Microsoft under fire in Europe over Windows 8 UEFI Secure Boot

By on March 26, 2013, 6:30 PM

Fresh from a €561 million fine for failing to comply with a previous antitrust agreement, Microsoft is once again being targeted in Europe over their allegedly anti-competitive business practices. This time the complaint focuses on Microsoft’s implementation of UEFI Secure Boot for Windows 8, which according to Spanish open source software group Hispalinux, is an obstruction mechanism to prevent alternative OS installations.

The feature in question is an industry initiative designed as an alternative to the aging BIOS that improves security against boot loader attacks by only running software signed with a trusted certificate. With the release of Windows 8 last year, Microsoft started requiring UEFI on machines carrying the “Certified for Windows 8” logo.

While OEMs have the option of providing a way to turn off UEFI so other operating systems can run on the machine, many in the Linux community feared that companies would not provide a UEFI off-switch. That may vary from one manufacturer to another, but in practice this hasn't stopped many people from booting Linux.

The Linux Foundation and others have provided workarounds that let Linux-based operating systems boot without disabling the security mechanism, including one that involves Microsoft-signed binary keys that are dynamically added to the Linux kernel. But some members of the Linux community have been vocal against solutions like this, with Linus Torvalds calling it “moronic” arguing Microsoft could arbitrarily disable the key.

Whether Hispalinux’s 14-page complaint with the European Commission holds any merit remains to be seen, but it appears to cover much the same ground. "The fact is that no software or operating system that needs the boot system to install or work, will be able to access the computer without Microsoft's prior permission," the group argued in a blog post, adding that this is "completely unjustified.”

Hispalinux is asking the European Commission to grant a preliminary injunction requiring Microsoft to modify its requirement for manufacturers to implement Microsoft's UEFI Secure Boot.




User Comments: 29

Got something to say? Post a comment
1 person liked this | RH00D RH00D said:

Microsoft should have just also made the UEFI "off-switch" a requirement for the "Certified for Windows 8" badge. Would that have not avoided all of this?

misor misor said:

So by making windows 8 more secure, EU is fining Microsoft?

(so Microsoft is funding EU bankruptcy, eh?)

Guest said:

I hope the EU crushes Microsoft over this. What makes Microsoft think they have the right to a monopoly on deciding what gets to run and what doesn't?

Guest said:

@ misor, This makes Windows 8 secure by excatly 0%

They need to invest more man power into desktop itself and not before even loading windows.

2 people like this | Darth Shiv Darth Shiv said:

So by making windows 8 more secure, EU is fining Microsoft?

(so Microsoft is funding EU bankruptcy, eh?)

If Microsoft offered this as a user selectable option, that is fine. Locking down hardware to only support certain OS's is anti-consumer freedom of choice. To me the EU is perfectly justified and that MS is "making windows 8 more secure" is not relevant if they do something illegal to do it.

NTAPRO NTAPRO said:

What does all those millions that are fined go to?

2 people like this | misor misor said:

If Microsoft offered this as a user selectable option, that is fine. Locking down hardware to only support certain OS's is anti-consumer freedom of choice. To me the EU is perfectly justified and that MS is "making windows 8 more secure" is not relevant if they do something illegal to do it.

"While OEMs have the option of providing a way to turn off UEFI so other operating systems can run on the machine, many in the Linux community feared that companies would not provide a UEFI off-switch."

then EU should force OEMs to have this switch, not Microsoft.

what the Linux community should do is lobby motherboard manufacturers to produce/release/sell Linux-optimized motherboard with EUFI switch and we'll see what the real consumers want.

I'm all for competition but I think EU is excessive in fining Microsoft exorbitant fines.

on another note on ballot browser:

if EU policy is to be followed, google should be fined because android is the dominant smartphone OS and is not offering ballot browser on smartphones.

while it is very easy just to download/use any other internet browser, EU enforcing this policy is so...nevermind.

2 people like this | rculver9056 rculver9056 said:

It goes to show how far some people would go to prove a point: Who in their right mind would pay for a Windows 8 tablet just so they can complain that they can't install Linux on it?

Even for those who don't and just complain anyway, it isn't as if there aren't hundreds of other tablets to choose from that will take Linux!

As for Microsoft enforcing this, it IS a big step to improving security (by stopping malicious code running at boot time), and they have been upfront about this since the developer preview.

@ the gutless (first) Guest above (log in!) Microsoft aren't really trying to monopolize anything. We are talking about hardware designed to run their OWN SYSTEM, after all!

In reply to Darth Shiv, if you could disable this, wouldn't it kind of defeat the whole point of having it?

Finally, as for the EU - well, screw them. They have been very unfair to Microsoft over the last few years. When they forced Microsoft into this browser ballot crap, they should've made Apple and Google do it too. They both use their own defaults for everything, and the user has to figure out how to change it (if they even know they can). It is the same thing you are dissing Microsoft for...

If you are anti-Win8, use Linux, Google or Apple and stop bitching all over the net about it.

1 person liked this | Guest said:

The issue is what does "secure boot" actually do to protect a computer. The is particularly relevant since most Windows malware is Java applets, Flash issues, or browser issues all of which are independent of the OS. Also, how easy would it be for malware to evade the "secure boot" feature. As I understand it does actually even invoke a file scan; only compares something. Also, are bootloader problems very common or this a solution in search of a problem.

1 person liked this | rculver9056 rculver9056 said:

@Guest, above

It prevents any unrecognised code from running.

And by it's nature, it would be very difficult for malware to prevent this.

Read more about it: [link]

m4a4 m4a4 said:

It goes to show how far some people would go to prove a point: Who in their right mind would pay for a Windows 8 tablet just so they can complain that they can't install Linux on it?

Even for those who don't and just complain anyway, it isn't as if there aren't hundreds of other tablets to choose from that will take Linux!

As for Microsoft enforcing this, it IS a big step to improving security (by stopping malicious code running at boot time), and they have been upfront about this since the developer preview.

@ the gutless (first) Guest above (log in!) Microsoft aren't really trying to monopolize anything. We are talking about hardware designed to run their OWN SYSTEM, after all!

In reply to Darth Shiv, if you could disable this, wouldn't it kind of defeat the whole point of having it?

Finally, as for the EU - well, screw them. They have been very unfair to Microsoft over the last few years. When they forced Microsoft into this browser ballot crap, they should've made Apple and Google do it too. They both use their own defaults for everything, and the user has to figure out how to change it (if they even know they can). It is the same thing you are dissing Microsoft for...

If you are anti-Win8, use Linux, Google or Apple and stop bitching all over the net about it.

Amen. I wish MS could just pull out of Europe and then lets see how happy the European Commission will be with all that backlash.

Whoever on the EU that has a grudge against MS should have got fired a long time ago...

Darth Shiv Darth Shiv said:

It goes to show how far some people would go to prove a point: Who in their right mind would pay for a Windows 8 tablet just so they can complain that they can't install Linux on it?

Even for those who don't and just complain anyway, it isn't as if there aren't hundreds of other tablets to choose from that will take Linux!

There aren't many quality tablets around. EU is saying "you don't get to decide that a user can't put another OS on the hardware". Personally I think having that flexibility is one of the reasons Windows was so successful in the first place.

As for Microsoft enforcing this, it IS a big step to improving security (by stopping malicious code running at boot time), and they have been upfront about this since the developer preview.

I don't disagree with this. The mechanism is nice in certain situations but it's a little too restrictive when owners may want to not use it.

In reply to Darth Shiv, if you could disable this, wouldn't it kind of defeat the whole point of having it?

Provide a secure mechanism to protect enabling or disabling it? Password protected setting that can't be disabled by removing a bios battery etc.

Sphynx Sphynx said:

So by making windows 8 more secure, EU is fining Microsoft?

(so Microsoft is funding EU bankruptcy, eh?)

If Microsoft offered this as a user selectable option, that is fine. Locking down hardware to only support certain OS's is anti-consumer freedom of choice. To me the EU is perfectly justified and that MS is "making windows 8 more secure" is not relevant if they do something illegal to do it.

If it's illegal in the EU to add a feature which the end user can easily disable/remove without any special privilege, the EU is terribly corrupt.

captaincranky captaincranky, TechSpot Addict, said:

It goes to show how far some people would go to prove a point: Who in their right mind would pay for a Windows 8 tablet just so they can complain that they can't install Linux on it?

Even for those who don't and just complain anyway, it isn't as if there aren't hundreds of other tablets to choose from that will take Linux!.

Are there really, "hundreds of other tables that will take Linux", or did you just pull that number out of the air.

I want to know if you can run Linux on an iPad. And if not, why isn't Apple being called to task on it?

You can't say, "Apple doesn't have a significant share of the market. In overall computers, perhaps they don't, but in the tablet market, at least for the time being, they're the top dog.

While this nonsense M$ is pulling prima facia looks harmless enough, they have enough going on with their version of "the app store" to make me think they're trying to close their OS to developers, bit by bit by bit. Slowly, so they think no one will notice.

1 person liked this | Guest said:

What does all those millions that are fined go to?

To fund a bailout of Cyprus.

1 person liked this | captaincranky captaincranky, TechSpot Addict, said:

Every time I hear, "the EU is doing this or fining that", And old Rush song seems to lodge itself in my head. It's a thing from "2112" Goes like, this, "We are the priests, of the Temple of Syrinx".... oppressive bunch those priests, kept all the good stuff for themselves..., Anyway, the "Elder Race" came back from space and vanquished those mean old priests once and for all. We can only hope the the EU's "board of directors" meets a similar fate.

(You have to be really old to make this association, and I'm sorry if you're not old. No wait, that didn't come out right).

cliffordcooley cliffordcooley, TechSpot Paladin, said:

Congrats Captain!!

You give me my 100th like and now I give you your 200th like.

2 people like this | Divvet said:

UEFI wouldnt be needed if Microsoft just fixed all the security holes in Windows. Linux doesn't require UEFI to be any more secure.

Google doesn't have a monopoly like Microsoft does, neither does Apple, so complaints about them are just stupid.

Oh and Apple make their own hardware, its a bit different from the Windows world, that's why they aren't been called up over this for not being able to install a different OS. If Microsoft produced their own hardware, it would be a different story.

Oh and the EU actually stands up for peoples rights, I'd much rather be under their rule than American rule *Shivers at the thought*

Guest said:

@Divvet ,

Apple doesn't make their own hardware. Where did you hear that?

cliffordcooley cliffordcooley, TechSpot Paladin, said:

@Divvet ,

Apple doesn't make their own hardware. Where did you hear that?

The same place they heard this statement, "Linux doesn't require UEFI to be any more secure".

It doesn't matter which OS you are using. If a highly advanced attacker decides to attack, they will find a way through any defense. This is one of those instances where Microsoft is damned if they do and damned if they don't.

Guest said:

People are still confusing UEFI and Secure/Restricted Boot. SB is a "feature" of UEFI. UEFI itself does not prevent you from installing and booting any OS you like, either via UEFI if the OS has a boot loader capable of that, or via the BIOS compatibility interface otherwise.

Secure/Restricted Boot is what restricts users. After a huge backlash last year though, Microsoft changed their certification requirements to require that users have an option to disable SB and to manage keys stored in their system.

havok585 havok585 said:

So by making windows 8 more secure, EU is fining Microsoft?

(so Microsoft is funding EU bankruptcy, eh?)

I bet u are an american who likes to be spoon fed by MS ever becoming closed ecosystem (just like rotting apple).

havok585 havok585 said:

If Microsoft offered this as a user selectable option, that is fine. Locking down hardware to only support certain OS's is anti-consumer freedom of choice. To me the EU is perfectly justified and that MS is "making windows 8 more secure" is not relevant if they do something illegal to do it.

"While OEMs have the option of providing a way to turn off UEFI so other operating systems can run on the machine, many in the Linux community feared that companies would not provide a UEFI off-switch."

then EU should force OEMs to have this switch, not Microsoft.

what the Linux community should do is lobby motherboard manufacturers to produce/release/sell Linux-optimized motherboard with EUFI switch and we'll see what the real consumers want.

I'm all for competition but I think EU is excessive in fining Microsoft exorbitant fines.

on another note on ballot browser:

if EU policy is to be followed, google should be fined because android is the dominant smartphone OS and is not offering ballot browser on smartphones.

while it is very easy just to download/use any other internet browser, EU enforcing this policy is so...nevermind.

Who do u work for exactly ? seriously?

Trolling every US company anti abusive decisions are we?

captaincranky captaincranky, TechSpot Addict, said:

I bet u are an american who likes to be spoon fed by MS ever becoming closed ecosystem (just like rotting apple).

Is there a pertinent reason for you starting every post with an ethnic slur?

'Cause, if you want em back, I got plenty on tap....:eek:

misor misor said:

I bet u are an american who likes to be spoon fed by MS ever becoming closed ecosystem (just like rotting apple).

American? no.

spoon-fed? no.

likes Microsoft products? yes.

likes Skype? no.

likes android? yes.

likes apple products? yes but not buying.

not all people who like microsoft products are americans.

not all americans like Microsoft products.

google is an American company and I like the free android smartphone OS.

since I both like google and Microsoft, I must have been on both payrolls, eh?

and the last time I check it, I have the right to disagree with anything and anyone....

...without using my racial card and without providing evidence of my intelligence or lack thereof.

on EU's policy: is an almost 1 billion u.s. dollar not an exorbitant fine?

Darth Shiv Darth Shiv said:

UEFI wouldnt be needed if Microsoft just fixed all the security holes in Windows. Linux doesn't require UEFI to be any more secure.

Massive fallacy there. Linux is not 100% secure. Why target an insignificant portion of the market if you are going for a quick buck? Components like Flash expose MacOSX, Windows and Linux all the time. Microsoft may have a poor security track record but Linux has not been thoroughly tested because people building botnets don't care about Linux.

There are plenty of Linux exploits going around. You'll see some better examples when you look for Android exploits nowadays. Something to target finally.

Darth Shiv Darth Shiv said:

If it's illegal in the EU to add a feature which the end user can easily disable/remove without any special privilege, the EU is terribly corrupt.

Who said anything about a feature that the end user can easily disable or remove? The point was MS was pushing for a feature that is *NOT* easy to disable or remove.

Sphynx Sphynx said:

If it's illegal in the EU to add a feature which the end user can easily disable/remove without any special privilege, the EU is terribly corrupt.

Who said anything about a feature that the end user can easily disable or remove? The point was MS was pushing for a feature that is *NOT* easy to disable or remove.

No, the point is that people are lying about the nature of MS's feature. MS requires motherboard manufacturers to give the user the option to disable Secure Boot before ever booting into an OS. Microsoft directly requires that it be easy to disable.

This case is nothing more than an attempt by the crooks in the EU to confiscate more money from MS, and it seems they're willing to commit libel in the pursuit of it.

Darth Shiv Darth Shiv said:

Looking into this further...

The complaint comes just over three weeks after the EU Competition Chief Joaquin Almunia said, in a written answer to parliamentary questions, that the "Commission is monitoring the implementation of the Microsoft Windows 8 security requirements. The Commission is however currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules".

To me that suggests the EU does not think the Win8 security requirements are an issue and currently is only a filing from Hispalinux.

I guess Torvalds etc don't like the implementation because if they were to try to utilise secure boot technology, MS controls the master key.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.