Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spanish Open Source Group Files Complaint Over Microsoft Use of UEFI Secure Boot

Posted by Soulskill on from the saga-continues dept.

sl4shd0rk writes "Hispalinux, which represents Spanish Open Source developers and users, has filed a complaint against Microsoft with the European Commission. 14 pages of grief cited Windows 8 as an 'obstruction mechanism' calling UEFI Secure Boot a 'de facto technological jail for computer booting systems... making Microsoft's Windows platform less neutral than ever.' On March 6 of 2012 the Commission fined Microsoft 561 million Euros for failing to offer users a choice of web browser, and there was also a 2004 ruling which found the company had abused its market position by tying Windows Media Player to Windows itself. Relations appear to remain more tense towards Windows in Europe, so there may be some hope of making UEFI more Linux-friendly. UEFI has been implicated in the death of Samsung laptops running Linux."

16 of 154 comments (clear)

  1. I hope they make the right decision.... by Anonymous Coward · · Score: 5, Insightful

    ... and that is, to keep secure boot around, but ban the practice of not allowing users to enter their own BIOS keys, or disable it in the BIOS.

    I like secure boot from a security perspective, and we actually use it to lock down some embedded Linux products I've worked on. As long as savvy users can disable/override/change keys, we get the best of both worlds.

    1. Re:I hope they make the right decision.... by aaaaaaargh! · · Score: 5, Insightful

      What is most important is that the user must perform the same steps for activating secure boot of an operating system regardless of which operating system is being installed. No extra fiddling in the UEFI for non-Microsoft operating systems and no dependence of other OS makers on Microsoft for anything in this process.

    2. Re:I hope they make the right decision.... by 0123456 · · Score: 4, Interesting

      As long as savvy users can disable/override/change keys, we get the best of both worlds.

      What about 'unsavvy' users, who can currently put a CD in their drive and install the OS, but in the glorious 'secure' future will have to fiddling in the BIOS instead, if the hardware even allows it?

    3. Re:I hope they make the right decision.... by Anonymous Coward · · Score: 5, Interesting

      Linux installation had gotten to the point that it is even easy for not so computer savvy people. In fact, installing Mint was a lot easier and
      trouble free than installing windows. Until Windows 8 and UEFI. Yes, you can turn of secure boot, but it took knowing that it should be possible
      and much searching to find out how: The option was not (visible) unless you set an UEFI administrator password. Even with secure boot turned off, it did
      not boot from CDROM. It did boot from USB key, but did not read data from it, ...
      Of course much of this is laptop specific; this is precisely the problem. There is no easy generic recipe, and the not so savvy users are going to give up, and think this Linux thing is too difficult.
      It is not acceptable that one (monopoly) os vendor has the keys to ypur hardware. Secure boot should at least be turned off or in setup mode by default, and it should be easy to install extra/your own keys.

    4. Re:I hope they make the right decision.... by Teun · · Score: 3, Insightful
      So then, what is absurd?

      Off course a pre-installed computer should come with UEFI secure boot enabled.

      But it should not be a hindrance like we see now to later or right away install the OS of choice.
      Even when keys are a necessity they should still be available to the rightful owner of the hardware, not some outsider like Microsoft.
      You bought a computer with secure boot, disabling it is the wrong option.

      --
      "The likes of Facebook and WhatsApp are free to those whose privacy is of zero value."
    5. Re:I hope they make the right decision.... by jhol13 · · Score: 3, Interesting

      There is NO security in "secure boot"

      1. What does it secure against? Viruses in (pre)bootloader, nothing else.
      2. How does it secure? By DoS (disabling the boot).

      1. Hugely better way would be the disk controller to disable writing to the first sector of any drive.
      2. That would prevent viruses from writing into the disk in the first place.

      This would work as follows: the (pre)bootloader would set an uncleareble security bit in the disk controller which prevents writing to the sector 0. If the boot is from USB (or a key was pressed, etc.) then it would not set the bit, thus allowing OS installers to write the sector 0.

    6. Re:I hope they make the right decision.... by jhol13 · · Score: 4, Interesting

      The problem is that there is no advantage to anyone to have "secure boot".

      The "secure boot" does not prevent viruses from writing to the (pre)bootloader, it just notices if it has happened. Then the "notification" or "failure mode" is DoS, your computer won't boot. I'd rather boot with a virus than not boot.

      How about a better solution, something that *prevents* viruses from writing over the prebootloader? Something which will not brick your computer at an important meeting?

      Solution: There is an unclearable security bit in the disk controller which prevents writing to sector 0. The (pre)bootloader would set the bit in the boot, unless the boot is from USB (or a key was pressed), thus allowing OS installers to write the sector 0. All the advantages of "secure boot" and none of the disadvantages.

    7. Re:I hope they make the right decision.... by mathew7 · · Score: 3, Informative

      That kind of virus protection was present in older BIOS implementations, while win9x/ME was still present. With Win2K/XP, no such protections work (for MBR booting) because other drivers are accessing the HW directly (and you cannot enforce on HW because that would prevent repartitioning).
      For UEFI-booting, the UEFI firmware has a complete path to a partition+file. There is no way to protect a single file with a compromised OS.

  2. Radical by Anonymous Coward · · Score: 3, Interesting

    I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit. If you want to make money you will actually need to produce good products, not create all these ugly "services" and lock-in mechanisms. The only purpose of them is to NOT have to innovate but make money anyway.

    1. Re:Radical by ackthpt · · Score: 4, Insightful

      I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit. If you want to make money you will actually need to produce good products, not create all these ugly "services" and lock-in mechanisms. The only purpose of them is to NOT have to innovate but make money anyway.

      The problem is Microsoft does make good products. They don't make great products, though. To prevent you from having freedom to choose and companies to offer better technology applications/plug-ins they still cling tenaciously to their strategy to lock you into their technology or kill competitors with bundling.

      Imagine only being able to buy the petrol for your automobile at specified stations, where the mixture won't result in a burned out engine. There were businesses once who considered or undertook such business models. (some still do, but not to that extent) Microsoft continues to flirt with this strategy -- once in their kingdom you can only get your water from their well.

      --

      A feeling of having made the same mistake before: Deja Foobar
    2. Re:Radical by whoever57 · · Score: 4, Insightful

      The problem is Microsoft does make good products. They don't make great products, though.

      I don't think that is accurate. For the most part, Microsoft makes products that are barely good enough, combined with the fact that Microsoft's monopoly position made it such that most buyers of computers were simply unaware of what was possible. For example, BSODs are rare now, but Microsft was able to convince a generation of buyers that random BSODs were acceptable when competing products did not suffer the same problems.

      The fact is that we don't know how far the industry would have progressed without the illegal anti-trust violations which resulted in the supression of competition.

      --
      The real "Libtards" are the Libertarians!
    3. Re:Radical by girlintraining · · Score: 5, Insightful

      I would like to see something radical happen which promotes actual technological innovation and hinders all this IP bullshit.

      Many moons ago, now long-forgotten to most of the younger crowd that's moving into spaces like this, there was an informal ideology known as the hacker ethic. One of them, was that knowledge is power, and so it should be shared freely. The right to learn, and the duty to teach, went hand in hand in our community. It didn't matter what laws they passed telling us we couldn't speak, we couldn't teach, couldn't learn -- which is what intellectual property is fundamentally about. We did it anyway. And they called us criminals, they passed laws, they tried to delete us from the network we built, and loved, and replace it with paid shills, corporations, and tons and tons of advertising. And none of that gave a damn about learning, or teaching -- it was about consumption.

      And today, kids these days, they think that consuming their content, their pre-processed and devoid of flavor "knowledge", is what learning is today. And us, those who were here first... it's painful to watch. Sometimes so much so, we have to turn away from our hobbies for awhile, get up, go outside, because the saddest words ever said are "What might have been!" We failed you. The next generation. But we tried. Oh damn, we tried... We thought it would be enough. Nobody could control the internet!

      We never thought that every government in the world, even traditional enemies, would ally themselves with one goal: Destroy this new vessel of human freedom.

      We never thought it would become the tool of your oppression.

      --
      #fuckbeta #iamslashdot #dicemustdie
    4. Re:Radical by symbolset · · Score: 3, Insightful

      Take a look at mobile for a clue how that would turn out. Without Microsoft's - and their partners' "leadership" the pace of progress has been... astounding.

      --
      Help stamp out iliturcy.
  3. Making UEFI more Linux friendly by volkerdi · · Score: 3, Insightful

    "so there may be some hope of making UEFI more Linux-friendly"

    The only hope is to make Linux distributions more UEFI friendly. UEFI and Secure Boot is certainly here to stay.

  4. Samsung laptops by iYk6 · · Score: 5, Informative

    UEFI has been implicated in the death of Samsung laptops running Linux.

    That had nothing to do with Linux, and UEFI had no fault in that. The problem is that Samsung wrote a serious bug into their UEFI implementation that causes the laptop to brick if the user does X, Y, and Z under any operating system.

  5. Re:Want to know why my post is downmoded? by Zontar+The+Mindless · · Score: 4, Insightful

    Your post got downmodded because you're a nutjob gone off his meds.

    --
    Il n'y a pas de Planet B.