In the brouhaha over UEFI, Microsoft, and secure boot, a couple of key facts have been left out of the discussion.
Microsoft will require OEMs who want their systems to be certified for use with the Windows logo to meet certain requirements. For Windows 8, one of those requirements is that the secure boot feature be enabled on any systems they sell that are built with UEFI firmware. As I wrote yesterday, that is a crucial security measure for PC buyers in an increasingly hostile security landscape.
In its public statements on the issue, Microsoft has been extremely careful to describe its requirements in the most measured and narrow terms. Here’s how the company phrased their stand on the Building Windows 8 blog:
Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows
[...]
Microsoft is working with our partners to ensure that secured boot delivers a great security experience for our customers. Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.
That statement reads to me like it was carefully vetted by multiple lawyers.
That hasn’t stopped the company’s opponents from speculating that Microsoft is working behind the scenes to undermine competition. For example, my colleague Steven J. Vaughan-Nichols notes“Microsoft’s long history of strong-arming OEMs” and “how Microsoft used to attack competitors in 90s.”
The Free Software Foundation says, “we are concerned that Microsoft and hardware manufacturers will implement these boot restrictions in a way that will prevent users from booting anything other than Windows.”
University of Cambridge Professor Ross Anderson wrote last month, “I hear that Microsoft (and others) are pushing for this to be mandatory, so that it cannot be disabled by the user…”
I am going to give them the benefit of the doubt and assume that their suspicion and mistrust is genuine. But it ignores a crucial fact.
The behavior they are accusing Microsoft of plotting was expressly prohibited by the Modified Final Judgment in the case of U.S. v Microsoft. Under the heading “Prohibited Conduct,” section C includes this wording:
Microsoft shall not restrict by agreement any OEM licensee from exercising any of the following options or alternatives:
[...]
Offering users the option of launching other Operating Systems from the Basic Input/Output System or a non-Microsoft boot-loader or similar program that launches prior to the start of the Windows Operating System Product.
I do not know much plainer the language could be.
It is true that oversight of Microsoft by the U.S. Department of Justice ended in May of this year. That does not mean that the company gets free rein to return to its old behavior. In fact, you can bet that if Microsoft were to directly or indirectly engage in the kind of behavior that forced it into court more than a decade ago, they would find themselves right back in court. That language from the final judgment would be on the very first page of the complaint.
And don’t forget Europe and Korea and other jurisdictions that continue to scrutinize Microsoft for any signs of anticompetitive behavior. The EU already fined Microsoft billions of dollars for antitrust violations. Nobody likes writing a check that large.
So, yes, Microsoft has the right to set conditions on how PCs are configured when Windows is preinstalled on those systems. They will insist that secure boot be enabled. They require certain minimum hardware requirements to be met, and they mandate that the system drive be formatted using the NTFS file system.
But there is a very good reason you will not see Microsoft making any statement of any kind on how PC manufacturers should or should not implement the secure boot feature in their BIOS.
Because anything they say can be used against them in a court of law. Literally.
