Jump to content



Photo

Secure Boot complaint filed against Microsoft


  • Please log in to reply
63 replies to this topic

#31 rfirth

rfirth

    Software Engineer

  • Tech Issues Solved: 2
  • Joined: 11-September 09
  • Location: Baton Rouge, Louisiana
  • OS: Windows 8
  • Phone: Nokia Lumia 620

Posted 29 March 2013 - 04:44

Acer- Emachine - Gateway to name a few... There is no option to disable it at all-- it is missing.



Microsoft REQUIRES that all x86/x86-64 machines have the option to turn off Secure Boot...


I had a friend bring me his All in one with Windows 8
Acer Aspire AZS600-UR15


and wanted me to install Windows 7 on it- there was no option to turn off the check.

Windows 7 would pretend like it would install then at the point of installing boot loader - Fail- even when I placed a fresh drive int the machine.

It would not let it write to the boot sector.
I looked and there was nothing -- the only options were - to control boot order- check for extra hard drives and turn to compatibility mode.
I had to end up restoring the Windows 8.


Secure Boot was obviously disabled.

It shouldn't even let you boot from a DVD if Secure Boot is enabled.

Compatibility mode? Perhaps they're calling it that? By the way, Secure Boot doesn't prevent the writing of the boot sector, I don't think. I think it only prevents booting from a boot sector that doesn't have a valid certificate stored in the UEFI. I think. So if malware overwrites it, you will be blocked from booting... and will have to run the recovery DVD to re-write the boot sector.


#32 +goretsky

goretsky

    Neowinian Senior

  • Tech Issues Solved: 3
  • Joined: 12-March 04
  • Location: Southern California

Posted 29 March 2013 - 04:50

Hello,

Can you please list the brands and models of computers that vendors have shipped that have Windows 8 preloaded and no option to disable UEFI Secure Boot in their firmware? Please note that by computer, I mean an IA-32 instruction set compatible CPU such as those made by AMD or Intel, and not tablet devices with ARM CPUs that run Windows RT. Thank you.

Regards,

Aryeh Goretsky




No this has nothing to do with LINUX not being good but Microsoft forcing Windows 8 on you....

I mean let me take Linux out of the equation for you.

Windows 8 runs like a snail or you just don't like it and you decide you want to buy and install Windows 7 instead

Whoops Not GOING TO ALLOW IT...
. you can't because the only OS your computer thinks is a Valid install is Windows 8.

And in some of the OEM's there is no bios option to remove or disable this check.
The easy way to edit this is allow the OEM's to have a bios that can be downloaded to allow people to turn it off.
What this boils down to is Allow the user the choice.

I mean what if people buy a PC with Windows 8 and decide they don't like it at all... and they want to install the following.

Windows 7
Linux
Hackintosh

But their computer won't allow them to do this.

This is as they are trying to show is the same option as Microsoft locking people into having IE installed by default.

The other thing to look at is -- people say "BUY a Linux Computer" well that limits the choices and those choices are not very strong computers.
Other than -
https://www.system76.com


But still there are not a lot of options- They don't even offer any AMD chip-sets.

Some of these people don't mind paying for a computer with Windows but also like the CHOICE to have a dual boot as well.
I mean would you want a computer where you can't even choose which OS you want on it?



#33 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 29 March 2013 - 04:55

I can't see this going anywhere, Microsoft aren't locking anybody out, the Linux guys can sign their own releases (Or they can do what Red Hat tried to do, and patch the kernel to read the signed binary MS provides), or they can simply turn it off (I can't even enable it on my PC since my GFX card isn't up to spec, Windows 8 doesn't have an issue with it)

...
Compatibility mode? Perhaps they're calling it that? By the way, Secure Boot doesn't prevent the writing of the boot sector, I don't think. I think it only prevents booting from a boot sector that doesn't have a valid certificate stored in the UEFI. I think. So if malware overwrites it, you will be blocked from booting... and will have to run the recovery DVD to re-write the boot sector.


"Compatibility Mode" (Or Compatibility Support Module) is the UEFI name for "BIOS", great isn't it? Turning that option on causes it to boot the the classic BIOS method and disables any nice functionality UEFI provides (like Secure Boot)

#34 uMadRabbit

uMadRabbit

    Neowinian Senior

  • Joined: 03-January 12

Posted 29 March 2013 - 05:20

I wonder if Linux users feel sorry for this group or not? If not they should.

#35 nub

nub

    Neowinian Senior

  • Joined: 19-November 06
  • Location: Amerika

Posted 29 March 2013 - 05:20

Microsoft forcing Windows 8 on you....


You do know that Microsoft REQUIRES that secure boot can be disabled, right? Microsoft isn't doing ****. You're a god damn idiot. Stop blabbering bull****.

I had a friend bring me his All in one with Windows 8
Acer Aspire AZS600-UR15


Posted Image

Funny... I was able to find it in the manual.

https://mega.co.nz/#!VkFRXaAT!LLt1iRqH54ssGoLDI_tvIggvWulOt87OZUTc7T7DWOU

#36 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 05:41

I can't see this going anywhere, Microsoft aren't locking anybody out, the Linux guys can sign their own releases (Or they can do what Red Hat tried to do, and patch the kernel to read the signed binary MS provides), or they can simply turn it off (I can't even enable it on my PC since my GFX card isn't up to spec, Windows 8 doesn't have an issue with it)



"Compatibility Mode" (Or Compatibility Support Module) is the UEFI name for "BIOS", great isn't it? Turning that option on causes it to boot the the classic BIOS method and disables any nice functionality UEFI provides (like Secure Boot)


Actually that option listed turned the SATA drive as an ATA drive when choosing Compatibility mode.

It would boot the Windows 7 DVD but when it went to write to the Drive that was when it failed.

There was no listed option to turn it off.. the bios options were sparse.

#37 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 05:49

You do know that Microsoft REQUIRES that secure boot can be disabled, right? Microsoft isn't doing ****. You're a god damn idiot. Stop blabbering bull****.



Posted Image

Funny... I was able to find it in the manual.

https://mega.co.nz/#...t87OZUTc7T7DWOU

Seriously There was no Authentication Tab when I was in it-- and I just called the guy and he booted to the bios and it is not there.

#38 rfirth

rfirth

    Software Engineer

  • Tech Issues Solved: 2
  • Joined: 11-September 09
  • Location: Baton Rouge, Louisiana
  • OS: Windows 8
  • Phone: Nokia Lumia 620

Posted 29 March 2013 - 05:51

There was no listed option to turn it off.. the bios options were sparse.


I don't know, seems like it's pretty obvious to me:

Posted Image

Funny... I was able to find it in the manual.


Seriously There was no Authentication Tab when I was in it-- and I just called the guy and he booted to the bios and it is not there.


Fine, but Microsoft does require that you have the ability to disable it. Your dispute isn't with Microsoft, but with Acer. This isn't an instance of Microsoft being anti-competitive or intentionally locking others out.

#39 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 05:57

I don't know, seems like it's pretty obvious to me:


What bios revision did the screen come from


Fine, but Microsoft does require that you have the ability to disable it. Your dispute isn't with Microsoft, but with Acer. This isn't an instance of Microsoft being anti-competitive or intentionally locking others out.

What bios revision?

#40 nub

nub

    Neowinian Senior

  • Joined: 19-November 06
  • Location: Amerika

Posted 29 March 2013 - 06:23

What bios revision?


In the picture? P11-A0 built on 8/8/12

#41 Torolol

Torolol

  • Joined: 24-November 12

Posted 29 March 2013 - 07:08

the one who need the secure boot most is the corporates environtment,
however current 'secure boot' implementation is less desired
as the fact that key was handled by Microsoft & hardware vendor, and NOT by hardware owner.

If hardware owner can create its own unique keys,
they can sign the OS files with it,
and the computer can only works if it run using said 'apporved' OS,
this is the ideal way of using Secure Boot in corporate environtment.

While in current situation, suppose corporate using secure boot Windows 8,
but employess managed to install some other OS,
because the fact that OS signed with the SAME Key as used by the W8,
the secure boot protocols will accept and run that OS.

From Corporate's security point of view thats are not desireable,
and thus doesn't achieve alleged security that suppose to be delieverd by 'Secure Boot'.

Sure you can disable the Secure Boot,
but can you specify/modify the key? NO. Only hardware vendor can do that.

And if the current Secure Boot's Keys are compromised just like how PlayStation 3's keys was compromised,
that means all existing secure boot can be compromised as the key management was handled by MS & hardware vendor.

#42 The_Decryptor

The_Decryptor

    STEAL THE DECLARATION OF INDEPENDENCE

  • Tech Issues Solved: 5
  • Joined: 28-September 02
  • Location: Sol System
  • OS: iSymbian 9.2 SP24.8 Mars Bar

Posted 29 March 2013 - 07:18

...
Sure you can disable the Secure Boot,
but can you specify/modify the key? NO. Only hardware vendor can do that.
...


If it's any good you can, my motherboard lets me install/remove any keys (including the default MS keys)

#43 uMadRabbit

uMadRabbit

    Neowinian Senior

  • Joined: 03-January 12

Posted 29 March 2013 - 07:18

the one who need the secure boot most is the corporates environtment,
however current 'secure boot' implementation is less desired
as the fact that key was handled by Microsoft & hardware vendor, and NOT by hardware owner.

If hardware owner can create its own unique keys,
they can sign the OS files with it,
and the computer can only works if it run using said 'apporved' OS,
this is the ideal way of using Secure Boot in corporate environtment.

While in current situation, suppose corporate using secure boot Windows 8,
but employess managed to install some other some other OS
because the fact that OS signed with the SAME Key as used by the W8,
the secure boot protocols will accept and run that OS.

From Corporate's security point of view thats are not desireable,
and thus doesn't achieve alleged security that suppose to be delieverd by 'Secure Boot'.

Sure you can disable the Secure Boot,
but can you specify/modify the key? NO. Only hardware vendor can do that.

And if the current Secure Boot's Keys are compromised just like how PlayStation 3's keys was compromised,
that means all existing secure boot can be compromised as the key management was handled by MS & hardware vendor.


Stopped reading at "keys handled by Microsoft".

No they are not. Verisign is handling Secure Boot keys. Microsoft bought they key like everyone else can do, they even offered keys for Linux distros for free for a while but since Linus is too stuck up on his own views it went all sour, this is nothing you can blame MS on.

#44 articuno1au

articuno1au

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 20-March 11
  • Location: Brisbane, Australia

Posted 29 March 2013 - 07:20

the one who need the secure boot most is the corporates environtment,
however current 'secure boot' implementation is less desired
as the fact that key was handled by Microsoft & hardware vendor, and NOT by hardware owner.

If hardware owner can create its own unique keys,
they can sign the OS files with it,
and the computer can only works if it run using said 'apporved' OS,
this is the ideal way of using Secure Boot in corporate environtment.

While in current situation, suppose corporate using secure boot Windows 8,
but employess managed to install some other some other OS
because the fact that OS signed with the SAME Key as used by the W8,
the secure boot protocols will accept and run that OS.

From Corporate's security point of view thats are not desireable,
and thus doesn't achieve alleged security that suppose to be delieverd by 'Secure Boot'.

Sure you can disable the Secure Boot,
but can you specify/modify the key? NO. Only hardware vendor can do that.

And if the current Secure Boot's Keys are compromised just like how PlayStation 3's keys was compromised,
that means all existing secure boot can be compromised as the key management was handled by MS & hardware vendor.

You can load your own signing keys in some implementations..

That is, however, the reason it's set up the way it is. It's beyond confusing for the average user. That's why Microsoft mandated that you be able to turn it off.

If you want secure boot that you hold the keys to, awesome. Find an OEM provider that allows you to, then find a way to sign the MS bootloader and you're in.. You are at best a borderline use case >.<

#45 redvamp128

redvamp128

    Neowinian Senior

  • Joined: 06-October 01

Posted 29 March 2013 - 07:34

In the picture? P11-A0 built on 8/8/12


That explains it. His is 5/22/12 I guess I should email acer for a download of an updated bios.