Breaking News: Qld govt IT to be raked by audit

ZDNet / Microsoft / Story

Linux users threaten Microsoft with ACCC

By on September 26th, 2011 
Submit

Plans to enable a secure boot on Windows 8 machines have drawn the ire of Linux Australia's membership, and have the Linux Australia Council itself considering a campaign against Microsoft.

Microsoft revealed plans recently that would require all alternative operating systems to carry Microsoft security keys to be compatible with the Unified Extensible Firmware Interface (UEFI) and its secure-booting procedures.

This would make it impossible to install alternative operating systems like Linux, or even older versions of Windows, if the OEM doesn't bundle the secure keys with new OS releases and the hardware vendor doesn't enable the secure-boot feature to be switched off.

Members of Linux Australia are looking to petition the Australian Competition and Consumer Commission (ACCC), claiming that Microsoft's behaviour is anti-competitive. They are circulating a form letter addressed to the ACCC in an attempt to press the regulator into action, as well as a step-by-step guide on how to create a new complaint for investigation.

Linux Australia president John Ferlito told ZDNet Australia today that the council will be meeting on Thursday night to determine whether it will take up a campaign against Microsoft's secure boot practices.

Microsoft has already responded to community uproar that Linux could be blocked, saying that it isn't seeking to lock out other OEMs, but merely to secure the system from malicious pre-boot processes.

Microsoft's summary of why the community shouldn't be alarmed read:

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol; not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Secure boot doesn't "lock out" operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customise their firmware to meet the needs of their customers by customising the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows.

Talkback

Doesn't Linux have UEFI implementation as well ? So why are the penguins getting their panties in a bunch ? It is a OEM firmware customisation - and this will be the future with or without Windows 8.

fred9999fred9999 September 26th, 2011
Report offensive content Reply (+9) (-10)

I consider my self a Linux lover as well, but see no need to panic. What Linux as whole needs to do is get on board with secure boot and trusted computing, it's that simple.
The Linux community as whole needs to recognize that change can be a good thing and start to try and work with others to try and find an acceptable solution and not create a war.
UEFI has been around for while, Intel have had it for several years so in my opinion the Linux as a whole just needs to work together find out what they need to do in order to make it work. It's not a barricade but a challenge.
I know it's not simple but

anthw27anthw27 September 26th, 2011
Report offensive content Reply (+3) (-5)

Matthew's blog explains the situation rather well. The issue is not so simple.

- There is no centralized signing authority, really.
- MS doesn't require any hardware vendor to ship keys outside of Win8's. This could be disastrous- especially with lazy vendors.

There's more to this than was mentioned in the comments.

CommonOddityCommonOddity September 26th, 2011
Report offensive content Reply (+18) (-5)

Neither of those issues relate to Microsoft though.

If the Linux distributors want to have their OS's working with secure boot they can go about getting their secret signing keys embedded in the UEFI chips from OEMs the same way as Microsoft has to.

Microsoft isn't going to OEMs telling them they need to lock their systems down so they can ONLY boot Windows 8, that's a complete myth that's been created by so called journalists. All they are doing is providing OEMs their keys they need to verify that the Windows 8 installation their system is attempting to boot is in fact the same as signed by Microsoft. If they don't want to include it, they don't have to, if they want people to enable/disable this feature it's up to them as well.

moonheadmoonhead September 27th, 2011
Report offensive content Reply (+2) (-6)

Yes, but you forget…

Some of us who use Linux, compile our own images, including the boot-loader. Requiring the boot loader to be signed by a special key would effectively mean we must use someone else's compiled binary boot loader, stifling development of boot loader projects such as GRUB and making life very difficult for the power users out there.

So no, it's not as simple as getting Linux "vendors" to just get their own keys, unless Joe Average can somehow get a key, which would make the secure boot nonsense is totally worthless.

The only thing I see this as possibly solving, is the issue of boot sector viruses… how often to those see the light of day these days?

RedhatterRedhatter September 27th, 2011
Report offensive content Reply (+6) (0)

I would hope the average joe couldn't get their own key. The idea of a secure boot is that there is a trust relationship amongst every person/company involved. The end user trusts their OEM/Hardware provider who in turn trusts to OS vendor. I don't trust you, so I wouldn't consider a system signed by you as being secure.

This is a purely optional process. You don't NEED to have secure boot. If you want to ensure you boot process is secure and is actually booting a verified OS image/binaries then you can use secure boot. If you are compiling your own OS and boot loader then you already know it's secure so you won't need to take any further action.

Also you never know, some vendors might offer the ability to load new certificates into their UEFI data store, so you could in fact sign your compiled OS yourself. But that's totally up with OEMs to come up with, if that's a feature they want to provide.

moonheadmoonhead September 27th, 2011
Report offensive content Reply (0) (-2)

1. You are right. MS is not deliberately telling OEMs to lockout other OS'. Anybody that has made that claim (to wit, I don't believe I've come across anyone like that aside for folks in the comments section) is an idiot.

2. However, it doesn't mean that the exactitude of MS' requirements doesn't imply certain things. They will dictate terms for 'certification', to which OEMs will have to follow. That's fine and dandy. It's not a matter of pinning the matter with Microsoft- but rather the OEMs, which have a very poor track record of playing nice (aside for specific companies). The only way that MS is at fault, is by proxy to being a business. They have to cover their own end, so they don't really dive out of their way to make this a fully-functioning system with a central authority, or committee. or anything of the like. It works in their favor, so they don't say a peep past what they have to.

3. The naivette involved with this matter is unbelievable. It's not about some crazy scheme to push competition out- this would not bode well for many OEMs (as I'm sure some would do their best to appease to the geek hobbyist crowd, and make the feature toggled by the user- and others wouldn't) and vendors alike. The problem is the haphazard approach that already has been taken. Not only that... But when there is money involved, and things play to MS' advantage, OEMs generally turn a blind eye. You think that special ACPI behavior when running Windows is coincidence? Yeah...

CommonOddityCommonOddity September 28th, 2011
Report offensive content Reply (+6) (0)

I give it a week after release, someone will get around it.

jeff_sydjeff_syd September 27th, 2011
Report offensive content Reply (+2) (0)

What in the world is the big problem with Linux users anyway?

Change the BIOS to boot off external USB drives only. When you want Linux, connect that drive and when you want Windows, connect that one. Once booted into either, connect the drive not used to boot from in order to copy data one way or the other. Big deal.

gregwhgregwh September 27th, 2011
Report offensive content Reply (0) (-5)

Sorry mate but you did not understand UEFI nor article.
It's not about dual booting, it's about verifying signature on what is booting, down to a root CA that is pre-installed in UEFI firmware. Guess what CA will most likely be preinstalled and which one has all chances to be missed out or delayed.

cubeovercubeover September 27th, 2011
Report offensive content Reply (+4) (0)

Good luck getting the ACCC involved, that toothless tiger only seems to get involved in really unwarranted cases were they target a large company to get a bit of PR and look like they are doing things. Serious anti-competition or consumer issues like petrol collusion (come on weekly special day that all servos do, while jacking up the prices every other day) they won't touch. I doubt they could even comprehend what linux was, let alone care less about consumers.

deonastdeonast September 27th, 2011
Report offensive content Reply (0) (0)

Microsoft's disingenuous and deceitful moves in this matter are chronicled in an article with people involved... here;
http://www.theregister.co.uk/2011/09/26/uefi_linux_lock_out_row_latest/
get informed.
People who steal our rights and freedoms often do so when we've simply left them laying around seemingly unused, Sometimes they pick our pockets of our rights and freedoms and then tell us they'll 'Manage them For Us'. Microsoft is attacking every man, woman, and child that lives now or ever will.
As an illustration; In the States there is legal president that if you let somebody drive your car ONCE they actually have legal standing to come and take it in the future. The law sees it as if you've given them license to share in your car forever. Your Rights are even more tenuous a possession than that.

Dan158Dan158 September 28th, 2011
Report offensive content Reply (0) (0)

hi to all at m.zdnet.com.au i thought i had sent this newyears eve but it didnt send so i have sent it again all best for 2012 to all of you
- matt-gent

mattgentonmattgenton January 3rd, 2012
Report offensive content Reply (0) (0)
Add your opinion

In order to post a comment, you need to be registered. (Sign In or register below)

Post your comment

Terms of Service - As a ZDNet registrant, and by using this service, you indicate that you agree to our Terms and Conditions and have read and understand our Privacy Policy.

Tech Blueprint

IT Priorities Special Report: Security

Emerging Technologies, and the New IT Security Landscape

IDC White Paper on Consumerisation Security

Get expert advice for developing or improving your BYOD security strategy.
Read white paper >

Mobile Trends and Perceptions

Survey by Decisive Analytics exposes the good and bad realities of BYOD.
Read analyst report >

ZDNet Australia Live

NSW outlines datacentre migration plans - ZDNet Australia http://t.co/uM54858G

NSW outlines datacentre migration plans - ZDNet Australia http://t.co/2F4qnFnF

RT @zdnetaustralia: #NBN users are opting for 100Mbps plans on fibre more than any other, according to NBN Co http://t.co/oTl5R1UY ^jt

RT @zdnetaustralia: #NBN users are opting for 100Mbps plans on fibre more than any other, according to NBN Co http://t.co/oTl5R1UY ^jt

RT @zdnetaustralia: #NBN users are opting for 100Mbps plans on fibre more than any other, according to NBN Co http://t.co/oTl5R1UY ^jt

Yes, after all when you do your personal tax return, you don't say to your accountant: "oh, give the government a couple of thousand out...

1 minute ago by meski on Much ado about Google's tax

That would be Ayn, not Ann. And if you read Atlas Shrugged and came away with the impression of selfish, there's not much I can say to c...

4 minutes ago by meski on Much ado about Google's tax

by http://t.co/vmlLt4bh: NBN users opt for 100Mbps: Customers are picking the top fibre plan that is available on... http://t.co/5GJcYYte

NBN users opt for 100Mbps: Customers are picking the top fibre plan that is available on the National Broadband ... http://t.co/dvPawsBi

#NBN users are opting for 100Mbps plans on fibre more than any other, according to NBN Co http://t.co/oTl5R1UY ^jt

RT @zdnetaustralia: #NBN users are opting for 100Mbps plans on fibre more than any other, according to NBN Co http://t.co/oTl5R1UY ^jt

RT @zdnetaustralia: #NBN users are opting for 100Mbps plans on fibre more than any other, according to NBN Co http://t.co/oTl5R1UY ^jt

NBN users opt for 100Mbps: Customers are picking the top fibre plan that is available on the National Broadband ... http://t.co/3rJ41YBn

NSW outlines datacentre migration plans: The New South Wales Government has today revealed the cost of its datac... http://t.co/QCbazWTR

NSW outs datacentre deal details: http://t.co/A1Cj4Eot ^LH

Biometric bugs too dangerous for public? http://t.co/rDh6rXKC

Qld govt IT to be raked by audit http://t.co/LernzEK9

by http://t.co/vmlLt4bh: Qld govt IT to be raked by audit: Queensland IT Minister Ros Bates has begun the post-el... http://t.co/6VOUJv8t

Every cloud needs an SOA lining: analyst http://t.co/SjgLjFWI

Qld govt IT to be raked by audit http://t.co/9zsECPBI via @zdnetaustralia

The Queensland Government is conducting an IT audit across its agencies to find every saving it can http://t.co/1sFpAuWe ^ST

Three tips for businesses to support connected customers http://t.co/7Q9qDgvs

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/1x9Fcs0I

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/j5jMtvxw

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/h5hiFPNi

Download Angry Birds Space free

44 minutes ago by EminnyAssence on iiNet undercuts Internode with NBN pricing

Android, Apple iOS run away from pack: Can Windows Phone challenge at all?: And there's little marketing behind ... http://t.co/EXCo3BwP

Biometric bugs too dangerous for public? http://t.co/ZPLBmZsE

by http://t.co/vmlLt4bh: Biometric bugs too dangerous for public?: Vulnerabilities in biometric systems are too d... http://t.co/oQF37XWi

Biometric bugs too dangerous for public?: Vulnerabilities in biometric systems are too dangerous to allow the ge... http://t.co/u3hubCwC

Biometric bugs too dangerous for public?: Vulnerabilities in biometric systems are too dangerous to allow the ge... http://t.co/Ond1gbKG

Should bug hunting for biometric systems be restricted to govt and industry? http://t.co/oj0oOkv7 ^ML

I think the CBA point here is fairly much moot now. There was some, limited, argument for it before the NBN began, but as many people hav...

1 hour ago by seven_tech on NBN cost-benefit analyses are so 2011

NBN's Tassie upgrade to cost $1.3 million: NBN Co will spend $1.3 million on replacing outdated network technolo... http://t.co/LCq84LB0

Govt urges telcos to team up against NBN Co: The Department of Broadband, Communications and the Digital Economy... http://t.co/E6axgFc2

Refund for some Facebook investors http://t.co/stdpGowE

Finding PCI-compliant cloud providers #in http://t.co/atLHOabj via @zdnetaustralia

Refund for some Facebook investors http://t.co/tUUxRbJd

RT @zdnetaustralia: Is Windows Phone really the third challenger to Android and iOS? http://t.co/2V9xgN6d

Reading this article is like stepping back in time. If I was Paul Berryman I would hang my head in shame. How embarrassing!!! I can’t b...

4 hours ago by MikeSkoey on 30 servers to 7: BUPA redoes virtualisation

The registration sticker provided a visual reminder to the driver to renew regardless of what happened to the renewal letter. The experie...

4 hours ago by dccharron on NSW ditches rego stickers for tech

"xfire: Why is telecommunications being treated different to roads, water and electricity?" Good question, my guess is AUS is far behind...

4 hours ago by ngoctranminh on Five pros and cons of the NBN

Thanks for the response Luke, Given that the quotes are accurate, then the person in charge of the Vic Health App needs to find another j...

4 hours ago by butterflyeffecs on Android fragmentation steers Vic Health

Nice analogy. Another factor is whether you can find 50 people with powerful enough weapons. Minassian's argument is essentially that the...

4 hours ago by Mukimu on National Botnet Network coming: Earthwave

It's nice to see Tas finally get some decent internet connectivity, for too long Tas has been stooged on decent internet connectivity but...

5 hours ago by Jingles on NBN's Tassie upgrade to cost $1.3 million

Who is Luke Hartsuyker? He must be the Apprentice FUDster. As PaulPC has already said regional consumers want, deserve and are entitled...

5 hours ago by dickster on Regional review highlights NBN, mobile

Its good to see the NBN keeping up with the latest equipement & letting the people benefit from it. After all thats why it was a trial, ...

5 hours ago by fibretech on NBN's Tassie upgrade to cost $1.3 million

Shadow Minister for Regional Communications Luke Hartsuyker has got it wrong. Regional consumers want improved mobile services AND the NB...

6 hours ago by PaulPC on Regional review highlights NBN, mobile

Just remember that Google haven't broken any laws here, they're just doing what all their other multinational competitiors do; minimise t...

7 hours ago by Pachanga on Much ado about Google's tax

ルイヴィトン バッグ : http://www.lovebagjp.com/ Louis Vuitton bags, Louis Vuitton pretension nose about,Louis Vuitton daydre...

7 hours ago by bundLourb on Reservoir blogs: Fan fakes Tarantino diary

シャネル バッグ : http://www.bagssalejp.org/ Chanel trap,chanel shekels,gucci bags,direct purse,poor recent Louis Vuitton keep...

9 hours ago by bybrinkLync on Reservoir blogs: Fan fakes Tarantino diary

I guess but in both cases, dead body!

19 hours ago by Doubt on National Botnet Network coming: Earthwave

I think it's for the very reasons you mention in your first paragraph that there is no CBA. With the ideological differences and vested ...

19 hours ago by RealismBias on NBN cost-benefit analyses are so 2011

Good points; but how do you establish consensus about the terms of reference of a cost-benefit analysis? What is to be included? How far ...

20 hours ago by Gwyntaglaw on NBN cost-benefit analyses are so 2011

I live in a small country town & have done since 2002. When I got to this town it had no mobile phone & no broadband. The only reason w...

20 hours ago by fibretech on Regional review highlights NBN, mobile

This story has been voted 12000 times in the last 24 hours!

1 day ago, Is Bill Gates a great leader?

This story has been voted 10 times in the last 24 hours!

2 days ago, CeBIT 2012 opens: photos

This story has been voted 15 times in the last 24 hours!

2 days ago, Lenovo ThinkPad 3G tablet (32GB)

Facebook Activity

Keep up with ZDNet Australia

LinkedinLinkedin Join our network

RSS FeedsRSS Feeds Subscribe now

NewslettersNewsletters Subscribe today

AlertAlertsSubscribe now

ZDNet Events Calendar

ZDNet Events Calendar

Plan Comparison

Prev Next
Loading...
Deals powered by WhistleOut

Sponsored resources