Comment Re:One size doesn't fit all (Score 1) 67
"There are other ways to lock down your system in Linux, which will leave it pretty much unhackable, such as signed binaries (the signature of binaries being checked with each execution), kernel and module signing, and a properly configured bootloader along with secure boot turned on"
This is an extension of exactly those mechanisms. The thing being addressed here is a huge gap in that security chain: currently if you're taking Secure Boot seriously, then nearly everything in the boot chain is signed...*except the initramfs*. Which can't be signed because it's generated locally on your machine. What is the initramfs? Well, it's an entire operating system in a box, basically, which gets run and does arbitrary stuff *defined within itself* on every boot.
So, uh...if everything in the boot chain is signed except the initramfs, how secure is boot? Answer: not very at all. That's why this effort exists.
I think if you take a step back, the overall debate about the whole effort to enable a truly secure boot on Linux is a 'hole hawg' problem: http://www.team.net/mjb/hawg.h... . People who hate all this stuff are Hole Hawg users. They reckon they know what they're doing (maybe they really do!), they don't think boot chain security is an issue for them, and every attempt to make it possible just smells funny to them because it's trying to achieve a thing they don't want.
But not everybody wants the Hole Hawg. IT admins, for instance, definitely don't want the people carrying around their company's sensitive data to have a Hole Hawg. They want that stuff safe. For those purposes, it really is important that we make it possible to have a truly secure boot environment on Linux (or at least one that's not wildly *less* secure than competing operating systems, which right now it kind of is).
I get that people worry this stuff will start out optional but somehow magically become compulsory. All I can say is there's really no reason for anyone to want that. It's plausible in the case of a proprietary monopoly OS that this feature comes with a handy side of control for the OS company, but that's much harder in the F/OSS world. If we somehow tried to make it so Fedora or RHEL didn't boot without all the secure boot features turned on (and why would we, anyway?), anyone could still create a clone which was the same thing but...without that. I also can't see really any benefit we'd get from requiring that. And you can note that Fedora and RHEL have supported Secure Boot for about a decade as of this point, and we certainly aren't requiring that that be enabled.