They want to create a mechanism for software to determine on which system it allows a user to run itself. Google “play integrity” on android and google’s proposal for web integrity API.
It’s not vague at all if you know Poettering and have watched his talks.
This is about securing the boot chain to ensure the integrity of the OS. Ie, someone hasn’t replaced your GRUB with one that looks exactly the same but secretly records your disk password.
It does so in a decentralized way, so anything like Play Integrity would not make sense in the slightest. It’s the TPM chip measuring values and ensuring they match previous recorded values (and the values to change, such as after updates, so after updates are run, the expected values are updated). It’s not a Secureboot-like system that would make it more feasible to have a Play Integrity-like system.
The problem with entire concept is the assertion that “after updates are run, the expected values are updated”. If the administrator can cause the expected values to be updated, you must assume that an attacker who can replace GRUB, in your example, can too, rendering the whole thing ineffective. If the administrator can not cause the expected values to be updated, we’re into an Android like situation, where the vendor decides what you’re allowed to run on your machine. Neither outcome is better than what we have now.
Lennart Pottering has an unfortunate habbit of deciding to fix problems that don’t actually need fixing, then coming up with a vastly overcomplicated solution, takes years to implement, and doesn’t actually provide much or any benefit over what existed before. Any benefit that does occur tends to be the sort of thing that could easily have been added to the previous system, but noone had because it wasn’t actually a pressing concern. One need only look at his history with PulseAudio and systemd to see examples of this. He also tends to be quite rude and dismissive to anyone questioning him, or pointing out architectural issues.
But how it’s implemented means everything. Google’s play integrity is corrupting because it’s designed to lock vendors in to Google’s proprietary ecosystem. You’re not getting that from this ‘language’ alone, it could be the case but it’s a massive leap at this point.
I do not care if it is connected to proprietary ecosystem or not. The freedom to decide what software am I allowed to run on my PC is important for me though. Any system that limits that freedom is evil by definition.
I do not understand where does your optimism come from? In what little that we do know they describe the exact same system using the exact same wording as google. If they mean some other thing then they should spend a couple of hours and describe how is it different. And before that the worst should be assumed. It is to dangerous to treat it in any other way.
I don’t like to ever assume negative intent without good evidence. I think I’m taking the neutral rather than optimistic view here. If you want me to speculate whether this new company is good or evil, that would just be my speculation; it would depend how they intend to make money out of it, from my gut instinct I can’t say they give me any specific Google vibes yet.
They want to create a mechanism for software to determine on which system it allows a user to run itself. Google “play integrity” on android and google’s proposal for web integrity API.
Good luck. Take away the main reason people move off Windows to begin with and see how well that goes, especially for alt-init distros.
Well, we have a systemd creator and Microsoft employees here…
They haven’t announced anything other than a vague outline of what they’re trying to solve, it could be implemented in so many ways at this point.
It’s not vague at all if you know Poettering and have watched his talks.
This is about securing the boot chain to ensure the integrity of the OS. Ie, someone hasn’t replaced your GRUB with one that looks exactly the same but secretly records your disk password.
It does so in a decentralized way, so anything like Play Integrity would not make sense in the slightest. It’s the TPM chip measuring values and ensuring they match previous recorded values (and the values to change, such as after updates, so after updates are run, the expected values are updated). It’s not a Secureboot-like system that would make it more feasible to have a Play Integrity-like system.
The problem with entire concept is the assertion that “after updates are run, the expected values are updated”. If the administrator can cause the expected values to be updated, you must assume that an attacker who can replace GRUB, in your example, can too, rendering the whole thing ineffective. If the administrator can not cause the expected values to be updated, we’re into an Android like situation, where the vendor decides what you’re allowed to run on your machine. Neither outcome is better than what we have now.
Lennart Pottering has an unfortunate habbit of deciding to fix problems that don’t actually need fixing, then coming up with a vastly overcomplicated solution, takes years to implement, and doesn’t actually provide much or any benefit over what existed before. Any benefit that does occur tends to be the sort of thing that could easily have been added to the previous system, but noone had because it wasn’t actually a pressing concern. One need only look at his history with PulseAudio and systemd to see examples of this. He also tends to be quite rude and dismissive to anyone questioning him, or pointing out architectural issues.
The language used speaks for itself. We already know what “integrity” means in this context.
This does not seem vague to me. It explicitly states what they are creating.
But how it’s implemented means everything. Google’s play integrity is corrupting because it’s designed to lock vendors in to Google’s proprietary ecosystem. You’re not getting that from this ‘language’ alone, it could be the case but it’s a massive leap at this point.
I do not care if it is connected to proprietary ecosystem or not. The freedom to decide what software am I allowed to run on my PC is important for me though. Any system that limits that freedom is evil by definition.
I’m right with you there, and it’s proprietary software that threatens that, nothing included in this announcement does though.
I do not understand where does your optimism come from? In what little that we do know they describe the exact same system using the exact same wording as google. If they mean some other thing then they should spend a couple of hours and describe how is it different. And before that the worst should be assumed. It is to dangerous to treat it in any other way.
I don’t like to ever assume negative intent without good evidence. I think I’m taking the neutral rather than optimistic view here. If you want me to speculate whether this new company is good or evil, that would just be my speculation; it would depend how they intend to make money out of it, from my gut instinct I can’t say they give me any specific Google vibes yet.
The intention barely matters. It’s opensource, someone else can do the evil thing.
No. Google’s attestation code is FOSS too.