Spanish Open Source Group Files Complaint Over Microsoft Use of UEFI Secure Boot 154
sl4shd0rk writes "Hispalinux, which represents Spanish Open Source developers and users, has filed a complaint against Microsoft with the European Commission. 14 pages of grief cited Windows 8 as an 'obstruction mechanism' calling UEFI Secure Boot a 'de facto technological jail for computer booting systems... making Microsoft's Windows platform less neutral than ever.' On March 6 of 2012 the Commission fined Microsoft 561 million Euros for failing to offer users a choice of web browser, and there was also a 2004 ruling which found the company had abused its market position by tying Windows Media Player to Windows itself. Relations appear to remain more tense towards Windows in Europe, so there may be some hope of making UEFI more Linux-friendly. UEFI has been implicated in the death of Samsung laptops running Linux."
Radical (Score:3, Interesting)
I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit. If you want to make money you will actually need to produce good products, not create all these ugly "services" and lock-in mechanisms. The only purpose of them is to NOT have to innovate but make money anyway.
Re:I hope they make the right decision.... (Score:5, Interesting)
As long as savvy users can disable/override/change keys, we get the best of both worlds.
What about 'unsavvy' users, who can currently put a CD in their drive and install the OS, but in the glorious 'secure' future will have to fiddling in the BIOS instead, if the hardware even allows it?
Re:I hope they make the right decision.... (Score:5, Interesting)
Linux installation had gotten to the point that it is even easy for not so computer savvy people. In fact, installing Mint was a lot easier and ...
trouble free than installing windows. Until Windows 8 and UEFI. Yes, you can turn of secure boot, but it took knowing that it should be possible
and much searching to find out how: The option was not (visible) unless you set an UEFI administrator password. Even with secure boot turned off, it did
not boot from CDROM. It did boot from USB key, but did not read data from it,
Of course much of this is laptop specific; this is precisely the problem. There is no easy generic recipe, and the not so savvy users are going to give up, and think this Linux thing is too difficult.
It is not acceptable that one (monopoly) os vendor has the keys to ypur hardware. Secure boot should at least be turned off or in setup mode by default, and it should be easy to install extra/your own keys.
Re:I hope they make the right decision.... (Score:3, Interesting)
Off course a pre-installed computer should come with UEFI secure boot enabled.
Right. So if it comes pre-installed with windows, then UEFI secure boot will be enabled and the signing key for windows will be loaded.
If I want to reinstall windows, uefi isn't going to interfere or be a factor at all.
If I want to install any other operating system, then its going to be extra effort, im going to have to load a signing key for the OS I want to install, and that means "extra fiddling".
It is absurd to suggest otherwise.
But it should not be a hindrance like we see now to later or right away install the OS of choice.
There is no real hindrance now on x86 systems.
Even when keys are a necessity they should still be available to the rightful owner of the hardware, not some outsider like Microsoft.
Yes, the ability to go into UEFI and load whatever keys one likes absolutely should be the right of the rightful owner of the hardware.
However Microsoft doesn't control the keys, so I don't know what you are talking about. The end user can load whatever keys they want on x86 hardware.
The current mess is NOT because I can't avoid using microsoft's keys to use linux, or that there is a dependency on Microsoft.
The current mess is because some linuxes, as a convenience to their users are signing their systems with microsoft keys because those keys are already loaded, so users don't have to go through the trouble of loading a key. But that doesn't give MS control.
You can even sign a distro with your own key, and load that key into UEFI. No dependency on Microsoft. No dependency even on the distro. But its a bit more extra fiddling for you.
You bought a computer with secure boot, disabling it is the wrong option.
I agree, but in general the ability to boot random live CDs, something you compiled yourself from source, and what have you will be simpler if you can turn secure boot off rather than having to sign it and load the key first.
Re:I hope they make the right decision.... (Score:4, Interesting)
There is NO security in "secure boot"
1. What does it secure against? Viruses in (pre)bootloader, nothing else.
2. How does it secure? By DoS (disabling the boot).
1. Hugely better way would be the disk controller to disable writing to the first sector of any drive.
2. That would prevent viruses from writing into the disk in the first place.
This would work as follows: the (pre)bootloader would set an uncleareble security bit in the disk controller which prevents writing to the sector 0. If the boot is from USB (or a key was pressed, etc.) then it would not set the bit, thus allowing OS installers to write the sector 0.
Re:I hope they make the right decision.... (Score:5, Interesting)
The problem is that there is no advantage to anyone to have "secure boot".
The "secure boot" does not prevent viruses from writing to the (pre)bootloader, it just notices if it has happened. Then the "notification" or "failure mode" is DoS, your computer won't boot. I'd rather boot with a virus than not boot.
How about a better solution, something that *prevents* viruses from writing over the prebootloader? Something which will not brick your computer at an important meeting?
Solution: There is an unclearable security bit in the disk controller which prevents writing to sector 0. The (pre)bootloader would set the bit in the boot, unless the boot is from USB (or a key was pressed), thus allowing OS installers to write the sector 0. All the advantages of "secure boot" and none of the disadvantages.