SCALE 19x venue
SCALE 19x logo
Pasadena Convention Center
March 2022

INTERVIEW: Matthew Garrett

We had a chance to sit down with Matthew Garrett, SCALE 11x keynote speaker, to discuss his upcoming keynote "The Secure Boot Journey" as well as a host of other topics including the future directions of Linux.

SCALE: Could you please introduce yourself and tell us a little about your background?

Matthew: My name's Matthew, and I'm a Linux developer. I started off as a geneticist, but after a few years of that I came to the realisation that I had no interest in spending the rest of my life removing ovaries from fruitflies. Linux had been a hobby for some time, so I ended up concentrating on that and working for Red Hat on power management and firmware support. I represented the company on the ACPI and UEFI standards bodies, helping influence future releases of the specifications and making sure that changes matched the needs of Linux as well as other operating systems.

I moved to a cloud startup called Nebula at the end of last year, where I'm now helping ensure that customers can trust their clouds. As cloud computing grows ever more ubiquitous, it's becoming increasingly important to be able to verify that your cloud hosts aren't modifying the contents of your guests. It's interesting work.

SCALE: How did you first discover Linux?  What about it appealed to you?

Matthew: I'd first heard about Linux around 1995, when I briefly tried running it on an Amiga - unfortunately my graphics card wasn't well supported and I never really got very far. But once I'd got to university in 1998 it was pretty clear that I didn't want to run Windows, and Linux was the natural alternative. I liked the ability to see what was going on in the software and build my own projects on top of that, and over time grew increasingly aware of the importance of software freedom.

SCALE: What led to you working at Red Hat?

Matthew: By 2008, I was looking for a job working on the low levels of the OS, but not just restricted to the kernel. This was while Novell were laying people off, so the choices were pretty much either Red Hat or Canonical. Canonical weren't doing a great deal of upstream development at the time, so Red Hat were the natural choice.

SCALE: What made you focus your interest on the lower levels of the operating system?

Matthew: I bought a new laptop in 2004 and found that ACPI suspend/resume *almost* worked. Some hacking later, and it *actually* worked. The problem then was that we had all these ACPI interfaces for controlling different bits of the hardware, but no way for them to be hooked into the user interface. So, the next few years were spent working on getting the kernel to support new hardware interfaces and getting userspace to make use of those interfaces.

SCALE: As someone whose been involved with Linux for a number of years, what do you think of how it has evolved?  Any particular directions that you excited to see it heading in?

Matthew: Last night the cab I was in had a news display in the back, and it glitched when the driver turned on the ignition. On reboot, there was a quick flash of Linux boot messages. I've got a Linux device that fits in my pocket, I've run Linux on supercomputing clusters and now I've got Linux running in the taxi I'm sitting in? Linux is so ubiquitous that most of its uses probably go entirely unnoticed. It's more surprising to find a non-PC running something that isn't Linux than one that is. We may not have won the desktop, but we got everything else. That seemed pretty impossible 15 years ago.

This ubiquity does mean that there will be challenges about the direction and management of Linux, and I think we're seeing that when projects like the Long Term Support Initiative include patches that have been rejected by upstream. It'll be interesting to see what the outcome of a divergence between industry requirements and upstream will be, but I've got no doubt that it'll end up solved to most people's satisfaction.

At a more social level, I'm glad that the Linux community has been leading the way among the larger tech community in figuring out ways to make itself more welcoming and help people feel safer. Free software is a powerful tool for social justice, but it's associated with exclusionary communities far too often. Linux conferences were among the first to institute policies aimed at ensuring people would feel that they'd be protected from inappropriate behaviour, and I hope SCALE follows that lead.

SCALE: Do you think winning the desktop is relevant anymore?

Matthew: Winning? No. Being competitive? Absolutely. I was pretty familiar with computers before I ran Linux, but I wasn't a programmer. I wanted a desktop operating system. Linux not only gave me that, it gave me the opportunity to improve software that I was running and send those improvements back to the original author. Some degree of success on the desktop is vital to ensure that we continue to have programmers who are interested in developing free software. I don't want a world where software freedom is confined to web frameworks. I want a world where people can run a free kernel, a free userland and a free GUI. Ignoring the desktop means giving a lot of that up.

SCALE: What led to the move to Nebula?  Are you working on similar projects to what you were working on at Red Hat?

Matthew: I'd finished the engineering side of getting Secure Boot support into Fedora, and wanted a change. Nebula gave me an opportunity to use the experience I'd gained in a different context. It's pretty different working for a company that's only about 1% of the size of Red Hat, and I'm enjoying it a lot.

SCALE: You're giving a keynote on "The Secure Boot Journey."  Without tipping your hand on the actual talk, can you give us an idea of what we might expect?

Matthew: It's easy to think of Secure Boot as a purely technical problem, but when we started working on this back in 2011 there wasn't any obvious technical solution. I'm going to be covering the more social and political aspects of the journey from having no idea of what we were going to do to shipping working solutions. It's a story of unexpected cooperation and unfortunate obstructionism, and finding that the people you end up having useful working relationships with aren't always the ones you thought they would be.

SCALE: There have been a few of different solutions proposed and implemented by various groups.  Do you think we'll see a convergence into a common solution?  Or will everyone stick to their own way of doing things?  Is either situation good or bad?

Matthew: At this point we only really have two solutions. There's Shim, which is the code that I originally wrote and which has then been built on by Canonical and Suse, and there's the Linux Foundation's loader. The Linux Foundation solution doesn't match the requirements of any of the major distributions and provides no additional features when compared to shim (and mostly does a bunch less), so I don't see it being widely adopted. So, practically speaking, there's only one solution.

What we did see were several companies focusing on different aspects of the problem and applying their development effort differently. Canonical deployed shim before anyone else did, and so found a couple of early issues that have been resolved since. Suse came up with an amazingly elegant solution that makes it easy for users to sign their own bootloaders and kernels. Red Hat did most of the rest of the implementation. There's also some differences around the edges, including the question of where you can stop signing things. I think there'll be consolidation there as we get a better understanding of the threats that can be launched against Secure Boot platforms.

SCALE: Is this your first visit to SCALE? If so, what are your expectations? If not, can you give us your impressions of the event?

Matthew: Not only my first SCALE, it's going to be the furthest I've ever got outside LAX airport! I've heard good things about SCALE in the past, and I'm looking forward to spending time at such a community-focused event.

SCALE: Is there anything else you'd like to add?

Matthew: UEFI has mostly been presented as a challenge rather than an opportunity. There's a lot of useful things we can with it, and I'm hoping that I'll be able to convince people that the work we've done on Secure Boot can contribute to Linux's future.

SCALE: Do you think a lot of the opinions about UEFI were formed because of the entities behind it?  Have there been other areas where this has happened?

Matthew: Oh, definitely - Microsoft's involvement naturally led to a lot of people assuming the worst. If UEFI had become more ubiquitous first, before Secure Boot was added to the mix, things might have been easier. On the other hand, you just don't get this kind of change in the market without someone like Microsoft pushing it. Intel had been lobbying for UEFI adoption for years, with only mild success.

The reality is pretty much that any cross-vendor project isn't going to get that far unless operating systems support it, and if Windows doesn't support it then it's probably dead. Microsoft are inevitably going to be involved in any major change in the PC industry for as long as they're the dominant PC OS vendor, and we're going to have to accept that and make sure that we can work with them rather than having a kneejerk reaction against anything they've touched.

SCALE: Thanks for taking the time to speak to us and we'll see you at SCALE 11X!