Secure Boot complaint filed against Microsoft


Recommended Posts

  Quote

Hispalinux[1]Spain-95ce387c68887fa0.png, an 8,000 strong Spanish association of Linux users and developers, has filed a complaint with the Madrid office of the European Commission claiming, according to a Reuters[2] report, that Windows 8 contains an "obstruction mechanism" called UEFI Secure Boot. This mechanism, it says, controls the system boot up and means users must seek keys from Microsoft to install another operating system.

Hispalinux head, lawyer Jos? Maria Lancho, told the news agency that it was "absolutely anti-competitive" and a "de facto technological jail for computer booting systems". The complaint[3]Spain-95ce387c68887fa0.png says that although Microsoft says UEFI Secure Boot is a security measure, its implementation would not mean the end of malware and viruses.

The complaint comes just over three weeks after the EU Competition Chief Joaqu?n Almunia said, in a written answer[4] to parliamentary questions, that the "Commission is monitoring the implementation of the Microsoft Windows 8 security requirements. The Commission is however currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules".

UEFI Secure Boot is a mechanism that was added to the UEFI firmware and uses keys registered in firmware to check a digital signature on any operating system's bootloader and kernel to ensure that they have not been tampered with. The idea is to avoid situations where malware modifies the operating system or boot process itself as part of its camouflage mechanisms. Microsoft requires that machines sold with Windows 8 pre-installed are configured to use this mechanism to validate the operating system. This means that machines with Windows 8 have Microsoft's key registered in the firmware and, with no other operating system vendor offering a similar key, it is the only key that comes on most of these machines.

Booting another operating system on these machines would, therefore, mean disabling secure boot, adding a key for validation of the other operating system to the firmware, or getting the bootloader for the operating system signed by Microsoft. The first two options are paths that Microsoft requires vendors implement on x86-based systems, although there are no common or standard ways of implementing the features.

Therefore, Linux vendors such as Red Hat, SUSE and Canonical, and the Linux Foundation all looked at approaches where a bootloader or pre-bootloader was signed by Microsoft and would go on to load Linux once booted and verified. This would, the vendors believed, give users an easier way to install Linux on any arbitrary Windows 8 pre-installed PC system.

These solutions require Microsoft to sign the bootloader and have reinforced the Free Software Foundation's objections[5] to what it has dubbed "Restricted Boot". The Hispalinux complaint appears to follow the FSF's reasoning and seems to request a simple way for consumers to disable or override Secure Boot. But, as the Commissioner notes: "In particular, on the basis of the information currently available to the Commission it appears that the OEMs are required to give end users the option to disable the UEFI secure boot". It may be that this case will hinge on whether the Commission continues to feel that this is sufficient.

URL of this Article:

http://www.h-online.com/open/news/item/Secure-Boot-complaint-filed-against-Microsoft-1830714.html

Links in this Article:

[1] http://www.hispalinux.es/

[2] http://www.reuters.com/article/2013/03/26/us-microsoft-eu-idUSBRE92P0E120130326

[3] http://www.hispalinux.es/node/758

[4] http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=E-2013-000162&language=EN

[5] http://www.h-online.com/news/item/FSF-warns-of-Windows-8-Secure-Boot-1363531.html

Couldn't find any forums search entries on this, so posting it here.

  On 28/03/2013 at 20:40, HawkMan said:

For the supposed self proclaimed computer elite. Linux users keep coming off as inept computer illiterates....

Even the knowledgeable ones (Timothy Lottes for one example) seem to believe MS did it just to block competition. I'm really not sure what to think of these people.

  • Like 2

Their whole argument is that secure boot isn't a silver bullet that stops all malware, but just one piece of a big system. But since every little piece of security is just that, why don't we remove all of them... Oh wait... Then you're unprotected. Every little brick helps.

  • Like 2

While people are crying about how unsecure Windows OS, but then still cry when they try to implement something to make it more secure.

It is only unfair if they buy the computer without any OS, and still can't install Linux because of UEFI Secure Boot. However, the computer is sold as computer with pre-installed Windows OS.

Stop crying and buy a Linux computer instead.

  • Like 3
  On 28/03/2013 at 21:01, MDboyz said:

Stop crying and buy a Linux computer instead.

It's kind of irrelevant when you can install Linux fine now.

Which is what I told people would happen. MS can't afford another huge run in with the DoJ and it's bloody unlikely they'd go out of their way to **** off the EU either.

Only a matter of time until the bootloader/UEFI is bypassed/hacked

The ASUS Transformers have ether SBK1 or SBK2 models, the SBK1 models key was leaked so we could use NVFlash to flash custom ROMs, SBK2 key was never leaked, but eventually the guys at XDA found a way around it and now both models can flash whatever OS/Recovery they want on them

  On 28/03/2013 at 21:38, GreyWolf said:

Is there some reason that companies like RedHat and Canonical can't get a bootloader signed?

Probably because theoretically, They are knocking at the door and microsoft is behind the locked door giggling while Linux users scratch their heads.

  On 28/03/2013 at 21:38, GreyWolf said:

Is there some reason that companies like RedHat and Canonical can't get a bootloader signed?

I think most people who are upset are upset over the fact that Microsoft holds all the keys. Those keys should be held by a third party for all.

  • Like 3
  On 29/03/2013 at 00:54, Growled said:

I think most people who are upset are upset over the fact that Microsoft holds all the keys. Those keys should be held by a third party for all.

Fairly certain you can use secure boot without Microsoft at all. Fedora and some others opted to use the Microsoft key because it was easier.

  On 29/03/2013 at 00:54, Growled said:

I think most people who are upset are upset over the fact that Microsoft holds all the keys. Those keys should be held by a third party for all.

I don't think MS holds all the keys, I believe they are held by VeriSign.

Secure Boot is not a MS technology. They are just using it and I believe they also had to buy a key to use Secure Boot.

Other companies could also buy a key and use that in combination with Secure Boot.

  • Like 2
  On 29/03/2013 at 00:54, Growled said:

I think most people who are upset are upset over the fact that Microsoft holds all the keys. Those keys should be held by a third party for all.

We all know what happens when keys are given to Linux.

  • Like 3
  On 28/03/2013 at 21:38, GreyWolf said:

Is there some reason that companies like RedHat and Canonical can't get a bootloader signed?

I think RedHat already implemented it in Fedora.

It costs $99 from Verisign:

  Quote
The last option wasn't hugely attractive, but is probably the least worst. Microsoft will be offering signing services through their sysdev portal. It's not entirely free (there's a one-off $99 fee to gain access edit: The $99 goes to Verisign, not Microsoft - further edit: once paid you can sign as many binaries as you want), but it's cheaper than any realistic alternative would have been.

http://mjg59.dreamwidth.org/12368.html?style=light

Plus you can just disable secure boot, it isn't that hard and since you'll be installing a new OS chances are you already know how to.

Pathetic lawsuit to try and earn money, that's really all it is.

I think you'll find a lot of us like Linux..

There's also a cross-party bootloader that's been signed. The idea being that it can load up any distro you want.

The complaint is pretty pants on head.. Especially given Microsoft submitted a patch Linux could use (which was ****, but they did it) and Linus Torvalds booted it out.

I think Linus made the right call on that one, but it does rather defeat the "anti-competitive" argument >.>

  On 29/03/2013 at 02:31, _Alexander said:

Things like this is why no one likes Linux and Linux users.

No this has nothing to do with LINUX not being good but Microsoft forcing Windows 8 on you....

I mean let me take Linux out of the equation for you.

Windows 8 runs like a snail or you just don't like it and you decide you want to buy and install Windows 7 instead

Whoops Not GOING TO ALLOW IT...

. you can't because the only OS your computer thinks is a Valid install is Windows 8.

And in some of the OEM's there is no bios option to remove or disable this check.

The easy way to edit this is allow the OEM's to have a bios that can be downloaded to allow people to turn it off.

What this boils down to is Allow the user the choice.

I mean what if people buy a PC with Windows 8 and decide they don't like it at all... and they want to install the following.

Windows 7

Linux

Hackintosh

But their computer won't allow them to do this.

This is as they are trying to show is the same option as Microsoft locking people into having IE installed by default.

  On 28/03/2013 at 21:01, MDboyz said:

-snip-

However, the computer is sold as computer with pre-installed Windows OS.

Stop crying and buy a Linux computer instead.

The other thing to look at is -- people say "BUY a Linux Computer" well that limits the choices and those choices are not very strong computers.

Other than -

https://www.system76.com

But still there are not a lot of options- They don't even offer any AMD chip-sets.

Some of these people don't mind paying for a computer with Windows but also like the CHOICE to have a dual boot as well.

I mean would you want a computer where you can't even choose which OS you want on it?


Side note-
And for my Wife that is a necessity to be able to boot to a USB key that has Suse for her work.

The is what her company uses as it's business OS.

So for her it is that she get a computer that is not so new than?
[/CODE]

That is the complaint in an easy nutshell. Where they claimed to secure an OS but it has side effect and that is limiting the choices people can have with their computers.

  On 29/03/2013 at 03:44, redvamp128 said:

That is the complaint in an easy nutshell. Where they claimed to secure an OS but it has side effect and that is limiting the choices people can have with their computers.

Every security solution has side effects. You don't like Secure Boot? TURN IT OFF. Then you can install whatever OS you like. Some claim some OEMs disable this, but I've never actually seen an example.

The difference between UEFI providing an option to secure your computer and MS locking down said computer should be fairly obvious. That some people don't see the distinction does no credit to their logic.

  • Like 3
  On 29/03/2013 at 04:27, Deranged said:

Every security solution has side effects. You don't like Secure Boot? TURN IT OFF. Then you can install whatever OS you like. Some claim some OEMs disable this, but I've never actually seen an example.

The difference between UEFI providing an option to secure your computer and MS locking down said computer should be fairly obvious. That some people don't see the distinction does no credit to their logic.

Acer- Emachine - Gateway to name a few... There is no option to disable it at all-- it is missing.

The logic is there but the point is -- locking out user choice.

I personally like to dual boot either with WUBI or a true Dual boot.

And such like my wife needs for her work the newer systems don't allow it. (namely SUSE her job uses)

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • NTLite 2025.07.10541 by Razvan Serea NTLite is a Windows configuration tool that allows you to modify your existing Windows install or an image yet to be deployed, remove Windows components, configure and integrate, speed up the Windows deployment process. Reduce Windows footprint on your RAM and storage drive memory. Remove components of your choice, guarded by compatibility safety mechanisms, which speed up finding that sweet spot. Windows Unattended feature support, providing many commonly used options on a single page for easy setup. Easily integrate a single or multiple drivers, update or language packages. Package integration features smart sorting, enabling you to seamlessly add packages for integration and the tool will apply them in the appropriate order, keeping hotfix compatibility in check. One of the important new features of NTLite (compared to its predecessors) is the ability to modify an already installed the operating system, by removing unnecessary components. Supports Windows 11, 10, 8.1 and 7, x86 and x64, live and image. Server editions of the same versions, excluding support for component removals and feature configuration. ARM64 image support in the alpha stage. Does not support Checked/Debug, Embedded, IoT editions, nor Vista or XP. NTLite 2025.07.10541 changelog: Upgrade UI: Accessibility improvements, e.g. ribbon and page refocusing on Alt, status readout UI-Translation: Thanks for Hungarian (John), Italian (clarensio), Russian (RDS) Fix Components: Edge Canary initial start crash after removing WLAN and Autopilot together Download: NTLite 64-bit | 21.5 MB (Free, paid upgrade available) Download: NTLite 32-bit | 19.3 MB Link: NTLite Home Page | NTLite Features | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
    • I have the money, so I could've done that, but I also just spent nearly $2700 [Canadian] on a laptop, so I wanted to save money.
    • I wonder how would this machine perform with Linux on it, like Ubuntu or Fedora?
    • Mass Image Compressor 4.0.2 by Razvan Serea Mass Image Compressor is a fast and easy-to-use Windows app that helps you compress, resize, and convert large sets of images quickly. The tool supports various formats including JPEG, PNG, WebP, AVIF, and GIF (including animated images), and offers precise control over output quality, image dimensions, and file naming schemes. You can reduce file sizes while keeping good quality, change image dimensions, and rename files in batches. Users can filter or preserve metadata such as EXIF, IPTC, and XMP—including selectively removing GPS or serial number information. With features like drag-and-drop, Explorer integration, multiple output folder options, and lossless optimization tools like OxiPNG and pngquant, Mass Image Compressor is ideal for photographers, designers, and developers. Features Compress multiple folders and files in one go (including optional subfolders) Seamless Windows Explorer integration via the "Send To" menu Advanced metadata copy settings (EXIF, XMP, IPTC) with filtering (e.g., strip GPS, serial numbers) Full support for Animated Images (GIF, PNG, WebP) Output to modern formats like WebP and AVIF Regex filters for filenames and size-based exclusions Suffix/Prefix options and filename text replacement for output files Powerful Preview UI with pixel-level image comparison (CTRL + T) Robust and faster RAW image support Multiple flexible output destination modes: Replace original files Output to specific folder Store next to original with suffix/prefix Inside a Compressed subfolder Flexible resizing: By percentage Long edge, fixed width/height Frame-based for print or responsive image sets (1x/2x/3x) Mass Image Compressor 4.0.2 release notes: Major Release: 4.x Series Rewritten from the ground up Complete rewrite using a modern architecture for improved scalability, performance, and responsive UI. Expanded format support: Input: JPG, PNG, WebP, TIFF, GIF, BMP, AVIF, HEIC, JP2, RAW (ARW, DNG, NEF, CR2, CR3, CRW, DCR, KDC, MRW, ORF, RAF, PEF, RW2, SRW, ERF, 3FR, MOS, MEF). Output: JPG, PNG, WebP, AVIF, GIF. New features: Animated image handling (e.g., animated WebP and GIF) Side-by-side preview for compression comparison File filters by extension, size, and visibility Multi-file drag and drop Gallery view modes for better browsing Rich compression settings (quality, resizing strategies, naming rules) Flexible output management (replace originals, custom folders, or preserve structure) Smart conflict handling with detailed warnings Throttled task scheduling for smoother UI Improved metadata support with options to preserve or exclude (e.g., GPS, camera info) Dependency Updates & Stability Magick.NET-Q8-OpenMP-x64 updated from 14.5.0 to 14.7.0 (resolves hang and security issues) Microsoft App SDK updated from 1.6.250108002 to 1.7.250606001 (stability improvements) Download: Mass Image Compressor 4.0.2 | 81.9 MB (Open Source) Download: Mass Image Compressor Portable | 114.0 MB View: Mass Image Compressor Home Page | Github | Screenshot Get alerted to all of our Software updates on Twitter at @NeowinSoftware
  • Recent Achievements

    • One Year In
      Schwarzenbach earned a badge
      One Year In
    • Collaborator
      NullReference earned a badge
      Collaborator
    • Dedicated
      John Volks earned a badge
      Dedicated
    • One Month Later
      KenKay earned a badge
      One Month Later
    • Week One Done
      KenKay earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      664
    2. 2
      ATLien_0
      250
    3. 3
      Xenon
      178
    4. 4
      neufuse
      153
    5. 5
      +FloatingFatMan
      126
  • Tell a friend

    Love Neowin? Tell a friend!