[coreboot] Microsoft Antitrust behaviour

Alex G. mr.nuke.me at gmail.com
Mon Sep 24 22:08:13 CEST 2012

To the United States Department of Justice,

I would like to bring to your attention a matter of anticompetitive
behaviour, which, in my honest opinion, will have a deep negative impact
on the personal computer (PC) market.

== What are the names of companies, individuals, or organizations that
are involved? ==

Microsoft Corporation
One Microsoft Way
Redmond, WA 98052-6399

== How do you believe they have violated the federal antitrust laws?
(For details on federal antitrust laws, see Antitrust Laws and You.) ==

Microsoft is using its market power in the PC operating system (OS)
market to coerce computer hardware manufacturers to include a technology
(SecureBoot) which, under its current form, will prevent consumers from
installing and using the OS of their choice on their computers.

== Can you give examples of the conduct that you believe violates the
antitrust laws? If so, please provide as much detail as possible. ==

Microsoft is including SecureBoot with its upcoming "Windows 8" OS, and
is requiring that hardware manufacturers support this feature.
SecureBoot requires that the computer's hardware initialization software
(firmware) performs a cryptographic check of the OS before starting the
OS. As part of SecureBoot, the OS loader (bootloader) must be signed
with a cryptographic key, and the firmware checks this signature before
loading the OS to ensure that it has not been modified by malicious
software (malware).

Microsoft claims that SecureBoot is designed as a security feature
against malware. However, as part of its requirements for SecureBoot,
Microsoft only specifies that the bootloader must be verified against a
Microsoft key. It does not specify any of the following:
1) The user being able to disable SecureBoot at his or her option
2) The user being able to specify his or her key and boot the OS of his
or her choice
As we have seen in the past, most manufacturers will adhere only to the
minimum requirements set by Microsoft, and thus neither point (1) nor
point (2) will be implemented in an overwhelming majority of firmware.
This effectively prevents the user from using any other OS than
Microsoft's Window 8, strengthening Microsoft's artificial monopoly in
the OS market. Microsoft is well aware of the implications of not
addressing points (1) and (2), but has remained silent on the issue.

== What is the product or service affected by this conduct? Where is the
product manufactured or sold, or where is the service provided? ==

All future PC systems will be affected by this conduct.

== Who are the major competitors that sell the product or provide the
service? ==

Apple sells its MacOS operating system with its macintosh line of
computers. While Apple does not allow use of MacOS on non-Apple
computers, it allows any OS to be installed and used on its line of
computers. Since Apple computers are priced high, and are not as
configurable as a regular PC, buying a Macintosh in order to be able to
use the OS of their choice is not an option for the majority of users.

RedHat and Novell both sell their flavor of the GNU/Linux operating
system. Their business relies on the user being able to install the OS
of his or her choice, and they will be negatively impacted by
Microsoft's conduct.

== What is your role in the situation in question? ==

I am a user of free and open source software (FOSS), including, but not
limited to linux, GNU, KDE, apache, etc. I am also a software developer
which has contributed to many of these projects (by improving their
source code).

== Who is harmed by the alleged violations? How are they harmed? ==

All users of FOSS are harmed. By not being able to install the OS of
their choice, they will be forced into using Microsoft's OS, or buying
computers which implement points (1) or (2). Considering the
proliferation of linux in the server and workstation segment, I do
expect some manufacturers to implement either (1) or (2) in their server
and/or workstation products; however, servers and workstations are
significantly more expensive than regular PC systems. Thusly, FOSS users
will be forced to either use Microsoft's OS, or spend a significantly
higher amount of money on PC hardware in order to be able to use the OS
and software of their choice.

I do believe that, if implemented ethically, SecureBoot has the
potential to be a great technology, and a very effective way to defend
against certain types of malware. However, in order for my previous
statement to have any value, the user must be given the choice to use
the OS of their choice on _any_ computer he or she chooses to buy. I
very strongly believe that, the best way to ensure the users' freedom
remains unaffected, is to have Microsoft modify its SecureBoot
specification such that both the following are mandated by the
1) The user, should he or she chose to do so, must be able to specify
the cryptographic keys to use to use as part of the bootloader
verification process (including having the option to blacklist any
Microsoft keys installed at the factory).
2) The user, at his or her option, must be able to disable the
cryptographic verification in his or her computer's firmware.

Alexandru Gagniuc

More information about the coreboot mailing list