Then he did it wrong, because the point of the article is that systems signed with exactly this key are not trusted anymore. Only different key is trusted, and that key is used to sign Windows only and nothing else.
One could argue that distrusting platforms signed with MS's 3rd party certificate offers marginal additional security but that doesn't contradict the original point made about defence in depth.
> Whether it offers marginal additional security has yet to be demonstrated.
You're further limiting the number of images that can boot. This is a point you've made yourself so I don't really see how you need a further demonstration.
What you can argue is whether that marginal additional security is negligible enough be pragmatically worthless. And I'd probably agree with you there. However that doesn't dismiss the point that it does add a marginal additional security from the perspective of "defence in depth"[1]
I'm not convinced it does in any meaningful way. Maybe (again) marginally it might but it's trivial to disable and most Linux users are probably used to jumping into the uEFI to enable booting from install medias anyway (I know I am).
I'd argue your statement here requires a greater burden of proof than the one you're arguing against.
> You're further limiting the number of images that can boot.
That does not mean it improves security. If the images it allows to boot are less secure than those it prevents, it lessens security.
> I'm not convinced it does in any meaningful way.
It does booting Linux harder exactly to these users that it claims to protect.
So yes, it "protects" them from trying competing product.
> disable and most Linux users are probably used to jumping into the uEFI to enable booting from install medias anyway (I know I am).
Power users can do it; less experienced users consider that difficult, especially if they are not familiar with the concept. This all contributes to the image that Linux is difficult to install and use. Linux forums are full of discussions on this topic.
While it is just an artificial hindrance.
Would be it OK for Windows users to fiddle with UEFI settings before they can use Windows? If not, why is it OK for Linux users? Windows gets a clear advantage here.
> That does not mean it improves security. If the images it allows to boot are less secure than those it prevents, it lessens security.
I appreciate what you're saying but your logic doesn't really work:
- The only image allowed is Windows. Anything else is disallowed. Those images might be malicious (eg someone somehow stole MS 3rd party cert) or they might not. But not allowing them is more secure than allowing them because you're reducing your risk.
- Furthermore, saying some images allowed are less secure (ie Windows) than the ones that aren't (eg CentOS) doesn't mean this "feature" (if you can call it that) doesn't still add some additional security. Because (and at risk of repeating the above), this still blocks some additional images that might be a security risk. Hence it reducing your risk and hence it providing additional security from the perspective of defence in depth.
- The point of "defence in depth" is not to have a single security countermeasure that acts as a silver bullet against attacks. It's to provide a layered approach where cumulatively they protect you. This "feature" certainly fits that criteria.
This is why I said the question shouldn't be "does it provide additional security?" but rather "is that additional security significant enough to warrant the other impacts (such as those you've outlined?"
If you were to make that point instead, then I might agree with you. But to say it doesn't provide any additional security really misses the point of how security is evaluated.
> > I'm not convinced it does in any meaningful way.
> It does booting Linux harder exactly to these users that it claims to protect.
That's not a counterargument, it's a contradiction. I don't really see the point of a "oh yes it does" / "oh no it doesn't" pantomime style argument. If you are able to cite how the short activity of unchecking an additional UEFI option is significant enough to turn people off from the already complicated process of installing Linux then I'd be interested to see it. Otherwise we might just have to agree to disagree.
> Power users can do it; less experienced users consider that difficult, especially if they are not familiar with the concept. This all contributes to the image that Linux is difficult to install and use. Linux forums are full of discussions on this topic.
But how many of those people are buying ThinkPads to install Linux who are not power users? I'd wager if you were to draw a Venn diagram, those groups would barely, if at all, intersect. And more often than not, you have to alter UEFA parameters to boot from removable devices regardless of your setting in secure boot.
> Would be it OK for Windows users to fiddle with UEFI settings before they can use Windows? If not, why is it OK for Linux users? Windows gets a clear advantage here.
This I do 100% agree with. I never liked secure boot to begin with because of exactly this reason. Still dislike it now and certainly don't agree with what Lenovo are doing with regards to the original topic. But that is an entirely separate point to the one made previously about defence in depth.
Here I think lies the issue of our discussion. You're arguing against a technical point with an emotional claim of morality. While I completely agree with your point about morality, it's doesn't address the technical point you're trying to argue against.
> - The only image allowed is Windows. Anything else is disallowed. Those images might be malicious (eg someone somehow stole MS 3rd party cert) or they might not. But not allowing them is more secure than allowing them because you're reducing your risk.
> - Furthermore, saying some images allowed are less secure (ie Windows) than the ones that aren't (eg CentOS) doesn't mean this "feature" (if you can call it that) doesn't still add some additional security. Because (and at risk of repeating the above), this still blocks some additional images that might be a security risk. Hence it reducing your risk and hence it providing additional security from the perspective of defence in depth.
However, that is not increase in security. It is to increase the lockdown. And increasing lockdown is a poor proxy for quantification of security of specific images. It is easier, with that I can agree.
By the same token, locking out Windows images and allowing CentOS images also increases the security, but then the argument would not be about security anymore, but change to convenience of majority.
> If you are able to cite how the short activity of unchecking an additional UEFI option is significant enough to turn people off from the already complicated process of installing Linux then I'd be interested to see it. Otherwise we might just have to agree to disagree.
You had exactly that in the TFA. It invalidates PCR7, thus invalidating the TPM secrets. If the user uses Bitlocker and didn't save the recovery key, he just lost all his existing data by flipping that option.
It is another significant hoop the users have to jump; and it just happens to more complicate Linux usage. Those incompetent Linuxers, cannot make anything user-friendly...
> But how many of those people are buying ThinkPads to install Linux who are not power users?
Many normal users are not thinking about Linux when they purchase their gear; they will want to try it later, once they used the hardware for a while. If this wasn't a case and users would do research ahead of purchase, the majority of hardware problems under Linux would not exist.
> You're arguing against a technical point with an emotional claim of morality. While I completely agree with your point about morality, it's doesn't address the technical point you're trying to argue against.
My point is that it is not a technical issue. It is political issue masquerading as technical one. So a party A designs a system that favors products of party A and it just happens to thow a curveball at everyone else. Color me surprised. Real technical problem would not favor a specific party.
> However, that is not increase in security. It is to increase the lockdown.
In this instance it is both
> And increasing lockdown is a poor proxy for quantification of security of specific images.
You do realize that locking stuff down is one of the core tenants for securing systems?
> By the same token, locking out Windows images and allowing CentOS images also increases the security
If your system is shipped to run Linux then yes, locking out Windows images would increase the security.
> but then the argument would not be about security anymore, but change to convenience of majority.
You're flip flopping all over the place with different topics. If you want to talk about convenience then I agree that locking systems down affects user convenience. It's a well known adage that security is usually a trade off between convenience and protection. But you weren't talking about convenience, you were talking about security. Which is why I've been talking strictly about security.
With the greatest of respect, you're coming off a lot like you don't really know this subject matter considering how poorly you're sticking to topic and how you're misunderstanding even many of the basic principles of security.
> It is another significant hoop the users have to jump; and it just happens to more complicate Linux usage.
I agree it's another hoop but you haven't yet demonstrated how it's significant despite me asking you to substantiate that claim a few times already. It feels to me like you're just throwing in adjectives for dramatic / emotional effect rather than having a rational conversation here.
> Those incompetent Linuxers, cannot make anything user-friendly...
Why should you care what other people think about Linuxers. Just use the platform you want to use instead of seeing this as some kind of holy war where you need to convert Windows users into Linux users.
> Many normal users are not thinking about Linux when they purchase their gear; they will want to try it later, once they used the hardware for a while. If this wasn't a case and users would do research ahead of purchase, the majority of hardware problems under Linux would not exist.
I've been using Linux since the 90s (and as my primary OS since XP was released and BeOS deprecated). I've never once shopped around for Linux compatible hardware and never once ended up with a machine that couldn't run Linux because of it. Peoples complaints about Linux compatibility are, in my experience, largely over told.
> My point is that it is not a technical issue. It is political issue masquerading as technical one. So a party A designs a system that favors products of party A and it just happens to thow a curveball at everyone else. Color me surprised. Real technical problem would not favor a specific party.
I think you're talking this far too personally. The simple solution here is you can just buy someone else's equipment instead. Getting angry on a forum isn't going to change anything (tbh neither is boycotting Lenovo but at lead doing that can give you some level of control).
They do not sign everything nilly-willy; they refused to sign grub, that's why linux distros use shim.efi.