Microsoft Dragged to Court in EU Over Windows 8 UEFI Secure Boot

Hispalinux, an association that represents over 8000 Linux users and developers in Spain, has filed a complaint with the Madrid office of the European Commission that claims that Microsoft’s secure boot mechanisms controls the system boot up and is a means to prevent users from installing another operating system on the machine.

According to the lawyer of the association, Jose Maria Lancho, the secure boot mechanism is an “absolutely anti-competitive” and a “de facto technological jail for computer booting systems” notes Reuters. The complaint does acknowledge that the mechanism is meant to prevent computer systems from malware and viruses but, it wouldn’t necessarily mean the end of malware and viruses.

Microsoft on the other hand is of the opinion that its approach is in compliance with law and that it is meant to keep customers safe. “We are happy to answer any additional questions but we are confident our approach complies with the law and helps keep customers safe,” said Robin Koch, Microsoft spokesperson, in a statement.

For those who are new to UEFI Secure Boot, it is a mechanism through which keys registered in UEFI firmware check for a digital signature on any OS’s bootloader and kernel to ensure that both of them are not tampered with. The primary idea is to avoid situations where malware modifies the OS or the boot process. Microsoft has enforced this mechanism onto its partners who sell systems with Windows 8 pre-installed on them. This enforcement means that Microsoft’s key is registered with the firmware and because of lack of keys from any other OS vendors, the system would effectively only allow boot Windows 8 and wouldn’t allow users to install other operating system on the machine.

There are two ways out of this. First, users can disable secure boot and add a key to the UEFI firmware for validation of the other operating system. Second, have Microsoft sign the bootloader of other operating system by Microsoft. Both options are viable but there is no standard method for implementing these.

As a way out of this, operating system vendors such as Canonical, Red Hat and SUSE along with the Linux Foundation have created a pre-bootloader. The idea is to have this pre-bootloader signed by Microsoft and link-chain bootloader of other operating systems thereby allowing users to install these Linux distributions on Windows 8 certified hardware.

But the Free Software Foundation has dubbed this as a “Restricted Boot“. Compliant filed by the Hispalinux association resonates what the FSF has to say. FSF reasons that there should be a simple way whereby users can simply disable or override secure boot.

The European Commissioner has, however, noted “In particular, on the basis of the information currently available to the Commission it appears that the OEMs are required to give end users the option to disable the UEFI secure boot”. If the EU feels that this is sufficient then Microsoft may not have a case to fight after all.