back to article Spanish Linux group files antitrust complaint against Microsoft

A Spanish open source software users' association has filed an antitrust complaint against Microsoft with the European Commission, claiming that the company's implementation of UEFI Secure Boot stifles competition. Hispalinux, an 8,000-member organization that advocates for and facilitates Linux use in Spain, filed the …

COMMENTS

This topic is closed for new posts.
  1. Herby

    As is said in church...

    Let us pray.

    1. Lars Silver badge
      Linux

      Re: As is said in church...

      The "implementation of UEFI Secure Boot" may have been an attempt, by Microsoft, to stifle competition, but it's just so damned difficult to stifle Linux. Pray as much as you like, however, and I hope Hispalinux does not invest any money in this rather unnecessary effort.

      1. Anonymous Coward
        Anonymous Coward

        Re: As is said in church...

        It's about proving who created something.

        Some Linux repositories have signed packages, if the idea was so flawed they wouldn't do that would they? same with checksums for official releases of Apache etc.

    2. Anonymous Coward
      Anonymous Coward

      Re: As is said in church...

      They really don't get it.

      If I had a house with a top of the range burglar alarm system, I wouldn't expect to have to remove it because certain visitors didn't like it. I also wouldn't expect to have to disable it at the control panel every time I had a new visitor. Linux needs to get it's act together to leverage what is a very useful security gateway.

      This isn't a Microsoft issue at all. What Microsoft have done is for the potential benefit of all of us. Well, except maybe VXers and Malware writers.

      1. Christian Berger

        Re: As is said in church...

        "If I had a house with a top of the range burglar alarm system,"

        And that's where your argument falls apart. "Secure Boot" only provides security in name. It doesn't solve any existing problem. Virtually no malware goes through the boot process today. It used to be a problem way back in the age of Parity Boot B. Today it is much easier to exploit Flash or Java holes. Tomorrow people might exploit bugs in UEFI, but once you are able to change the boot process, you are already root and can do anything you like on that system.

        1. Anonymous Coward
          Anonymous Coward

          Re: As is said in church...

          ". Virtually no malware goes through the boot process today. " - You were convincing up until you just demonstrated you have zero knowledge about the subject. A number of recent Windows root kits corrupt the boot process and the signed driver model.

      2. Daniel B.
        Boffin

        Re: As is said in church...

        Actually, Secure Boot is a useful thing ... *when it is user-manageable*. The MS way of doing Secure Boot is locking the stupid thing with an MS provided master key, so only MS signed stuff will work. A truly secure system would have me being able to add my own master keys, or those from Fedora, Ubuntu, whatever.

        Most if not all PKI systems have this ability, so should all "Secure Boot" systems have it.

  2. This post has been deleted by its author

  3. keith.nicholas
    Flame

    Seems really unfounded....up to the manufacturer how they want to provide secure boot ( could support any number of keys ) and is completely allowable to be able to turn off secure boot. Microsoft is just saying that it must be turned on for a default windows 8 installed system. Which is logical. Its up to the user then if they want to turn it off and be exposed to any associated risks.

    1. Gray
      Trollface

      To avoid associated risks ...

      All of our new cars will come with aldulterated gasoline detection systems. The 'oil company approved' gasoline has chemical tags in it, and the cars won't start or run if the sensors detect 'unsafe' fuel. I can turn that off, with the proper key from the manufacturer ... but they strongly advise against it. It will void the warranty and expose me as a reckless consumer. Oh, dear! Should I complain to the car makers, or the monopolistic oil company that forced this up0n us? But I do feel SO much safer ... !

    2. MacGyver
      IT Angle

      Sort of..

      Sort of, but MS designed Windows 8 (and the Recovery images made from a Win8 install) to not work with UEFI turned off after the fact. So, yes you can turn off UEFI in most new computers and install Linux, however, most of the time you will have to turn it back on to run Windows again. Yes, you can blow away all your GPT partitions (if you have the tools and know why you need to) and re-install Windows 8 (you'll have no disc and no physical key most of the time though) and then Linux, but be prepared to lose any factory recovery partitions (which also don't work if they were made with UEFI switched on when they were created (ala Sony)).

      So yes, you can turn off UEFI, but it is not really just a matter of toggling a setting.

      1. Anonymous Coward
        Anonymous Coward

        Re: Sort of..

        @MacGyver - Windows 8's boot security wouldn't be very effective if it did allow itself to be installed in a secureboot environment and then boot if secureboot was turned off, would it?

        Besides, you can install, off the top of my head, Red Hat, Fedora, CentOS and Ubuntu with secureboot, so what's the problem?

        1. MacGyver
          Meh

          Re: Sort of..

          @AC, I'm not sure why not? If a virus or something is able to flip settings in your NVRAM to turn on/off the secure state without you knowing (your proposal), then what would stop it from (in the future after someone is able to create their own keys, and this all becomes just another bother for legitimate users) injecting keys that match the boot changes it could make?

          All I'm saying is that if a human is turning it off, then why wouldn't they at least allow that human the choice. We're not talking full drive encryption here, it would be trivial to allow the user to just run the recovery disk and move the install in legacy mode, but they have locked out that possible outlet (artificially I'm guessing).

          The issue is that Hispalinux doesn't have keys, not those mainstream ones you listed. Hell from what I remember even Linus thinks that begging Microsoft for keys is wrong.

          1. Anonymous Coward
            Anonymous Coward

            Re: Sort of..

            @MacGyver - The whole point of secure boot is to stop end users installing software or modifying the system to allow it to run malware. If you can get round this by entering a presumably non-password protected UEFI and switching off secureboot, I would wager quite a lot of money that it won't be long before there is malware that instructs users to do this. And it will work.

            As for the keys - the UEFI spec requires and Microsoft require that you are able to add non-MS keys. The reason that MS have been signing bootloaders for some of the distros is that the distributers don't want to go to verisign directly (or whoever) in order to buy keys.

        2. Anonymous Coward
          Boffin

          Re: Sort of..

          The potential problem is that Microsoft owns the key used to sign the shim/bootloader for other OSes and can, should it have a mind to, revoke that key.

          Let's suppose that once booted, the Linux installation you have just added in doesn't force driver signing. That means that it could be possible for the Windows installation to be manipulated to run unsecure components despite still having secure boot enabled. Microsoft could decide that this is a security risk they won't accept and go into the procedure for notifying the Linux bootloader writers that they are giving notice of revocation unless the vulnerability is fixed.

          Now, since Linus, among others, is pretty unhappy with some proposals to put extra stuff into the kernel to reduce or remove this attack method, it could end up that it isn't possible to fix the problem in a way that Microsoft can accept.

          At that point, people with SB enabled UEFI dual boot Win8/Linux systems are no longer able to boot their Linux installations because Windows has updated the valid keys in the UEFI storage and the shim bootloader no longer has a valid signature.

          I'm not saying that this will happen, but since the Linux community is beholden to MS/Verisign for the key(s) it needs then it could happen.

          1. Anonymous Coward
            Anonymous Coward

            Re: Sort of..

            Given the size of Linux and the community, surely they can create a rival platform to x86 with UEFI?

            1. Anonymous Coward
              Anonymous Coward

              Re: Sort of..

              I think you seriously underestimate the amount of work, inter company co-operation, money and time that is required to design and build a system.

              Linux would be, frankly, fucked if you needed special hardware to run it on. The strength of linux is that it's a free, open source operating system which can run on commodity hardware. Who would seriously go out and buy a proprietary computer in order to run linux?

            2. Anonymous Coward
              Anonymous Coward

              Re: Sort of..

              "Given the size of Linux and the community" - well presumably 1% market share isn't enough as it hasn't happened.

          2. Anonymous Coward
            Anonymous Coward

            Re: Sort of..

            "since the Linux community is beholden to MS/Verisign for the key(s) it needs then it could happen." - the Linux community has had many months to sort out alternative arrangements - and has declined to do so.

        3. Anonymous Coward
          Anonymous Coward

          Re: Sort of..

          "Windows 8's boot security wouldn't be very effective if it did allow itself to be installed in a secureboot environment and then boot if secureboot was turned off, would it?"

          Why wouldn't it? It's up to the user to decide if they want that level of protection or not. It doesn't make it any less secure if the user does decide to use Secure Boot. It is Microsoft that insist that it can be disabled by the user for a PC to be Windows 8 certified, so that the user has the choice.

      2. Anonymous Coward
        Anonymous Coward

        Re: Sort of..

        "but MS designed Windows 8 (and the Recovery images made from a Win8 install) to not work with UEFI turned off after the fact"

        Complete rubbish. Windows 8 still boots with secure boot disabled. You also clearly don't understand the different between secure boot and UEFI.

  4. Michael Habel Silver badge
    Trollface

    "The Free Software Foundation, which has lobbied OEMs to turn off the system by default and has urged consumers to boycott Windows 8 PCs."

    Seems to me that Microsoft are doing a fine enough job of keeping People off of Windows 8 themselves, and don't need any further endorsements from the FSF spousing the same.

  5. This post has been deleted by a moderator

    1. chekri
      FAIL

      Re: MS is continually trying ot make "Trusted Computing" a reality

      "Regarding UEFI, MS could easily have cooperated with 3rrd parties to make "secure boot" a mutually agreeable system, but they did not. You need a key from Microsoft now to install an OS on a commodity PC."

      Absolute bullshit Eadon, UEFI is a partnership with AMD, Intel, Apple, Dell, HP, IBM Lenovo, Microsoft and many others involved - so yeah, Microsoft "have cooperated with 3rrd parties to make "secure boot" a mutually agreeable system"

      And no one has to go to Microsoft to create a key, you can create your own and upload it into UEFI. It's only if you want to leverage Microsoft signing, then yeah, you'll have to deal with Microsoft - makes sense to the logical mind.

    2. Anonymous Coward
      Anonymous Coward

      Re: MS is continually trying ot make "Trusted Computing" a reality

      "Regarding UEFI, MS could easily have cooperated with 3rrd parties to make "secure boot" a mutually agreeable system, but they did not. You need a key from Microsoft now to install an OS on a commodity PC."

      Erm, but UEFI isn't a Microsoft only created standard. Lots of other companies have buy-in and approved this including AMD, American Megatrends, Apple, Dell, HP, IBM, Insyde Software, Intel, Lenovo, and Phoenix Technologies. And Microsoft HAVE created other 'mutually agreeable' options including offering to sign Linux keys, if Linux manufacturers can't get their shit together and agree a key signing solution to take to the OEMs...Which some Linux manufacturers have leveraged.

      1. Anonymous Coward
        Anonymous Coward

        Re: MS is continually trying ot make "Trusted Computing" a reality

        You missed canonical and Red Hat off that list. If only they were vendors of an OS relevant to the discussion...

        1. handle

          Re: MS is continually trying ot make "Trusted Computing" a reality

          "You missed canonical and Red Hat off that list. If only they were vendors of an OS relevant to the discussion..."

          Ah, I guess that's why last week I installed Ubuntu 12.04 64-bit from a USB stick onto a Windows 8 computer without having to go into the BIOS even so much as to change the boot order, let alone switch off "secure boot".

          (It didn't understand what the Windows partitions were, but I wanted to wipe them anyway.)

          1. Anonymous Coward
            Anonymous Coward

            Re: MS is continually trying ot make "Trusted Computing" a reality

            Yes, I also have a *buntu box which is running with secure boot on, I didn't even realise until I had to enter the uEFI for something unrelated.

      2. TeeCee Gold badge
        Facepalm

        Re: MS is continually trying ot make "Trusted Computing" a reality

        ...and it grew out of the Intel designed EFI "standard", which was handed over to the UEFI group for their further development.

        So, if there is anyone to sue here.........

        No court in its right mind could blame MS for this one. Bringing a court case based solely on the mindless witterings of flaming 'tards on the internet only serves to move cash from your wallet to your lawyers'.

        1. Anonymous Coward
          Anonymous Coward

          Re: MS is continually trying ot make "Trusted Computing" a reality

          EFI is on all Intel Macs, I had no problem at all installing a Linux OS on my Macbook.

          1. Anonymous Coward
            Anonymous Coward

            Re: MS is continually trying ot make "Trusted Computing" a reality

            To be fair, Intel Macs don't yet have uEFI, so no secureboot, but I suspect you'll have absolutely no trouble installing Linux after they go uEFI either way. That said, I strongly suspect Apple will sign their own bootloaders, so you will be relying upon them to let you switch it off or enter your own keys, I strongly suspect they will though.

        2. Tom 13

          Re: No court in its right mind could blame MS for this one

          Yes they would. It's not the UEFI per se that is the issue. The issue is Microsoft's monopoly position in the desktop computer market, and their leveraging that to further increase barriers to entry into the market.

  6. Neoc

    Aye, there's the rub...

    "...it appears that the OEMs can decide to give the end users the option to disable the UEFI secure boot..."

    Exactly. OEMS *can decide* to give the users the option. Not "The OEMs have to give the end users the options". So, how many OEMs do you think will want to make their UEFI more complex by adding such an option if they don't have to?

    1. Anonymous Coward
      Anonymous Coward

      Re: Aye, there's the rub...

      "Exactly. OEMS *can decide* to give the users the option. Not "The OEMs have to give the end users the options". So, how many OEMs do you think will want to make their UEFI more complex by adding such an option if they don't have to?"

      No, it's actually a REQUIREMENT for Microsoft Windows 8 certification that you can disable Secure Boot.

      1. Daniel B.
        Boffin

        You're reading it wrong

        "No, it's actually a REQUIREMENT for Microsoft Windows 8 certification that you can disable Secure Boot."

        Actually, it's a REQUIREMENT for Windows on ARM certification that you *CAN'T* disable Secure Boot. On PCs, they hastily added "user should be able to disable Secure Boot" after word got out of the Linux-disabling feature, and even then that was because MS knows they can't pull that off on x86 hardware without getting antitrust lawsuits in their face.

        1. mmeier

          Re: You're reading it wrong

          Nope, Win8 certification always required "Secure Boot must be switchable" even in the early discussions.

          Win/RT != Win8 just as iOS != MacOS

  7. Anonymous Coward
    Anonymous Coward

    Spend your time coding, not whining

    If Linux advocates spent one tenth of the hours that they spend whinging about Microsoft on forums actually coding, not only would we have seen the year of the Linux desktop, we may have reached the Technological Singularity.

    Alas rather than trawl open source code for bugs and stuff, having a whinge about Microsoft and Apple is what counts as a meaningful contribution these days.

  8. ChrisM

    This old chestnut again

    I'll summarize the extensive discussions that have taken place before as follows.

    A) Secure boot has to be enabled by default for Windows 8 certification

    B) Secure boot must be able to be switched off on all x86 devices for Windows 8 certification

    C) The UEFI firmware specification is a collaborative effort that includes all the major PC manufacturers

    Its almost as if Microsoft knew what would be fired at them with that when they specified point b. In basic terms thought there are so many other, better, things to lambast Microsoft for (their incompetent implementation of the browser choice screen, the car crash that is/was Metro). That's where penguinistas should be firing their volleys... Not this

    P.s. Based on recommendations from here I am diving back into Linux this weekend after a long absence with Mint and cinnamon, yes, my Easter weekend looks like that

  9. Anonymous Coward
    Anonymous Coward

    Wah Wah Wah

    What is it with Linux users? Does their moaning never stop.

    1. Anonymous Coward
      Anonymous Coward

      Re: Wah Wah Wah

      It's because they know Linux apps run better on FreeBSD than they do on Linux. They simply can't live it down.

      1. mmeier

        Re: Wah Wah Wah

        The few GPL only apps worth using run better on EVERY OS, even more so on Windows. After all a Lada runs smother on a german autobahn than on a russian mudtrail as well

    2. This post has been deleted by a moderator

      1. Anonymous Coward
        Anonymous Coward

        Re: Wah Wah Wah

        @Eadon - You're in luck then, you have two options:

        1) Enter your own key into the UEFI

        2) Switch off secure boot.

        If you're not technical enough to do that and feel that you have to make out "it's a conspiracy", you should probably stop accusing others of not being technical enough to frequent these forums.

        1. eulampios

          Re: Wah Wah Wah

          Switch off secure boot.

          1) This might not be possible at times despite MS' requirement.

          2) the way to do it varies from OEM to OEM without any documentation you can access when buying a machine

          say, with Acer, yo have to set up a bios/efi password to make it work, Asus has another option to turn off.

          3) the real reasons are to complicate the process of trying and installing other than MS operating systems

          if you're not technical enough...

          I knew it, if you're not technical enough, shut up and eat what the highly benevolent , extremely technical Microsoft and have cooked for you, simply relax and enjoy it!

          1. Anonymous Coward
            Anonymous Coward

            Re: Wah Wah Wah

            @Eulampios -

            1) It's highly recommended by the EFI manufacturers that companies commissioning software from them allow it to be turned off. If they don't, don't buy their hardware, ever. I can hardly see this coming up though.

            2) Big deal, lots of things vary from manufacturer to manufacturer, if their documentation isn't online, don't buy their hardware, ever.

            3) The real reasons are not a conspiracy, secureboot wasn't MS' idea, it is simply to stop bootloaders being compromised.

            I don't think that MS are some sort of benevolent organisation, just that the conspiracy whinging about secureboot is so very tedious. Also, if you don't think they're technical why is there a computer on your desk? Seriously, if you think it would be there without MS, guess again.

            1. eulampios

              @AC

              Under normal circumstances the UEFI would be a conspiracy. The problem that MS is occupying approx 90% of the PC market using some non-transparent means, like non-disclosure agreements with OEMs, that are supposed to be independent entities. Those non-disclosure for the public addenda might contain something that could be qualified as an abuse of the monopoly.

              Another sign is a constant evolution of the Microsoft Windows EULA. With XP it was possible to get a refund for an unwanted copy, later on it became pretty hard due the increased OEM's reluctance to cooperate. The EULA as an agreement has finally gone extinct and became an ultimatum. One cannot decline it anymore, there is no simply an option for it.

              Also, if you don't think they're technical why is there a computer on your desk?

              O, right, I remember that a computer with a binary logic was invented by the microsoftie John von Neumann. If it wasn't for Microsoft, life wouldn't be possible on this planet, I am sure.

              What I know for sure is that if it wasn't for Microsoft, IT industry would be a lot more efficient and competent than what it is today.

              1. mmeier

                Re: @AC

                Neither IBM nor (initially - may have changed after the loan) Apple nor Acorn nor SUN had OEM deals with MS. They all had the in-house hardware and software. And two of them where "big players" offering the whole range of systems (IBM, Sun), had a good name and good contacts in the industrie while Acorn was a household name in GB and had mighty fine hardware in it's Archie.

                None of them made it on the desktop market. None of them attracted companies to writing software for their systems (and fine systems they had) that would get a large part of the market. And they all started before MS became THE player, they all where on the market when the market was still deciding and some long dead players where there as well (Commodore Amiga, Atari ST/TT, Sinclairs QL...)

                The success of MS is based on the failure of the others and nothing else. MS knew how to create a market, knew what business wanted and was willing to land in Normandy with a M4A1 Sherman instead of waiting for the Panther-F or E50. THAT is why 90+ percent of the desktops run MS.

                Stuff like Atari and Commodore dropping the ball on their UNIX boxes (TT/X was never sold, Commodore refused Suns offer) when the schools/universities where interested in those units (And Commodore a well respected school supplier in germany). And damned they where fine maschines back then (got to stress test a "showroom" TT/X at the Atari fair - sturdy and SVID compatible)

                IBM not getting software houses to write for OS/2 AND initially restricting it to their own PS/2 boxes. Smart idea! Really smart! Software companies, even more so in the early 90s when the market was a LOT smaller, go for the biggest platform, MUST go for that platform

                Apple not developing the MacOS for almost a decade until OS/X finally came along made it a niche product considered "dying" by many. MS actually had to help them financially!

                Linux kernel devs having an attitude that makes it hard to develop kernel drivers for your hardware. And (as the ATI drivers show) not having the manpower to do it themselves. Other Unix systems provide long term stable API/ABI for drivers so worst case you adapt them once every 5-10 years not yearly and they run. Without the kernel screaming stuff like "tainted" or some FOSS-Fanatics talking about banning your work. Making Linux hardware difficult to order, making big suppliers reluctant to offer, making them less likely to show up in the big chains and the offices

                And so on... MS isn't the greatest company. But like the M4 Sherman it is easy to get, it is easily fixable and it does the job reliably and steadily. While the others (Panter(1)) look good on paper but end up with burned out engines and broken steering breaks

                (1) Okay, Linux is obviously a T34/76 - crude work from a communist system

                Without MS - the world

                1. SImon Hobson Silver badge

                  @ mmeier

                  > The success of MS is based on the failure of the others and nothing else.

                  I suggest you go and learn some industry history.

                  Yes, there were some reasons that weren't to do with MS, but you forget that at one time MS was just one of many options. They did "fairly well" but but didn't gain their stranglehold on the industry before they employed downright illegal tactics to lock out other players. They *DID* break the law, they were convicted of doing so.

                  Take OS/2 for example. It was a bit ahead of it's time in that it needed more resources than were typically available, but it was technically well ahead of MS. It may well have remained a competitor if MS hadn't (effectively) made Windows free to the end user.

                  At the time, OS/2 cost money, but a user would struggle to buy a PC without Windows pre-installed - or at least to save any money by doing so. Thus the competition changed from being "Windows @ $x vs OS/2 @ $y", to "Windows free vs OS/2 @ $Y" for most purchasers. Yes, some technically savvy users till bought OS/2, but the market was significantly distorted against OS/2 - smaller sales figures, smaller installed base, hence less interest from developers, and it all goes round in a vicious circle.

                  All this was done by effectively strong arming PC manufacturers. The deal was simple, you buy a "white label" licence for DOS and Windows for *EVERY* PC you sell, or you don't get to buy it at anything like the price your competitors are paying. Thus every manufacturer (if they wanted to be competitive) had to pay MS for Windows even if they shipped a PC with OS/2. This is not supposition - MS were found guilty.

                  Same with Internet Explorer. Netscape was doing "OK" until Microsoft gave IE away for free. It's hard to compete with free if you don't have a source of income to cross subsidise the product with - with MS, they just included it in the price of Windows. Again, MS were eventually found guilty (both in the USA and Europe), but not before they'd screwed the market (and internet standards) to such an extent that we've still not fully recovered year later.

                  And in between they did dirty tricks to exclude non-Windows servers from their networks, and once Windows servers were in, to exclude non-Windows clients from Windows server networks. They were found guilty for that as well, see the settlement where they were forced to hand over interoperability data to (for example) the Samba dev teams.

                  In short, MS got where they are now by dirty tricks. In the early days they did indeed have some good stuff and innovation. But they got greedy, and just like Standard Oil and IBM before them, resorted to criminal activity to distort the market in their favour.

                  You are partly right. The "Unix wars" really didn't help. Had the differing factions co-operated a bit then they'd probably have held on to a decent slice of the market - but instead they were too busy fighting over slices of the pie to realise that they would be better off sharing and building a bigger pie.

                  And so on.

                  But the key thing is that MS still had to fight by "being better" until they managed to illegally distort the market.

                  But this latest secure boot malarkey is another example of them being "disingenious". Yes, it is true that third parties can get a bootloader signed. Yes it's true that the user can turn off secure boot. Yes it's true that you can load extra keys.

                  But, to the "average man in the street", they get their computer - and to boot "this funny other OS that their mate recommends" have to go through some steps, at least one of which will be labelled in terms which to a non-technical user mean "do you really want to f*ck up your computer ?" - then that will definitely put a lot of people off trying Linux. Even though several distros have (from reading the comments) gone down this route - it's meant that everyone else has had to jump through hoops to pander to MSs wishes.

                  Coming next - at some point they'll silently drop the requirement to allow other OSs or non-secure boot. This current shambles is but the thin edge of the wedge - once it's in and accepted, they just have to tap it in a bit at a time.

                  1. mmeier

                    Re: @ mmeier

                    And what was keeping IBM from doing the same? Giving OS/2 away "for free"? Unlike MS they did NOT depend on the OS for revenues.

                    Why didn't Apple make the race? Or Atari / Commodore? Back when Win3.x (or even 95) became popular they still had OS and hardware that could compete both in power and (in case of Commodore/Atari) in price

                    Sorry but the old "MS was soooo evil" number simply does not work.

                    As for the rest - who cares. The commercial Unix (and Linux) systems will get signed and the rest is a tiny minority anyway

      2. Velv
        Mushroom

        Re: Wah Wah Wah

        @Eadmon

        Nobody is saying you need to ask permission to "install whatever we like on computers without having to ask permission from the manufacturer".

        The manufacturer provides an option to turn off Secure Boot. If you can't manage to change your own BIOS you probably shouldn't be installing whatever you like!

    3. Paul 129
      Flame

      Re: Wah Wah Wah

      re is my experience of UEFI. Let me know If you would find this something you would be happy about.

      I use linux to repair malfunctioning windows machines. I boot them via network PXE boot and then work on them with Windows essentially offline.

      The new UEFI standard means on HP laptops I have to.

      1. Find the magic key get into the bios

      2. Diable secureboot and be told that this will likely make my system inoperable

      3. Activate legacy boot options and enable

      4. Enter a random generated pin to get the secureboot options off.

      5. Reboot and press magic key #2 to get the legacy boot options to work at all, otherwise it boots stright into windows

      6. Go and choose the network to boot from, even knowing I set it to be the defult boot option within the bios

      7. Allow the machine to boot

      (from this point if I want network boot I must repeat steps 5,6,7)

      vs before UEFI

      1. Find the magic key to get into the bios

      2. Set the default boot device to be network,

      3. often enable PXE rom in the bios

      4. Reboot

      (From this point boot OS is determined via dhcp options)

      Now if to boot windows you had to

      1. Go and set an option that tells you that it will destroy your computer

      2. Enter a code to show that you really want to destroy your computer

      then for each time you boot

      3. press a key that is not normally displayed

      4. Actually select that you wanted to boot windows not (linux ICK!)

      Would you be happy?

      Would you send the bloody stupid thing back cause its not fit for purpose?

      Now as a consumer you cannot buy an alternative, because a behemoth company, used financial inducements to influence what you can buy.

      Is the average lay person going to try a live CD when they are told that this will destroy their PC? This goes a little beyond a choice of browser. Unfortunately this is probably better describe as an anti competitive cartel. Action needs to be brought against the manufacturers. Otherwise Microsoft will just say it was up to the manufacturers if they wanted discounts for adopting a standard.

      If MS loose a few billion. Nothing will change. If the manufacturers do, as well.....

      Things will really change.

  10. Anonymous Coward
    Anonymous Coward

    Secure Boot

    Was insisted upon by MS to kill off boot loaders which circumvent their anti-piracy measures and is a handy DRM tool. It just happened that it gave them double jackpot in screwing over Linux.

    1. Anonymous Coward
      Anonymous Coward

      Re: Secure Boot

      "Was insisted upon by MS to kill off boot loaders which circumvent their anti-piracy measures and is a handy DRM tool. It just happened that it gave them double jackpot in screwing over Linux."

      You can simply turn off secure boot to do that. Which if you are going to the considerable effort required to pirate and properly activate Windows 8 is a pretty minor task.

      1. This post has been deleted by a moderator

        1. Anonymous Coward
          Anonymous Coward

          Re: Secure Boot

          1) Because they're not malicious actions, that's in your mind.

          2) It annoys you and as you seem to enjoy deliberately annoying other people, I enjoy seeing you annoyed.

        2. mmeier

          Re: Secure Boot

          Okay, just between you, me, Bill an Steve - That is THE PLAN! Once everyone uses UEFI on their motherboards there is a big switch in Redmond that gets turned to "Kill all Penguins" and bam - all PCs world wide will only boot Windows! With Tiles!

          But you can save your pc - just give him a lil tinfoil cover like the one you wear on your head

      2. Michael Habel Silver badge
        Linux

        Re: Secure Boot

        This would truly be a case of the disease (e.g. Windows 8), being actually worse then the cure.

        If I had to dig though that much muck to get a working Windows 8 install. I'd just give up and install some flavor of *buntu.... Oh wait I already have its called Mint and for Once I can truly say, that this is a Linux I can live with.

        (Yeah I'm on XP again to clear up some crap with my *.m4p iTunes crap. it seems that nobody managed to port Requiem over to Linux. Probably 'cause you can't run iTunes in it. I guess I'm just sitting though the SP3 Install, just for old'times sake! Kinda pointless really. As I'll just park this HDD off and go back to my Main Drive which has Linux on it.

        I just wished that I could've accessed my NAS and or USB Sticks under VirtualBox. Then i could've saved me this trip. Perhaps I'm still to noobish at this game....

  11. Richard Lloyd
    Meh

    The reason UEFI can be disabled for WIndows 8 and not for RT

    I'm surprised no-one's mentioned the real reason Microsoft still allow secure boot to be turned off for Windows 8 Intel machines - it's *not* to allow Linux to be installed, it's to allow Windows 7 to be installed should the end-user "shockingly" decide that 7 is better than 8.

    Proof of this? The ARM-based Windows RT has no predecessor to it in the Windows family, so that *does not* allow secure boot to be turned off. One suspects that once the supported Windows Intel family has all its keys available (by Windows 9?), then they will stop allowing secure boot to be turned off in future UEFI setups.

    1. mmeier

      Re: The reason UEFI can be disabled for WIndows 8 and not for RT

      And why should the big hardware manufactures follow them? Even more the ones that do mainly mainboards not full systems? Or the companies that also sell servers sometimes even with their own (or licenced) UNIX on it?

      1. SImon Hobson Silver badge

        Re: The reason UEFI can be disabled for WIndows 8 and not for RT

        > And why should the big hardware manufactures follow them?

        Simple, money !

        If you think MS aren't doing some nice deals on licensing based on the manufacturer bending to their will, think again. Of course, they'll be covert about it - but there will be some form of financial incentive. AT one time they simple were up front about it - "buy a cheap licence for *EVERY* computer you sell or buy them at a much higher price". Then there will be "sales and promotional" incentives. And of course, all the deals struck are private, so no-one knows how much the others are paying for their licences, but will have to negotiate their deal with Redmond. If you think that some "unofficial" and not written down terms aren't involved, then you don't know anything about big business.

  12. iratecaller666
    FAIL

    I don't understand.

    Why would anybody pollute a shiny new Windows 8 PC with a nix?

    ;-)

    Just kidding.

    1. MacGyver
      Childcatcher

      Re: I don't understand.

      I honestly at first wasn't really concerned with putting Linux on, I really was just wanting to dual-boot XP Pro 64 and Windows 8, but that is blocked from installing under UEFI as well. I was just using Grub2 as a easy way to pick bootloaders. I'm going to pine of that Windows XP File Explorer for years to come, I can feel it.

    2. mmeier

      Re: I don't understand.

      Oh, a proper UNIX is totally acceptable use for good hardware. Solaris is a mighty fine and highly stable/performant server system. And some of the BSD variants are also nice and stable.

      Now Linux, well Linux reminds me of the old joke where a Jew ask his Rabbi:

      Rebbe, may I carry Dollar around on Sabbat - No my son

      Rebbe, Deutschmark? - No way

      Rebbe, Zloty? - Sure, the laws talk about money

  13. RedmondRoller
    Coat

    Its about time that Microsoft tell the EU to shove it and close down all of their European subsidaries. As a former MS employee in Europe, it's laughable that the EU uses Microsoft as a cash machine everytime they need a bail out. Where the hell does this "fine" money go? Propping up piss-arse economies no doubt. It wouldnt be overly difficult for EMEA operations to be run out of the US.

    In relation to this group complaining about UEFI, other O/S's support UEFI too, including Linux and UEFI is simply the evolvement of BIOS.

    1. TheVogon
      Mushroom

      "It wouldnt be overly difficult for EMEA operations to be run out of the US."

      To make money in Europe generally requires both competent employees, and a knowledge of geography than spans more than part of one country....both things that are much harder to find in the colonies.

    2. Anonymous Coward
      Anonymous Coward

      @RedmondRoller

      You seem to forget that very often it is US companies who complain to the EU.

  14. hplasm
    Mushroom

    RedmondRoller.

    I agree. Take it and go.

    Then the EU can revoke copyright on the crap.

  15. billium
    Linux

    Re: Wah Wah Wah

    Why are the M$ shills always anonymous?

    If as MacGyver says is true, then M$ tax one has paid is lost (assuming laptops).

    1. Anonymous Coward
      Anonymous Coward

      Re: Wah Wah Wah

      Oh FFS, the old Anonymous argument this time from "Billium" that most verifiable of names. You could also be RICHTO, one of Eadon's IDs (he's got at least two) and Anonymous Coward at the same time. For all anyone else knows I could be you replying to my mail.

      I'll stop posting as an AC here when people like you start posting with your real name and stop accusing anyone who doesn't agree with you about something as being a shill.

      Or is it I'll stop posting as AC as well as Billium? No-one knows. will I post an angry response to my mail under yet another name? Again, no-one knows. I may just claim to be anyone who replies to this mail, it makes no difference.

      1. Daniel B.
        FAIL

        Re: Wah Wah Wah

        Actually, the MS shilltards are far more annoying than anything Eadon posts (or any of his alleged sock puppets). Proof of the AC shilltards being, well, retarded is the whole comment section for the article on Samsung's firmware doo-doo where booting Linux would brick a Sammy laptop. All of them saying "that's what happens to freetards".

        Then someone made a PoC app that bricks the same laptop model from Windows, and the AC's go either quiet, or say "Will Eadon apologize now?"...

    2. El Andy

      Re: Wah Wah Wah

      @billum: "If as MacGyver says is true, then M$ tax one has paid is lost (assuming laptops).

      It's only "true" in the sense that XPx64 requires a legacy BIOS. If you have a UEFI laptop that doesn't support legacy BIOS emulation (or has it turned off), then naturally you can't boot XPx64 (or indeed any other earlier version of Windows). However UEFI devices that don't allow you to turn on BIOS emulation are pretty rare.

  16. Anonymous Coward
    Anonymous Coward

    I'd like to see things be pushed the other way..

    mandate that ALL devices sold must allow the user to run their own code, with full access to the hardware if the user wants to do so, no signing required.

    Microsoft already made its intentions clear by requiring the ARM devices to be locked down with this, and it will find some way of strongarming the desktop market into doing the same if it can. Just because you can currently boot linux (with keys / signing provided by Microsoft....) doesn't mean you'll always be able to.

    PS3 Linux already showed what happens if you give a big corp the keys to such a system, and that's what is in the process of being done with the PC. I really can't believe how naive people are being with the "it's ok, Microsoft signed our bootloader" viewpoint right now.

    They're pushing too hard, we need laws on our side to push back, and maybe hurt them a little instead so I hope something good comes of this case.

    1. Christian Berger

      It's a much bigger issue actually

      I mean think about mobile phones, once the support from the manufacturer runs out they become worthless and dangerous as you won't get any security updates.

      We should start mandating open interfaces between the hardware and the operating system (e.g. BIOS) so we can continue to use those computers longer just like we do with PCs today.

      1. Anonymous Coward
        Anonymous Coward

        Re: It's a much bigger issue actually

        That's like saying the doors to your house should be left open and instead of locks have your local community all looking out for each other.

      2. Anonymous Coward
        Anonymous Coward

        Re: It's a much bigger issue actually

        @Christian Berger

        What do you think UEFI is, if not an open interface between hardware and software. It's all published and if you take time to look at the companies involved, it's basically everyone who is anyone in IT.

    2. mmeier

      Re: I'd like to see things be pushed the other way..

      Actually you can run any OS on a x86 box - simply switch secure boot (NOT UEFI!) off and thats it. Won't change with an MS Update since it is Bios not OS (Unlike the PS3 where Sony could update the "BIOS"(1))

      Most ARM-devices are currently locked down. Try running an other OS on iOS hardware or the typical Android. If you do not like that - buy a Rasberry pi.

      (1) Not that it really mattered. 99.8 percent of the users that ran "OtherOS" as the feature was correctly called did not use the PS3 as a game platform and never upgraded, The 0.2 percent PinguBoys that did "because I can" where making a LOT of noise but that's it. PS3 was neither powerful nor low power so the game box was rarely used as a NAS - cheaper maschines for that around

      1. Michael Habel Silver badge
        Linux

        Re: I'd like to see things be pushed the other way..

        Just what exactly in your own opinion, counts as an "Other OS" on ARM exactly?

        With the exception of Windows RT, I'm not personally aware of any "official" Microsoft Builds for ARM.

        Certainly nothing that is in fact available.

        ARM can run many OSs

        BusyBox (as like on my NAS Box and Router)

        Linux

        BSD (as in iOS)

        and Unix

      2. Daniel B.
        FAIL

        @mmeier

        "PS3 was neither powerful nor low power so the game box was rarely used as a NAS - cheaper maschines for that around"

        PS3 *is* powerful thanks to the CellBE processor, and people actually using the OtherOS feature, like me, were actually monkeying around with the special features of said processor. Of course, most of those who dabbled with Linux on the PS3 were trying to run it as a regular NAS/Desktop box, which sucks given the low RAM specs on the box. But removing features like that is pretty much frowned upon. My original phat PS3 is still on 3.15 FW, I ended up buying another PS3 to play more recent games and have PSN access.

        The irony is that Sony's boneheaded decision didn't hit the "nonmarket" ... it hit the crossover market of dudes like me who actually play games *and* tinker around with Linux. That made it a FAIL, which morphed into an EPIC FAIL as it energized enough crypto-geeks to crack the box.

        1. mmeier

          Re: @mmeier

          Welcome to the 0.2 percent group. I am well aware that the processor had some interesting features and the PS3 was used for engineering/scientific tasks because of that, But as said

          >Not that it really mattered. 99.8 percent of the users that ran "OtherOS" as the feature was correctly called did >not use the PS3 as a game platform and never upgraded

          Those users did not care. They never needed/used the Sony upgrade anyway. The crossover-group was extremly small. Loud but small

  17. mark l 2 Silver badge

    "By actively opposing Secure Boot, Hispalinux joins such organizations as the Free Software Foundation, which has lobbied OEMs to turn off the system by default and has urged consumers to boycott Windows 8 PCs."

    It hardly needs these groups to be boycotting Window 8 from the result of the sale of the Surface they are doing that already

    1. Michael Habel Silver badge

      Like I stated a few Posts above...

      Microsoft it would seem are doing a splendid job of keeping People of Windows 8 by themselves, and need no further help from the like of the Free Software Foundation.

      To the Micro-Shrills, before ya'all down-vote me in you knee-jerk reactionary flames. Just answer me One very simple question first.

      If Microsofts vision of the TIFKAM is sSOo great and wonderful, why is it that no One outside of Redmond has picked up on it yet? Ok I think we can all agree that Tablet Lite (i.e. Windows RT), is a joke so we'll gloss over that for a sec. Perhaps they'll have more luck with all those Ultrabooks that we've been hearing so much about lately. Its hardly to be marvel at the fact that Windows Phone is the best selling Mobile OS EVER!!! with a Market share of only (and let us be generous here!) 3% outta the whole 100% spit between Google, and Apple.

      Clearly the Public (e.g. The Joe Average who isn't paid off in Software, much less Money), are just to dim to grasp this "greatness" of yours, and simply want no tuck with it. Its time to face facts that Microsoft have finally lost the plot guys. Nobody with any sanity left to 'em will touch the TIFKAM. Office365 is doomed to utter failure. And most People are now slowly getting the hint that its time to move on.

      Enjoy Windows XP for another Year, and kiss it goodbye. Windows 7 will be right behind it soon enough. If you really think Microsoft will win this game of "We'll shove TIFKAM down everyones Throat till they suck on it!" Is ever gonna work out for them, then you are even bigger idiots then the clearly certifiable inmates in Redmond.

      No one who has been with Microsoft since Windows 95 (or before!), all the way up through Windows 7, is ever gonna accept Microsoft Office as a SaaS ONLY! And Tossing its entire User-base (i.e. Desktop w/Mouse & Keyboard), for the wonderful new World of touchy-feely is clearly also insane. How the Hell they plan on selling this shit to the Corporates is beyond my comprehension.

      But, please if you must down vote, hit on some of these points will ya?

      kthxbye!

      1. mmeier

        Three percent of WPhone? Wow - double the share Linux has on the desktop. So 2013 will be the year of WP8!

        As for Win8 - we will see. Out since late Oktober, tablet pc with it are actually selling decently even without much advertisement. Companies do not pick it up (yet) since many have either just done the XP->W7 translation or are doing it this year. And for a company that is not a "long weekend" operation more a "long year" one.

        Modern works. For everyone that does not wear blinds and instead actually TRIES the Win8 interface for an hour or two it works well, depending on usage better than Win7. Spend this week testing it with my elderly parents that will get new boxes(either Notebooks or Tablet-PC) in 2013. They liked it better than Win7 for their uses since they do not have to search in menues or dig out the desktop

        Office365 is a "if you like it" - I don't. So when I upgraded to 2013 I got the standard office. I can see some uses and I can see some legal problems (Safe Harbour vs. Patriot act). If the legal probles are "solved" than companies that do not run their own IT department can get rid of the PFY "admin" and switch to O365 nicely. Say the estate agent or the local carpenter (German small/medium business use a "cloud" solution called DATEV for taxes/bookkeeping since the 1970s so more would not be too strange for them)

        1. Daniel B.
          Thumb Down

          joke's on you

          "Three percent of WPhone? Wow - double the share Linux has on the desktop. So 2013 will be the year of WP8!"

          What makes this attempt at humor actually funny is that MS has been *claiming* every year since WP7's release the "year that WinPhone will take over the world", yet remain irrelevant.

          Modern/TIFKAM Metro sucks donkey balls and exactly zero organizations have taken in that flying dung. In fact, our clients (big organizations, financial sector) actually *stopped* buying new PCs, or added a mandatory requirement for any new PC to have Win7. Hell, some of them are still in the process of jumping from XP to Win7!

          Yes, we've tried Win8. The last dude that was still defending Win8 gave up last month, reformatted his laptop and went back to Win7. I have yet to see someone in the real world actually like the Win8 stuff.

  18. mmeier

    The biggest benefit or Secure boot?

    It disables the PFY that runs around trying to convice anybody to "use Linux", often by installing it on other peoples systems by using the Fosstard special argument "It's free!". Switch it on, set a password to the BIOS and no more urgent calls "I have this new OS on my system from <enter PFY name> and now <enter beloved software> does not run any more. You must come here (only 200+km and I had other plans for the weekend) to fix it". Okay, the PFY might try to run amok in frustration but out here in rural germany we are still nicely armed so that is not a problem either.

  19. The_Regulator
    Trollface

    Secure Boot & Open Source

    So once there are OEM's who want to sell computers that ship with and run some form of open source software (ohh maybe in another 50-100 years) then the creators can put in a secure boot signed by the os provider and be happy. Until you have a mainstream request for your software don't bother because the majority oft the computer buying public could not and would not run any form of open source os distribution on their home computer.

    Enough said....

  20. computer repair bronxville

    Secure Boot Monopoly

    With the excuse of malware injected in the DOS, Microsoft tries always to monopolize the market. Why computer manufacturers should follow them?

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2022