft's key is pre-installed on most systems, and I believe that's probably the correct solution. The fact that the UIs for installing new keys or disabling Secure Boot suck is a good point. Complaining that Microsoft's key being the only pre-installed key isn't.

[crdoconnor]

>What other keys should they pre-install?

4/5 biggest linux distros. BSD, maybe? Does that seem unreasonable? Would you complain if these keys were added?

>Let's face it, most motherboards will run Windows, so it makes sense to ship Microsoft's keys (also they have to do that to get certified by Windows). Do you really expect OEMs to go hunting down keys from Red Hat, SuSE and Canonical?

Gosh, no. That sounds super hard. Three whole public keys?

>What about all the other little distros?

Give the end user an easy way to add their keys and I'm happy.

>And the CA model will definitely not work

You seem to be missing the point. This IS the CA model.

[mjg59]

> Would you complain if these keys were added?

Basically, yeah - it'd remove much of the legal incentive for Microsoft to sign other operating systems, and it'd fuck over the smaller distributions as a result.

I don't think anybody's happy with Microsoft being the effective industry CA here (Microsoft certainly aren't), but nobody else has shown any real interest in taking responsibility for doing it.