http://newyork.newsday.com/business/technology/microsoft-target-of-hispalinux-open-source-software-users-in-complaint-to-eu-1.4909950?qr=1

It was only a matter of time before someone tried to do something about EUFI.

It is about time.

$MS and their 'money sucking' technology should end. China's planning to migrate to Ubuntu should teach them a lesson about greed.

It is about time.

I was hoping eventually someone would wake up and smell the coffee. Looks like someone has.

It'll be interesting to see what comes out of this...

It'll be interesting to see what comes out of this...
Oh yes!And if we are truly fortunate,a huge can of worms could be opened up as a result.
Popcorn! get your popcorn here!:popcorn:
This could be as entertaining as the Linspire/Microsoft altercation.

Hi all.

This is an interesting developing a a valid topic of discussion. Please let's keep a respectful tone towards fellow members and other software companies.

Best Regards

Where have all the other open source players been until now? That's my only question, I guess.

Great idea, bad execution. Microsoft is not responsible for Secure Boot. Intel is.

Actually, thinking about it more, it's like Apple locking its software to its hardware except of course the other way around. Perfectly legal.

Microsoft is not responsible for Secure Boot.
Surely you jest. Intel doesn't even make operating systems. They added Secure Boot because MS is their long time partner and otherwise they don't care.


Actually, thinking about it more, it's like Apple locking its software to its hardware
Yeah, "its" is the key word here. Nobody cares about what Apple does with Apple products. Especially people who wouldn't touch their products even if those were free.

MS is trying to vendor lock everyone else's x86 hardware though. Feel the difference.

Intel doesn't even make operating systems. .

Just for information, they did create Moblin which they tunred over to the Linux Foundation in 2009.

https://en.wikipedia.org/wiki/Moblin

Moblin

And also iRMX. But it was clear from the context that I meant x86 desktop operating systems.

Great idea, bad execution. Microsoft is not responsible for Secure Boot. Intel is.

What will probably be MOST interesting is if/when the agreement(s)/email/correspondence between Microsoft, Intel and the manufacturers is made public.

Has openSuSE mastered UEFI? Here's from a recent review:

"I was very surprised, pleased and impressed to find that the openSuSE installer handles UEFI, including Secure Boot, with no trouble at all, including detecting and mounting the EFI boot partition."

OpenSuSE 12.3: In-depth and hands-on
http://www.zdnet.com/opensuse-12-3-in-depth-and-hands-on-7000012698/

This is an interesting developing a a valid topic of discussion. Please let's keep a respectful tone towards fellow members and other software companies.

Fantastic! I'm going to start visiting here more often again. Just what we want robust but polite and open discussion

A useful post (http://mjg59.dreamwidth.org/23817.html) from Michael Garrett, who quite likely knows more about this than anyone in this thread. Garrett thinks the Spanish initiative will fail because the Commission has already ruled that Secure Boot conforms to EU law. He also distinguishes between "secure boot" and something he calls "restrictive boot".

This is not the simplest of issues:

UEFI is not secure boot.

Restricted boot is not secure boot.

Potential boot-time attacks are not an imaginary threat, on Linux or Windows.

The Secure Boot standard requires OEM's to enable users to disable it and to use their own keys. Some OEM's have not done that.

Given that OEM's make x86 hardware to sell exclusively into the Windows market, you don't need to conjure conspiracy theories about Evil Microsoft ordering OEM's around. OEM's are catering to the only market, as far as they are concerned, that exists: Windows.

Microsoft's implementation of secure boot is *not* good for Linux. It *does* strengthen Microsoft's market dominance. But, Linux cannot respond to it appropriately unless the Linux community knows what it is talking about.

In the longer run, the greater threat to Linux comes from the completely closed and locked-down devices like tablets and phones. Vendors love them and customers don't care, or even notice, that they're locked down. The days of a desktop comprised of interchangeable parts accessible to a user are on the way out. Tomorrow's desktop will consist of discrete, locked-down, components cabled or docked together.

The days of a desktop comprised of interchangeable parts accessible to a user are on the way out. Tomorrow's desktop will consist of discrete, locked-down, components cabled or docked together.

That's a bleak and depressing thought, but you may well be right. That's certainly been the trend. It's one of the reasons I've learned to despise Jobs and Apple. On other hand, the PC originally started out as a closed and locked down system. It was reverse engineering that busted open the PC. That sort of ingenuity may come about again if, in the future, we are left with nothing more than two or three monopolies.

Surely you jest. Intel doesn't even make operating systems. They added Secure Boot because MS is their long time partner and otherwise they don't care.

Got evidence to back it up? Intel has been moving toward the direction of "anti-virus in CPU" for a while now.


MS is trying to vendor lock everyone else's x86 hardware though. Feel the difference.

No, it's vendors locking their own hardware to Windows 8 in some cases. There's nothing stopping ANY of them from shipping a Windows 8 computer without Secure Boot. Windows 8 works perfectly fine without Secure Boot or even UEFI.

Vendors want to do it so their products don't look deficient compared to others, and so they can have a meaningless little sticker on the product saying "Certified for Windows 8". That's all.

There's nothing wrong with Secure Boot if you can add your own keys or disable it. The key adding process could be a little more user-friendly, okay. The problems arise when OEMs only implement the ability to boot Windows, without the ability to add new keys or disable the system. Intel should have known the OEMs can't necessarily be trusted.

That's a bleak and depressing thought, but you may well be right. That's certainly been the trend. It's one of the reasons I've learned to despise Jobs and Apple. On other hand, the PC originally started out as a closed and locked down system. It was reverse engineering that busted open the PC. That sort of ingenuity may come about again if, in the future, we are left with nothing more than two or three monopolies.

I don't feel inclined to "despise" Apple or Microsoft or anyone else in the business. I may not like this or that product, or this or that approach to doing business, but I find it difficult to ratchet it up to that level.

It is inevitable that any vendor selling a complete PC is going to try to maximize the revenue it generates. (The goal is profit; the product is only a means to that end.) The obvious way to do that is to build a system that is compatible with only itself. So, if a user wants to add more memory, or more storage, or better video, they either must upgrade the entire package or buy a branded component from the vendor.

That was pretty much the situation in the very early days of the personal computer, before IBM released their PC and the dominance of MSDOS. A horde of similar-but-not-compatible PC-like machines targeting businesses existed that might or might run each other's software: Victor, Heath, Zenith, Amstrad, Texas, Osborne, KayPro, etc.etc. In the home market, Commodores weren't compatible with Apple which weren't compatible with Atari's which weren't compatible with Amiga's, and on and on and on.

Businesses ran the risk of finding themselves with a huge investment in hardware and software from a vendor that vanished, for one reason or another. Stuck, in other words, with a dead-end orphaned infrastructure.

Home users who bought hardware from a given vendor found themselves locked into the offerings of only that vendor. It's not fun, say, to have $4000 stuck in Atari or Amiga systems and wake up one morning to find the companies have gone away.

The de facto standardization brought about by the dominance of Microsoft and the PC hardware platform was *welcomed* by the vast majority of the market. Did it, and does it, restrict the choices available to users? Of course. But, for most users, those are choices they'd rather not have to make. And, usually, don't need to.

That's why Ubuntu, for example, is right to compete on terms of usability and functionality, rather than openness and freedom.

I don't feel inclined to "despise" Apple or Microsoft or anyone else in the business...

I'm not troubled by my use of the word 'despise'; but then I do have a poetic license. ;)

Its easy to blaime microsoft, its hard to blaime the fools who buy the products and then complain.

Only one wouldn't exist without the other.

So - does anyone think they stand any chance?

Regardless of any perceived blame ...

Please - only real answers, not what we might like to happen ones.

Its easy to blaime microsoft, its hard to blaime the fools who buy the products and then complain.

Only one wouldn't exist without the other.

Since when did consumer's rights become dependent on the intelligence of the consumer? By that logic no vendor should be held accountable for dubious products or scams because in your parallel universe it would be entirely the consumer's responsibility to research before buying.

From what I have seen here in the way of results of dual booting UEFI with Windows 8, it is not Microsoft's official standard that is the problem. Whether Microsoft told vendors in undocumented ways to modify UEFI we will never know. Unless there are documents somewhere that Microsoft told vendors to implement in ways not officially published I do not think they can win.

Some vendor or some models of those Vendors dual boot easily with secure boot on or off.
Some computers boot only with secure boot on, but if grub2's shim file and correct kernels are used it dual boots.
Some computers only boot the Windows efi file. You can rename the Windows efi file and rename shim to the Windows file name and it will dual boot with secure boot on. (Boot-Repair automates renaming.) The changing of UEFI to only boot Windows efi file is against the UEFI specification.

Some will only install in CSM/Legacy/BIOS mode, but you can convert to UEFI mode by uninstalling grub-pc and installing grub-efi. Again Boot-Repair can automate it.

And all the UltraBook systems add extra install issues, due to Intel using RAID as part of its Windows caching, and nVidia not supporting Optimus, although many have bumblebee working.

From the Ubuntu BIOS/UEFI Requirements.pdf but it seems many system only boot
/EFI/Microsoft/Boot/bootmgfw.efi.
http://hwe.ubuntu.com/docs/ubuntu-bios-uefi-requirements.pdf

Firmware should not enforce any boot policy other than the mechanism specified in Section 3 of the
UEFI 2.3.1 specification [UEFI 2.3.1]. Specifically, firmware should not modify boot behaviour de-
pending on the Description field of the EFI_LOAD_OPTION descriptor.

Spanish Linux users launch legal challenge to Microsoft’s secure boot

http://www.infosecurity-magazine.com/view/31499/spanish-linux-users-launch-legal-challenge-to-microsofts-secure-boot/

27 March 2013

"Hispalinux, a Spanish association representing Linux users and developers, has filed an EU complaint against Windows 8’s UEFI Secure Boot, calling it “a de facto technological jail for computer booting systems.”

The problem is that it is difficult to buy a mainstream computer that does not already have Windows 8 installed – but once installed, the secure boot mechanism makes it difficult if not impossible to install an alternative operating system such as Linux.

The problem and issues are most easily understood by analogy with Apple’s iOS. This, along with other mobile devices other than Android, operates a secure boot mechanism; that is, once purchased, only the installed operating system will work. This makes the device attractive to business because of the increased security it provides; but makes it less attractive to those individuals who want to use the device in a manner not allowed by the operating system. Secure boot is effectively what lies behind the jailbreaking movement for iOS – the Spanish Linux users effectively want to jailbreak Windows 8 so that they can add Linux to the device.

It is both a challenge to the rights of ownership, and “is absolutely anti-competitive," lawyer and Hispalinux head Jose Maria Lancho told Reuters. "It's really bad for the user and for the European software industry."

At start-up, the secure boot mechanism uses keys registered in firmware to confirm that the operating system’s bootloader and kernel have not been altered. “The idea is to avoid situations where malware modifies the operating system or boot process itself as part of its camouflage mechanisms,” explains Heise Online. “Microsoft requires that machines sold with Windows 8 pre-installed are configured to use this mechanism to validate the operating system.” But since the majority of PCs are sold with Windows already installed, those computers are basically forever tied to Windows.

Microsoft spokesman Robin Koch does not believe that this is anti-competitive. "We are happy to answer any additional questions but we are confident our approach complies with the law and helps keep customers safe,” he told Reuters.

For now, the official European Commission view seems to support this. In a written answer to a parliamentary question on March 4 this year EU Competition Chief Joaquin Almunia said, “The Commission is monitoring the implementation of the Microsoft Windows 8 security requirements. The Commission is however currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules as laid down in Articles 101 and 102 of the Treaty on the Functioning of the European Union. In particular, on the basis of the information currently available to the Commission it appears that the OEMs are required to give end users the option to disable the UEFI secure boot.”

It now remains to be seen whether Hispalinux can change his opinion."

http://www.infosecurity-magazine.com/view/24199/rsa-2012-malware-gets-the-boot-in-windows-8-notes-charney
http://www.reuters.com/article/2013/03/26/us-microsoft-eu-idUSBRE92P0E120130326
http://www.h-online.com/open/news/item/Secure-Boot-complaint-filed-against-Microsoft-1830714.html
http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=E-2013-000162&language=EN
http://www.hispalinux.es/node/758

All rights reserved. Copyright © 2013
=======================================
Related News Elsewhere:

http://www.nbcnews.com/id/51329950/ns/business-us_business/t/exclusive-open-software-group-files-complaint-eu-against-microsoft/
http://newyork.newsday.com/business/technology/microsoft-target-of-hispalinux-open-source-software-users-in-complaint-to-eu-1.4909950
http://www.mobilenapps.com/articles/8058/20130327/linux-users-file-complaint-against-microsoft-over-secure-boot-windows.htm
http://rcpmag.com/articles/2013/04/01/spanish-complaint-windows-8-secure-boot.aspx
http://www.eitb.com/en/news/technology/detail/1297786/hispalinux-microsoft--hispalinux-files-complaint-microsoft/

and others...

Since when did consumer's rights become dependent on the intelligence of the consumer? By that logic no vendor should be held accountable for dubious products or scams because in your parallel universe it would be entirely the consumer's responsibility to research before buying.

Since pretty much forever, being offered an alternative is not a consumer right. Markets are consumer driven. Its quite simple, very actually.

It is indeed a consumer right. That's why we have anti-trust legislation.

Offering an alternative is not anti-trust legislation. It has nothing do with it, giving false information to or forcing a customer to choose your product or indeed bullying another company out is.

On a side note I cant see the DELL website selling HP laptops maybe we should sue them?

First, I believe there already is an EU ruling that Secure Boot, i.e., this specific implementation, does not violate EU law. It will be interesting, then, to see how this Spanish effort plays out.

Second, whatever happens to this challenge will not impact the dominance of Windows in the desktop marketplace. That is the real issue here. Hardware vendors have every reason to build hardware that can run Windows, even if that makes it difficult to run other operating systems. It's a business with razor-thin profit margins. Vendors feel, with reason, that they will lose money if they divert some percentage of their production into making hardware without Secure Boot just on the prospect that some Linux users will buy it.

Whether or not Microsoft actaully secretly ordered manufacturers to do X or Y is not really relevant, or necessary. Microsoft has every right to market software that expects to find certain capabilities in the hardware it runs on. All software does. Merely announcing that Windows won't run on hardware that does not implement secure boot (lower case) in a specific manner is enough reason for every hardware vendor to fall in line. If they did not, they would go out of business.

That's the real-world state of affairs. A lot of us don't like it. But, just wishing it wasn't so is just wishful thinking.

Meanwhile, the idea of protecting against boot-time attacks is valid and reasonable, and one that Linux should not blithely brush off. Perhaps if Linux had been first to the table with a less onerous implementation of secure boot, none of this would have happened. As it stands, an institution like the EFF or the Linux Foundation, or even the FSF, could step forward and act as a key registrar for the Linux community, in lieu of Microsoft. No one seems to be willing to do that, unfortunately.

Offering an alternative is not anti-trust legislation. It has nothing do with it, giving false information to or forcing a customer to choose your product or indeed bullying another company out is.

On a side note I cant see the DELL website selling HP laptops maybe we should sue them?
How is locking the hardware to Windows offering an alternative?

First, I believe there already is an EU ruling that Secure Boot, i.e., this specific implementation, does not violate EU law. It will be interesting, then, to see how this Spanish effort plays out...
Not sure it's a ruling - I found an answer to a question

Question here (http://www.europarl.europa.eu/sides/getDoc.do?type=WQ&reference=E-2012-011160&language=EN), answer here. (http://www.europarl.europa.eu/sides/getAllAnswers.do?reference=E-2012-011084&language=EN)