This was mentioned in a thread on the Slackware forum, and was the first I'd heard of it.

So, this article appeared a few days ago: https://0pointer.de/blog/brave-new-t...oot-world.html

Then in the News section of the forum, there was a link to story from El Reg: https://www.theregister.com/2022/10/...ft_poettering/

"Microsoft's Lennart Poettering proposes tightening up Linux boot process
Building your own initial RAMdisk? That's insecure!"

"Microsoft's Lennart Poettering" Funny. I chortled when I saw it, but my then mood changed upon reading the story. In that story there were some links to these comments on Hacker News:

"As somone who never really viewed systemd as a problem I'm starting to think the systemd "haters" were actually right, at least somewhat... Viewing Poettering as some kind malicious entity undermining projects sounds like a conspiracy theory. But now with him working for Microsoft his actions do look like a lot like the "embrace, extend, and extinguish" pattern to me. Yes, yes "Microsoft <3 Linux", of course... And now I am supposed to cheer for the groundwork for the creation of an allmighty authority with the ability to "sanction" some (parts of) operating systems, but not others?" https://news.ycombinator.com/item?id=33341718

"I always thought this outcome was obvious. Systemd controls everything that happens before Linux boots. It controls everything that happens after Linux boots. Might as well call it GNU/Systemd at this point. It's the silent revolution no one wanted. The name itself implies a manifest destiny because System D is 100x greater than System V and they intentionally break POSIX compliance too. Now that the guy who owns the systemd project works for Microsoft, in addition to the fact that the Linux kernel now needs to be a Windows executable in order to boot, that really tells you all you need to know." https://news.ycombinator.com/item?id=33341938

Emphasis mine.

There doesn't seem to be much discussion about this. I, for one, am quite concerned about the direction this is going.

Are you not concerned by it? If not, why not?

Any other thoughts or comments?

Thank you for posting this. I would not be a bit surprised if he was working with or for Microsoft for some time and just announced it publicly when the time was right. But I tend to follow the money trail back to the source when things smell/look fishy.

Actually, "the initrd step" in a great many distros is(!) a vulnerability, since this is the "pre-boot' step in which the kernel attempts to automagically adapt itself to whatever hardware environment it may be faced with. Although this precursory step of the process is not well-understood by many, to finger it as a "potentially exploitable vulnerability" – although IMHO fairly unlikely – cannot be entirely dismissed. "If one puts their mind to it, any point in the process is 'potentially exploitable.'"

This is why ones philosophy personal and project is of the utmost importance. I am reminded of the American statesman Benjamin Franklin: With each addition Pottering et al seem adamant about "taking over" or taking control of most everything and often in the name of security/complexity this is how everyone else does it etc... Is the dog wagging the tail or the tail wagging the dog, and at what point is the tail replaced with tale.

As a locally compiled kernel could be. Does that mean we need to obtain authority from Microsoft before being allowed to use a customised kernel on our own hardware?

Is the frog boiled yet? Seems like it's almost done.

Having "our own hardware" is variable, there is hardware which is soldered together prohibiting replacement of faulty modules.
So having software which is "soldered" together totally makes sense when you look at any and all profit driven software development.
It's nothing new BTW, remember SecuROM?

It's all about getting 'locked in' & profits!

If mainstream Linux ends up 'needing' this, the BSDs are just waiting for new users.

The trouble will be finding a computer that doesn't have all these Microsoft lock ins!

That'll be a non-issue for most, I think. What really put things in perspective for me, is one video I saw long time ago.
The F-Secure crew went through some malware code, and found an address of the guys making it.
They actually went there and found some dudes in extremely poor condition, with a trash-type of PC, writing the malware for fun.
What these guys probably do is they find the nearest trash dump to get broken hardware, solder it together, and re-sell it on the flea market.
They could not care any less about some suits, who think they could buy trust. This is why I think the lock-in situation really depends on what you buy and where.

Now that extremely hairy disk systems have been removed and the processes streamlined, surely you just need the modules to mount / in an initrd. If you compile those modules in, you don't need one at all. I survived for years without one and only went back to them through laziness.

I am concerned, and as a result am dusting off plans to drop Linux in favour of OpenBSD (about to rebuild an old PC to practice on).

So you're fine with a software house having authority over hardware you own?

That notion goes against my grain.

Lennart Poettering can complete Pulse Audio before he does anything else. Could I write it? No. Would I pester everybody so that they took up my system then make it not work for years, then almost work like it should then give up on it? No.
This is not an Ad Hominem, well it is sort-of, but more a "Why the hell trust this guy who is full of shit?".
And, yes, the fact he migrated to Microsoft no matter what their perceived situation regarding open source at the moment (OK they're not the MS of "Linux is cancer" any more) is also not a good sign.

That's not a change just rebranding. Public face/Private face.

Best way to control the opposition is to lead and control the opposition.

I don't trust them any more now but I also don't think that the vicious anti-free software attitude that was in the company back then is there now.

Maybe I was not clear before.. It really does depend on what you buy, and who installed the OS.
I didn't see you complain when folks started losing warranty for replacing the android boot loader.
But to make it clear: I'm against locking up the loader/bios and I don't use secure boot, but I never buy stuff with pre-installed OS.