Jump to content



Photo

Secure Boot complaint filed against Microsoft


  • Please log in to reply
63 replies to this topic

#1 tiagosilva29

tiagosilva29

    You might think that, I couldn't possibly comment.

  • Tech Issues Solved: 1
  • Joined: 08-May 04
  • Phone: I need a new one. Gibe moni plos

Posted 28 March 2013 - 10:30

Hispalinux[1]Posted Image, an 8,000 strong Spanish association of Linux users and developers, has filed a complaint with the Madrid office of the European Commission claiming, according to a Reuters[2] report, that Windows 8 contains an "obstruction mechanism" called UEFI Secure Boot. This mechanism, it says, controls the system boot up and means users must seek keys from Microsoft to install another operating system.

Hispalinux head, lawyer José Maria Lancho, told the news agency that it was "absolutely anti-competitive" and a "de facto technological jail for computer booting systems". The complaint[3]Posted Image says that although Microsoft says UEFI Secure Boot is a security measure, its implementation would not mean the end of malware and viruses.

The complaint comes just over three weeks after the EU Competition Chief Joaquín Almunia said, in a written answer[4] to parliamentary questions, that the "Commission is monitoring the implementation of the Microsoft Windows 8 security requirements. The Commission is however currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules".

UEFI Secure Boot is a mechanism that was added to the UEFI firmware and uses keys registered in firmware to check a digital signature on any operating system's bootloader and kernel to ensure that they have not been tampered with. The idea is to avoid situations where malware modifies the operating system or boot process itself as part of its camouflage mechanisms. Microsoft requires that machines sold with Windows 8 pre-installed are configured to use this mechanism to validate the operating system. This means that machines with Windows 8 have Microsoft's key registered in the firmware and, with no other operating system vendor offering a similar key, it is the only key that comes on most of these machines.

Booting another operating system on these machines would, therefore, mean disabling secure boot, adding a key for validation of the other operating system to the firmware, or getting the bootloader for the operating system signed by Microsoft. The first two options are paths that Microsoft requires vendors implement on x86-based systems, although there are no common or standard ways of implementing the features.

Therefore, Linux vendors such as Red Hat, SUSE and Canonical, and the Linux Foundation all looked at approaches where a bootloader or pre-bootloader was signed by Microsoft and would go on to load Linux once booted and verified. This would, the vendors believed, give users an easier way to install Linux on any arbitrary Windows 8 pre-installed PC system.

These solutions require Microsoft to sign the bootloader and have reinforced the Free Software Foundation's objections[5] to what it has dubbed "Restricted Boot". The Hispalinux complaint appears to follow the FSF's reasoning and seems to request a simple way for consumers to disable or override Secure Boot. But, as the Commissioner notes: "In particular, on the basis of the information currently available to the Commission it appears that the OEMs are required to give end users the option to disable the UEFI secure boot". It may be that this case will hinge on whether the Commission continues to feel that this is sufficient.
URL of this Article:
http://www.h-online....ft-1830714.html
Links in this Article:
[1] http://www.hispalinux.es/
[2] http://www.reuters.c...E92P0E120130326
[3] http://www.hispalinux.es/node/758
[4] http://www.europarl....162&language=EN
[5] http://www.h-online....ot-1363531.html


Couldn't find any forums search entries on this, so posting it here.


#2 MikeChipshop

MikeChipshop

    Miniman

  • Tech Issues Solved: 2
  • Joined: 02-October 06
  • OS: Win 8, Win 7, Vista, OSX, iOS, Android, WP8 and various Linux distro's
  • Phone: HTC 8X

Posted 28 March 2013 - 10:43

Actually posted on the front page... http://www.neowin.ne...nti-competitive

#3 OP tiagosilva29

tiagosilva29

    You might think that, I couldn't possibly comment.

  • Tech Issues Solved: 1
  • Joined: 08-May 04
  • Phone: I need a new one. Gibe moni plos

Posted 28 March 2013 - 10:56

That's why I couldn't find it. Thanks!

#4 Dot Matrix

Dot Matrix

    Way past cool.

  • Tech Issues Solved: 2
  • Joined: 14-November 11
  • Location: Upstate New York
  • OS: Windows 8.1
  • Phone: Nokia Lumia 920

Posted 28 March 2013 - 11:06

Holds no water.

#5 MikeChipshop

MikeChipshop

    Miniman

  • Tech Issues Solved: 2
  • Joined: 02-October 06
  • OS: Win 8, Win 7, Vista, OSX, iOS, Android, WP8 and various Linux distro's
  • Phone: HTC 8X

Posted 28 March 2013 - 20:05

That's why I couldn't find it. Thanks!


No problem, i just happened to be reading it at the same time!

#6 HawkMan

HawkMan

    Badass Viking

  • Tech Issues Solved: 3
  • Joined: 31-August 04
  • Location: Norway

Posted 28 March 2013 - 20:40

For the supposed self proclaimed computer elite. Linux users keep coming off as inept computer illiterates....

#7 TheExperiment

TheExperiment

    Starry

  • Joined: 11-October 03
  • Location: Elsewhere
  • OS: 8.1 x64

Posted 28 March 2013 - 20:46

For the supposed self proclaimed computer elite. Linux users keep coming off as inept computer illiterates....

Even the knowledgeable ones (Timothy Lottes for one example) seem to believe MS did it just to block competition. I'm really not sure what to think of these people.

#8 HawkMan

HawkMan

    Badass Viking

  • Tech Issues Solved: 3
  • Joined: 31-August 04
  • Location: Norway

Posted 28 March 2013 - 20:55

Their whole argument is that secure boot isn't a silver bullet that stops all malware, but just one piece of a big system. But since every little piece of security is just that, why don't we remove all of them... Oh wait... Then you're unprotected. Every little brick helps.

#9 MDboyz

MDboyz

    Neowinian

  • Joined: 16-November 01

Posted 28 March 2013 - 21:01

While people are crying about how unsecure Windows OS, but then still cry when they try to implement something to make it more secure.
It is only unfair if they buy the computer without any OS, and still can't install Linux because of UEFI Secure Boot. However, the computer is sold as computer with pre-installed Windows OS.
Stop crying and buy a Linux computer instead.

#10 TheExperiment

TheExperiment

    Starry

  • Joined: 11-October 03
  • Location: Elsewhere
  • OS: 8.1 x64

Posted 28 March 2013 - 21:04

Stop crying and buy a Linux computer instead.

It's kind of irrelevant when you can install Linux fine now.

Which is what I told people would happen. MS can't afford another huge run in with the DoJ and it's bloody unlikely they'd go out of their way to **** off the EU either.

#11 Detection

Detection

    Detecting stuff...

  • Joined: 30-October 10
  • Location: UK
  • OS: 7 SP1 x64

Posted 28 March 2013 - 21:22

Only a matter of time until the bootloader/UEFI is bypassed/hacked

The ASUS Transformers have ether SBK1 or SBK2 models, the SBK1 models key was leaked so we could use NVFlash to flash custom ROMs, SBK2 key was never leaked, but eventually the guys at XDA found a way around it and now both models can flash whatever OS/Recovery they want on them

#12 Eric

Eric

    Neowinian Senior

  • Tech Issues Solved: 11
  • Joined: 02-August 06
  • Location: Greenville, SC

Posted 28 March 2013 - 21:38

Is there some reason that companies like RedHat and Canonical can't get a bootloader signed?

#13 chrisj1968

chrisj1968

    copyrighted!! ©

  • Tech Issues Solved: 3
  • Joined: 17-June 08
  • Location: United States

Posted 28 March 2013 - 21:42

Is there some reason that companies like RedHat and Canonical can't get a bootloader signed?


Probably because theoretically, They are knocking at the door and microsoft is behind the locked door giggling while Linux users scratch their heads.

#14 remixedcat

remixedcat

    meow!

  • Tech Issues Solved: 1
  • Joined: 28-December 10
  • Location: Vmware ESXi and Hyper-V happy clouds
  • OS: Windows Server 2012 R2
  • Phone: I use telepathy and cat meows to communicate

Posted 28 March 2013 - 21:50

linux zealouts or whatever you wanna call em are *SMACK* as wack

#15 Growled

Growled

    Neowinian Senior

  • Tech Issues Solved: 1
  • Joined: 17-December 08
  • Location: USA

Posted 29 March 2013 - 00:54

Is there some reason that companies like RedHat and Canonical can't get a bootloader signed?


I think most people who are upset are upset over the fact that Microsoft holds all the keys. Those keys should be held by a third party for all.



Click here to login or here to register to remove this ad, it's free!