Systemd ... a can of worms

[francois]

@Ed:

May we say that android i more the kind of an hybrid. Came from linux, and is more open to the community software wise and hardware wise. But one thing is sure is that they are there to take your money like the others, but without monopolizing software evolution.

[phhpro]

...

[brokenman]

Who ever thought we would be forced to watch ads while watching crappy youtube videos? Another sign ($) of the times.

[phhpro]

[KnallKopf]

The technical evolution is evil real evil (15 years before my opinion was inverse)
And the worst is that they are etreme slow.

I am really scary about power of systemd and i won't have it in my Linux.

but can everybody explain this:
On the FOSDEM 2015 Lennart Poettering announcements that he will the integration of gummiboot, UEFI-Certificate and the complett chain of trust in systemd.
He wants to replace Microsoft-Certifikate by Certificates from Fedora or the user.

1.) How is it possible that user put Certificates to the UEFI (Sorry for my question, i have only a old PC without UEFI) ?
2.) When user can do it, Why can not all other people (Hacker the NSA) do it ?

For me it is no difference between Microsoft or Fedora Certificates, only user certificates are good.
3.) but it is it reallystic that it is possible in Future ?

[brokenman]

He wants to replace Microsoft-Certifikate by Certificates from Fedora or the user.

I don't think that is the intent. Then windows wouldn't boot. The intent is to allow users to enable secure boot on their computers and still have a non-windows OS boot. It's about time someone did this. The rEFInd bootloader also offers this.

Code: Select all

How is it possible that user put Certificates to the UEFI

You can sign all binaries on your system and place it into the UEFI firmware. Then your binary (bootloader, graphics drivers) will be allowed to boot by the system.

When user can do it, Why can not all other people (Hacker the NSA) do it?

They can. That's why secure boot is a good thing. I generate my certificates so that's how I know that nobody replaced any binary with a different version. If the original binary that I signed is not on my system, then it won't boot. This is a good thing.

but it is it reallystic that it is possible in Future?

It is possible now. I had my system working with secure boot. But I got sick of having to sign kernel binaries everytime I upgraded a kernel.

[KnallKopf]

You can sign all binaries on your system and place it into the UEFI firmware.

That reassures me a little.

It is possible now ... But I got sick of having to sign kernel binaries everytime

And i have the fear that systemd can manage it in future.
And i have the fear that it is not possible in future to sign all binaries on your system and place it into the UEFI.
And because systemd comes from RedHeat and is Mainstream it will the only that had a key in UEFI.
But RedHeat will generous and give us signed binarys.
The trend in now is to Opensource but no free software.

I can be wrong with this theory because i have only concerned since i have read this thread.
In any case the old one was not need this attention, it does his job fine.



For me are the advantages: parallel-booting, and simplification (it is induvidal), glass beads and no reason to allow the rape on the Linux principle.

I thing openrc is a alternative but a poor allternative.
1.) A lot of people in the internet grumble about openrc, it seems so that there a lot of bugs in openrc, and it is complex too.
2.) A lot of programms need the underlying systemdlibs. And they can not be remove. (if the programm should run).

But this is only my opinion.



The reasons why i is good to test or use it, is that i can be wrong.
The other reason is, is that the knowledge about systemd can be usefull for the future.
Only when i not rotate, the earth will rotate nevertheless (it will be cool if i can change it).