1) SecureBoot on WART (windows on ARM)
2) SecureBoot on x86/64
The first issue (WART) is easily explained. Microsoft stipulates that ARM vendors may not accept any other operating system than Windows to run. This is a case where one company (Microsoft) colludes with other companies (Asus etc.) to create a product that is closed to the competition.
The second issue (x86/64) is more nuanced. Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft. The bios mechanism to restrict boot also has to work. There are a couple issues with this: 1) microsoft so far has issued barely any secure boot keys 2) Obtaining a secure boot key costs money 3) Microsoft can revoke those keys at any time 4) The implementation of secure boot on some devices is hardcoded to windows and won't work otherwise
Both topics are not a "market issue" because there are multiple companies involved, many of which are monopoly holders in an area or other. Dell/HP/Asus etc. are monopoly holders to personal computing hardware. And Microsoft is a monopoly holder to personal computing operating systems. When you get multiple monopoly holders banding together forming one company, you are talking of a syndicate. Syndicates are explicitely forbidden to be formed under monopoly laws. Thus Microsoft and its OEMs are in deep shit, at least in theory.
> Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft.
No.
Microsoft stipulates that other OSes must be supported AND that Secure Boot must have an off-switch in the BIOS/uEFI.
Secure Boot has three "modes:"
- Use my built in keys (aka Microsoft signing only).
- Use user supplier keys (aka Custom Mode).
- Off
Only Microsoft-mode and off-mode are relevant to this discussion, because outside of government entities it isn't viable to produce and distribute custom keys.
>Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft.
No, Microsoft stipulates that the secure boot should be able to be disabled without needing to obtain a boot key from Microsoft. In fact you can install your own personal key and remove Microsoft's to prevent Windows from booting.
>The implementation of secure boot on some devices is hardcoded to windows and won't work otherwise
Reference?
>Dell/HP/Asus etc. are monopoly holders to personal computing hardware
If there are multiple companies in the market with comparable market share, by definition they are not monopolies.
1) SecureBoot on WART (windows on ARM) 2) SecureBoot on x86/64
The first issue (WART) is easily explained. Microsoft stipulates that ARM vendors may not accept any other operating system than Windows to run. This is a case where one company (Microsoft) colludes with other companies (Asus etc.) to create a product that is closed to the competition.
The second issue (x86/64) is more nuanced. Microsoft stipulates that other OSes need to be able to run on these devices. However to do so one has to obtain a boot key from microsoft. The bios mechanism to restrict boot also has to work. There are a couple issues with this: 1) microsoft so far has issued barely any secure boot keys 2) Obtaining a secure boot key costs money 3) Microsoft can revoke those keys at any time 4) The implementation of secure boot on some devices is hardcoded to windows and won't work otherwise
Both topics are not a "market issue" because there are multiple companies involved, many of which are monopoly holders in an area or other. Dell/HP/Asus etc. are monopoly holders to personal computing hardware. And Microsoft is a monopoly holder to personal computing operating systems. When you get multiple monopoly holders banding together forming one company, you are talking of a syndicate. Syndicates are explicitely forbidden to be formed under monopoly laws. Thus Microsoft and its OEMs are in deep shit, at least in theory.