Posted on 03/28/2013 12:35:49 PM PDT by ShadowAce
The lawyer who has filed a complaint with the European Commission against secure boot in Windows 8 on behalf of some 8000 Linux users in Spain says the complaint takes "an user and developer perspective, it is an unprecedented approach to the problem of monopoly in operating systems in Europe".
"I think that Hispalinux is likely to show that Microsoft is engaged in additional anticompetitive acts that were not conclusively determined in the 1998 European Commission investigation," José Maria Lancho (pictured above) told iTWire.
Hispalinux is the organisation on whose behalf Lancho has filed the complaint; according to him, it is a non-profit Spanish association with more than 8000 software users and developers as members (some of them significant engineers) in Spain.
"Hispalinux also collaborates in many technological fields with the Spanish authorities," he said.
|
|
Contrary to some of the uninformed speculation about the complaint, Lancho seems to be fully aware of the complexity of the task he has undertaken.
"Of course we have technical advisers on board," he said in response to a question. "But we have also based the technical aspects of the complaint firstly (on) Microsoft's own technical specifications for the Windows 8 Certification and contrasted them with the European antitrust laws. We also cite the work of (former Red Hat employee) Matthew Garrett, (Linux Foundation technical guru) James Bottomley and others.
"We have studied enough previous cases related to the abuses of Microsoft's relevant position in European and American markets, and collected first-hand accounts and testimonies from developers, retailers, distro designers and bloggers from around the internet to conclude that the problem is real.
"We have studied Microsoft's exclusionary business strategies that in effect limit its customers' ability and/or incentive to use other operating systems and, in the case of Spain,
this leads to a virtually universal breach of laws for public procurement, due to the fact that there is currently not one single public tender in which a technology different from Microsoft's Windows can be offered."
Lancho said the bottom line was that UEFI Secure Boot with Microsoft keys was "designed to block non-certified, non-Microsoft software. This is not a side-effect. It is its main purpose and is spelled out as such in Microsoft's own documentation".
As he does not have an English translation of the 14-page complaint, made on Tuesday, Lancho offered a summary of the same.
"Microsoft has recently introduced a new operating system called 'Windows 8'. The main 'innovation' of Windows 8 is that it incorporates a new obstruction mechanism (called 'UEFI Secure Boot') that controls the start-up of the computer, impeding the free execution of any software program competitive with Windows," he said.
One of the options allowed by UEFI was the digital signature of drivers and applications, permitting complete control over the start-up system.
"I will not explain (to) you the signature process but this makes it near impossible to boot any operating system on a computer that does not have Microsoft's permission," Lancho said. "Microsoft, as the sole owner of the private key, which matches up with the public key held in the memory of computers running Windows 8, is the only party that can authorise (sign) the software components in UEFI, the only party that can sign the boot of the operating system, and the only party that can sign the communications between the operating system and UEFI.
"To be able to attain this goal, Microsoft has to use all its influence and power in the market to to force computer and component manufacturers to accept its monopoly in the key generation system."
He said another interesting aspect was that the whole process could not be reproduced using the private user's certificate without Microsoft's approval, as the standard did not force the manufacturer to include an application to change or reset the PK or KEK repositories. Also, for ARM models, this security model could not be disabled by the user.
"With this set-up, the only option left to the consumer who decides to boot another operating system is to contact Microsoft and hope that the company decides to sign his/her system's components that are in charge of the boot and communication with the UEFI services," Lancho said. "This forces the user (to) enter into negotiations with a company that is famous for its monopolistic policies, with all the problems this would entail.
"The resulting situation is a de facto technological jail for computer booting systems thanks to Windows 8, making Microsoft's Windows platform less neutral than ever, rendering consumers' hardware unreachable for products from competitors."
Lancho said the public market would also be affected, since there was an evident legal incompatibility between the UEFI Secure Boot controlled by Microsoft through Windows 8, and the principles of public procurement and the impossibility to apply the principles of interoperability, established in Spain by RD 4/2010.
"It would also impede the re-use of thousands of licences of earlier versions of Windows and the development of internal technological solutions which would use a dual booting system, limiting the choice to Microsoft products, if they exist, that comply with the law 11/2007, which introduces the principle of technological neutrality when dealing with the public."
Lancho said the complaint claimed that Microsoft had implemented this secret plan for the purpose of acquiring and maintaining an illegal monopoly over the interaction of the operating systems and the x86 line of microprocessors, which it did by delaying the ability of its competitors to access the market or to otherwise develop and manufacture competitive products.
"In this case, we are not up against a kidnapped standard, but up against the kidnapping of the access to the inner workings of the hardware. The consumer has her/his hardware taken from her/him, losing control over her/his own machine. The fact is that no software or operating system that needs the boot system to install or work will be able to access the computer without Microsoft's prior permission," Lancho said.
"This requirement is completely unjustified and... implies a complete subordination to the company for anybody who wishes to distribute or sell software or content that works and could be competitive."
He said Microsoft's strategy, clearly designed to control the market and exclude competition, affected all software areas. "No measure that forces Microsoft to reach agreements with third parties can compensate (for) the degree of subordination of its competition with the activation of UEFI and Window 8 secure boot system."
Lancho said that in this way, Microsoft had avoided competition on the merits and deprived Linux of the opportunity to stake quality and economic advantages against Windows for every public contract, for every potential computer sale.
I’ve read there’s a way to downgrade the UEFI system and thus overtake the certificate/hashing system to allow other OS to boot.
I’ve also seen some manufacturers producing “clean” BIOS/UEFI EEPROMs for sale.
This is a big problem for MS, and I hope they slap them down. Unless MS wants to go into the hardware business like Apple, they need to back off the hardware markets, and shame on HP/Dell/IBM for giving them this ability.
There’s a good answer to this...don’t purchase anything with Microsoft stuff on it.
There’s the multi flavors of Unix, and there’s Apple and others.
All are better than Microsoft, the Yugo of operating systems.
the xbox 720 is supposed to have something like a lock to only allow disks to play on ONE unit and have no resale value.
‘UEFI Secure Boot’ sounds like an option. Is it an option or has MS made it impossible not to use it?
In other words, the hardware/motherboard maker has the option to make it optional for the end user.
It's gonna make shopping around for a suitable motherboard/system more difficult.
I wonder if Windows 8 will load on an “unlocked” computer? I will definitely avoid any system in the future that is blocked like this.
In the FWIW category
Microsoft’s certification requirements eventually revealed that UEFI firmware on x86 systems must allow users to re-configure or turn off secure boot, but that this must not be possible on ARM-based systems (Windows RT). Microsoft faced further criticism for its decision to restrict Windows RT devices by using this functionality.[61][91][92] Tom Warren, in an article on The Verge, said that other smartphones and tablets are typically sold in a locked-down state.[92] No mandate is made regarding the installation of third-party certificates that would enable running alternative software.[93][94][95]
http://en.wikipedia.org/wiki/Windows_8#Secure_boot
It’s a back to the future deal - the UEFI boot mechanism is the old “hardware dongle” - but with a twist.
In the bad old days a hardware dongle was something that plugged into your computer and kept you from running software that you weren’t licensed to run.
In the brave new world of UEFI the UEFI hardware dongle is built into the computer and keeps you from running software that you are fully licensed to run.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.