Windows 8′s secure boot feature might be good news for big enterprises that want to lock down their data. But If you’re keen on Linux or other alternative operating systems — not so good. But will the ACCC step in and disable secure boot?
ZDNet reports on the issue, which centers around the UEFI secure boot feature for devices bearing the “Designed for Windows 8″ logo. Hardware with the logo and feature requires a digital signature, either from Microsoft or the OEM who built the hardware; without it no commands will execute. The whole point of the signature is that it’s secure, so it’s unlikely that either Microsoft or its certified OEMs will just hand it over. Fine for Windows 8 systems, but utterly devastating for Linux users, who’d need the signature to run anything at all. It’s reasonable to suppose that most if not all upcoming hardware will be UEFI locked, given Windows’ market dominance.
Linux Australia members weren’t happy about this state of affairs, and complained to the ACCC. ZDNet quotes the ACCC response as follows:
Section 47 of the Act prohibits exclusive dealing. Broadly speaking, exclusive dealing occurs when one person trading with another imposes some restrictions on the other’s freedom to choose with whom, in what or where they deal. Exclusive dealing is only a breach of the Act where the conduct has the purpose, effect or likely effect of substantially lessening competition in the market. In an assessment of the effect of the conduct on competition, it is not enough merely to show that an individual business has been damaged. The wider market for the particular product or service must be considered.
The situation you described may raise issues of exclusive dealing, but it is unclear from the details provided whether it would be likely to meet the competition test described.”
Which means that the ACCC could take action, but probably needs more details. It also doesn’t mean that the Linux Australia group (or any other) couldn’t take Microsoft to court in a private action either; the article also quotes the ACCC response as stating that
The Act also allows an affected party to take their own legal action for a breach of the Act. You may wish to seek legal advice on the possibility of taking your own action in this circumstance”
Linux Australia was said to be considering further action. [ZDNet]
Cameron
Friday, September 30, 2011 at 11:07 AMWhat a load of BS. There is no requirement for having secure boot enabled. It’s a feature, if you want to use it you can, if you don’t want to use it, turn it off.
There is no requirement for systems to be locked “on” with secure boot, the requirement is for having the option to use it, and having Microsoft’s signing keys loaded into the systems UEFI so it can verify the OS is in fact secure as designed by Microsoft.
If you want to run Linux, or OSX (hackintosh), or Free BSD, or OpenSolaris or BeOS, go for it, but unless your OS vendor has worked with your PC/Motherboard manufacturer in getting their keys loaded into your systems UEFI (or if the OEM allows you to load in your own keys), you’ll just have to disable secure boot to get it going.
Barry
Friday, September 30, 2011 at 11:13 AMIt is BS but I also thought that the hardware makers were doing it themselves and M$ wasn’t telling them to do anything or forcing them. It was a choice.
light487
Friday, September 30, 2011 at 11:09 AMAhh I see.. yes, that’s kinda bad. It’s not the same as the Internet Explorer thing because that can be easily removed and replaced.
Ollie
Friday, September 30, 2011 at 11:43 AMTell all those Linux whiners to go build their own hardware then!
nsimpson
Friday, September 30, 2011 at 2:57 PMTell Microsoft to build their own hardware.
Tim
Friday, September 30, 2011 at 4:46 PMAsk your mother for a sense of humor.
I thought it was pretty funny, as I’m pretty sure he is having a dig at the linux/opensource fanbois that always come back at people that mention problems with OSS with “download the source and fix it yourself”.
nsimpson
Friday, September 30, 2011 at 6:04 PMThis comment has been deemed inappropriate and has been deleted
human
Saturday, October 1, 2011 at 1:23 AMsorry simpson hoping you feel better after all that
MotorMouth
Friday, September 30, 2011 at 11:45 AMWho cares? Linux as a desktop OS will never be anything more than a curiosity. I’ve been reading since the late 90s how it would rise up to become the dominant OS but here we are, 15 years later, and it is probably less popular than ever. I’ve used it on and off since about 1998 but it is still not something I could ever consider for my day to day needs, as none of the applications I use on a daily basis will run on it. Linux fanbois should just make themselves happy with Android and leave proper computers to proper operating systems.
scott
Friday, September 30, 2011 at 8:21 PMIn the real world, motormouth, M$ is great for corporate’s but has little legacy/history in HPC and scientific industries.
Actually, scratch that – stock trading systems a typically built on Linux for the lower latency.
If you think Android is the only popular Linux incarnation, then you are surely short sighted. You’re equally short sighted when it comes to applications M$ fanbois.
MotorMouth
Saturday, October 1, 2011 at 8:45 AMI also work in an industry where Linux is very common (visual effects for film/TV), which is how I know that it is largely a waste of time. You see, I’m the kinda guy who chooses his applications, then finds an OS that runs them all efficiently. I’d be all over Linux if it could give me what I want but, despite decades of promise, it is still no more suited today than it ever was, which is why I would rank it 3rd, after Windoze and OS X (and I really don’t like OS X at all).
scott
Saturday, October 1, 2011 at 11:01 PMI was nearly going to compliment you on your approach – selecting the right tool for the job, or in this case the right OS for the right application. Indeed this still holds merit.
Then you said you turned left when your industry (film/TV visual effects) turned right – take WETA as an example with their numerous Linux clusters – I would question your decision making ability.
Ollie
Friday, September 30, 2011 at 11:46 AMAside from that, Linux is not a “business” per se, so technically there is no case for MS to answer to.
MS is not supplying the hardware to “Linux” and imposing some limit on them. MS is supplying a product to consumers, with associated hardware, designed so people can’t fsck around with it.
noisymime
Friday, September 30, 2011 at 3:11 PMThere are heaps of linux vendors (and associated businesses) and each one of them would have a claim. Linux Australia is a registered entity and so would likely have a claim as well (the party does not have to be ‘for profit’).
Billy
Friday, September 30, 2011 at 12:01 PMWhat a pity comprehensive reading has been deprecated.
The facts are:
All manufacturers WILL implement this.
Some MAY allow it to be disabled.
The consequences are:
NO ability to boot recovery tools from USB or CD other than those supplied by the OEMs or Microsoft.
So when your computer won’t boot natively or from OEM media, just bin it and buy a new one while paying another license fee to Microsoft. Hey, the US needs all the foreign income it can get; it’s broke.
Good luck, people, you’ll need it!
Cameron
Friday, September 30, 2011 at 12:18 PM“NO ability to boot recovery tools from USB or CD other than those supplied by the OEMs or Microsoft.”
You could just go into the UEFI and disable secure boot. You know like it’s designed to be done.
It will be completely up the the manufacturer on whether or not they want to allow this option to be taken. If the PC manufacture CHOOSES this option it will to their own detriment.
MotorMouth
Friday, September 30, 2011 at 1:57 PMIf that’s the worst that can happen, I doubt anyone will care. Seriously, when was the last time anyone had a problem booting Windoze? It’s 2011, FFS!
scott
Friday, September 30, 2011 at 8:23 PMSo just what is Safe Mode for again? Saving system states before doing any change?
Oh that’s right, in case Windows shoots itself in the foot …
… and then once it is up, BSOD anyone? :)
MotorMouth
Saturday, October 1, 2011 at 8:49 AMDoes Windoze still have Safe Mode? I certainly haven’t seen it in a decade or more, probably since the days of WinNT, maybe Win2000. Even when the boot loader did come up after a BSOD, also unseen in many years for me, I’d just tell the machine to start normally and it always did. Seriously, we’re not talking about Grandad’s Windoze here, its 2011, FFS.
scott
Saturday, October 1, 2011 at 10:36 PMhttp://windows.microsoft.com/en-AU/windows7/Start-your-computer-in-safe-mode
Yep, not there … no need for it at all :)
GTRoberts
Friday, September 30, 2011 at 12:17 PM@Billy – You need to remove your tinfoil hat.
moloko
Friday, September 30, 2011 at 12:19 PMIf Linux was such a good OS nobody would be whinging about the secure boot feature in Win8. It might be time to give up your half ass OS and just use a real one.
nsimpson
Friday, September 30, 2011 at 3:06 PMA real one or THE real one? The issue isn’t which OS is best, its whether or not we will have a choice.
scott
Friday, September 30, 2011 at 8:26 PMMy OS is so crappy and insecure I now need h/w vendors to lock down the system so I don’t get infected …
How good is it when the most popular OS in the world gets infected by *ware within minutes of being on the Internet.
Heck, it even started a whole antivirus industry it is so insecure :)
MotorMouth
Saturday, October 1, 2011 at 8:52 AMOf course, where this ridiculous argument falls down is that something like 90% of malware tricks the user into installing it, so even the most secure OS known to man would still be vulnerable to 90% of the malware that is out there, if hackers were to target it. i.e. Common sense is your greatest security asset, not your OS.
scott
Saturday, October 1, 2011 at 10:34 PMTo make up a statistic like that, you’re assuming all malware is detectable … pfff …
“90% of statistics are made up on the spot.”
poedgirl
Friday, September 30, 2011 at 12:59 PMAs I said over on Delimiter about the same subject:
This really isn’t anything to do with Microsoft. Sure, Windows 8 will have a signed bootloader and kernel, but that doesn’t mean they’re forcing EFI manufacturers to lock down their boot process.
To me, it just doesn’t make sense why everyone is targeting Microsoft. The EFI manufacturers are the ones that will be making secure boot mandatory or not. The UEFI spec doesn’t state that they need to have an option to disable secure boot, but again, how is this the fault of Microsoft?
Think of it like this; if you’re working for a company that restricts your ability to run programs on your machine except for Internet Explorer, do you blame Microsoft or the IT department?
noisymime
Friday, September 30, 2011 at 3:03 PMOf course its to do with Microsoft, they’re the ones making it mandatory by default if you want to be able to use the “Designed for Windows 8″ logo.
If MS hadn’t made it a mandatory part of their certification, manufacturers wouldn’t be bothering with it.
poedgirl
Friday, September 30, 2011 at 4:16 PMWhere has it ever been said that it’s mandatory to not have an option to disable secure boot? No where. Seriously, think about it for a second.
Tim
Friday, September 30, 2011 at 4:53 PMexactly, its a all a bunch of FUD. Now MS should have stated that it was also a requirement that it can be disabled at users request.
I quite like the idea of SecureBoot if i dont intend of booting any prior OSs although id like UEFI to prompt for a user defined password when trying too boot non signed code (for the odd time i want to boot a live cd) to be able to allow it (and/or support custom signing for those that know what they are doing).
Reminds me of how BIOSs used to have MBR protection in them, which would prevent writing to MBR unless you disabled it.
Richard
Friday, September 30, 2011 at 9:40 PMYou don’t have to use the logo…
Vaykant
Friday, September 30, 2011 at 1:08 PMthis issue is really only for dual booting windows and linux and you can add your linux distro of choice (don’t forget the drivers) to the white list for the uefi secure boot.
Craig
Friday, September 30, 2011 at 1:31 PMSheesh, this is exactly how phones work, even those loveable hug-able linuxy Android ones.
Namarrgon
Friday, September 30, 2011 at 4:51 PMExcept that those don’t have an option to turn it off, and boot something else.
Well, other than Google’s Nexus series.
Steve
Friday, September 30, 2011 at 2:21 PMSo, you guys ought to give Apple a go – I hear their personal computers are pretty good.
MotorMouth
Friday, September 30, 2011 at 2:45 PMThis comment has been deemed inappropriate and has been deleted
scott
Friday, September 30, 2011 at 8:28 PM“MotorMouth special comments proudly sponsored by Microsoft – happily not innovating for decades”
MotorMouth
Saturday, October 1, 2011 at 8:58 AMYou know, it’s like Churchill said of democracy – it’s the worst possible system, except for all the others. I hate Microsoft as much as the next guy, probably more because I use a lot of their products which means I have to deal with a lot more of their uselessness for my moments of awesomeness, but I think I am more than capable of being objective. Why aren’t you? What would be so awful if Linux users had to buy their own PCs, instead of just using ones made for Windoze? All the big PC manufacturers offer Linux workstations and I imagine most Linux users probably build their own systems from scratch, like I used to, so I really don’t see where there is going to be a problem. In fact, it makes me wonder if this Linux lobby group isn’t completely composed of hackers who target Windoze.
pdf
Monday, October 3, 2011 at 5:47 PMWow, just… wow. So much douchebaggery.
scott
Saturday, October 1, 2011 at 10:50 PMROFL … :)
Maybe your “moments of awesomeness” are actually “uselessness” which is why you spend a lot of time with Microsoft’s products. :D
Ludicrous. Why should any software vendor dictate what third party hardware manufacturers can/can not do with their hardware? If Microsoft are so concerned about alternative operating systems, they should do an Apple and make their own. Case closed.
Damn! You’re onto Linux Australia’s! LOL :)