Linux Devs Take Win 8 Secure Boot Complaint to EC
It is designed to keep malware at bay when a Windows 8 computer boots up. However, UEFI Secure Boot is also at the heart of a complaint filed against Microsoft by a Linux developers' group in Spain. The allegations that the software giant limits user choice may sound all too familiar to the company, and it's up to Microsoft to show that it is indeed following strict European Commission standards.
03/27/13 12:57 PM PT
Microsoft is once again being challenged in Europe over alleged anti-competitive practices.
A group representing Linux developers in Spain has filed a complaint with the European Commission charging that Microsoft's desktop operating system, Windows 8, supports technology that makes it difficult for users to place other operating systems on their computers.
The complaint comes less than three weeks after the EC fined Microsoft US$730 million for breaking an agreement it had made with regulators over offering European users a choice of web browsers.
The offending technology, called UEFI Secure Boot, acts as an "obstruction mechanism" to installing other operating systems on a computer because it requires a digital certificate from Microsoft to boot a system in a non-Windows OS, Reuters reported Tuesday.
Any program that wants to operate in a market where Microsoft has a dominant position must have Microsoft's permission to do so because of UEFI, the Linux users group Hispalinux said in a blog post on its website, according to a translation.
Such a requirement will cause irreparable damage to the European software industry, Hispalinux maintained.
EC Sees Nothing Wrong
"UEFI is an industry standard aimed at improving computer security, and the approach has been public for some time," Microsoft spokesperson Robin Koch said in an email to TechNewsWorld.
"[W]e are confident our approach complies with the law and helps keep customers safe," he added.
UEFI Secure Boot is a firmware security solution designed to stop the loading of malicious code during the boot up process. However, the technology can be shut off -- as some settings can now be altered in a PC's BIOS.
The Linux Foundation, as well as others, have created free solutions that allow Linux to boot without sacrificing the security protections of UEFI.
Earlier this month, EC vice president and competition commissioner Joaquin Almunia told the European Parliament that his agency did not believe Microsoft's support of UEFI broke any rules.
"The UEFI standard is developed and managed by the UEFI Forum," he said. "Microsoft is only one member of the UEFI forum, among other chipset, firmware and hardware manufacturers. The UEFI forum is open to any individual or company to join free of cost."
While acknowledging that the EC is monitoring the implementation of the Microsoft Windows 8 security requirements, Almunia said, "The Commission is however currently not in possession of evidence suggesting that the Windows 8 security requirements would result in practices in violation of EU competition rules."
Based on the information currently available to the Commission, "it appears that the OEMs are required to give end users the option to disable the UEFI secure boot," he said. However, "the Commission will continue to monitor market developments so as to ensure that competition and a level playing field are preserved amongst all market players."
Kerfuffle in a Teacup?
This latest European controversy involving Microsoft may be a tempest in a teapot.
"There's no secret agenda, no evil plan here from Microsoft," Gerald Pfeifer, director of product management for Linux distro maker SUSE told TechNewsWorld.
Pfeifer noted that SUSE had no problems obtaining a certificate from Microsoft to run its version of Linux on a Windows box. "It cost a $100 to obtain a certificate for all SUSE users," he said.
"I don't think there's any conspiracy," he added. "Microsoft has good intentions about this."
While current Windows 8 machines with UEFI Secure Boot enabled users to manually shut off the feature, Pfeifer conceded that's likely to disappear in a few years.
"Within a year or two -- at the most three years -- [UEFI] will be the only option," he predicted.
That's because system vendors have to include two sets of code in their computers to support toggling UEFI Secure Boot, something they'd rather not do. "I think we'll see system vendors remove that switch sooner rather than later," Pfeiffer said.
Although Microsoft appears to have the upper hand in this latest scuffle in Europe, it shouldn't get complacent, cautioned Michael Cherry, a Windows analyst with Directions on Microsoft.
"They'd better take this seriously, because we saw what happened several weeks ago when they slipped up on the browser ballot being left out of Windows 7 SP 1," he told TechNewsWorld.
"Microsoft needs to get before the European authorities and make a strong and compelling case for why this change was made," he continued.
The Hispalinux complaint may have some substance. "Getting certificates may be a barrier," Cherry said. "It's not an insurmountable barrier, but it may be a barrier and that's what the root of their complaint is about. That's why it's real important for Microsoft to get out in front of this one and explain fully and clearly to the EU what they're intent was, what they've done and what the alternatives are for these people."