CyberTech Rambler

September 23, 2011

Fair Allegation Against Microsoft locking down the boot process?

Filed under: Uncategorized — ctrambler @ 4:07 pm

Being a big  company, Microsoft is the target of a lot of of accusations, some fair, some not and some are downright wrong. So, when news surface that Microsoft is attempting to use Secure Boot in UEI to lock down computers, it is just another day at the office. Until of course, Microsoft chooses to response.

The accusation, by Prof Anderson, is

“Proposed changes to the UEFI firmware spec would enable (in fact require) next-generation PC firmware to only boot an image signed by a keychain rooted in keys built into the PC. I hear that Microsoft (and others) are pushing for this to be mandatory, so that it cannot be disabled by the user, and it would be required for OS badging. ” [Emphasis mine]

Microsoft’s response side-stepped the “mandatory” part, instead, focusing on the fact that PC vendors can choose to allow unsigned OS. Clever, isn’t it?

Furthermore, as Garrett pointed out, the problem is some system will shipped where it will not be possible to choose not to use “Secure Boot” (the part that requires signing the OS).

We must not lose sight that Microsoft is within its own rights to say I will deny you Windows 8 if you don’t use “Secure Boot”. However, because of its market power, to push for Secure Boot to be mandatory can and should be seen as abuse of monopoly power because it raises the cost for the competition.

In my opinion, the solution is to make  not using Secure Boot is a mandatory requirement of UEFI. Sure, there will be some vendors that will not implement non-secure boot. However, most will  the number of non-compliant, i.e., no option to not use Secure Boot, computers will be few and far in between. Why? The number of firmware vendors is small, most will have to support non-Windows computers and it will be in their interest to implement non-Secure Boot, especially if UEFI requires it.

Frankly, no consumer or IT manager is asking for Secure Boot. I doubt UEFI firmware vendors are crying out for it. They could do with one less requirement anytime any day especially one that is quite complex to implement. It is the OS vendor  (OK, may be vendors) that wants it. I am sure increasing the cost to competition is part of the goal, but let’s not forget they are increasing their own cost as well. For example, how are they going to update the keys on older computers when they are pushing for you to update their OS?

Prof Anderson is right, it is Trusted (or as Richard Stallman calls it: “Treacherous”) Computing all over again. It is likely to be heading to the bin. Like Treacherous Computing, it is not a even a practical or viable solution to a ill-defined problem. However, as users of computers, we must still decapitate it every time it reveals its ugly head.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Blog at

%d bloggers like this: