Microsoft's new secure-boot functionality in Windows 8 could prevent some users from running both Windows and Linux on their pre-built PCs, according multiple reports. Red Hat developer Matthew Garrett blogged about the possible lockout scenario a couple of days ago, where he explained the new Unified Extensible Firmware Interface (UEFI) that Windows 8 will support, will prevent any unsigned executable or drivers from being loaded.
Although this is good news for blocking malware and rootkits at startup, it might also mean that users won't be able to dual-boot an alternative OS unless it's signed by a certificate authority, and the key that it is signed with is shipped on the system. According to Garrett, that's unlikely to happen if systems ship with only Microsoft and OEM keys.
In theory, the solution would simply be to disable the secure booting in the UEFI settings. However, it would be up to OEMs to include the option of disabling the secure boot feature and it isn't unreasonable to think that many will not -- if only for the sake of keeping users safe from themselves and lighten the load on their customer support staff.
As ZDNet's Mary-Jo Foley notes, this probably won't be a problem for those who build their own systems, with motherboard makers likely including the option of disabling secure boot or somehow allowing users to add unsigned code to a whitelist. This scenario leaves out laptop computers, however, which are bought directly from manufacturers.
It's a little early to grab a torch and pitchfork as you march your way to Redmond. For one thing I would throw away any conspiracy theory about Microsoft trying to kill Linux on consumer PCs -- why risk the backlash and possible anti-trust scrutiny when Linux barely holds 1% of the market? Nevertheless, its implementation is something to be concerned about and so far Microsoft hasn't come forward to explain how it will handle this situation.
We should note that Microsoft will continue to support the legacy BIOS interface in Windows 8, so current machines dual-booting Windows 7 and Linux should be able to upgrade with no problems. Microsoft only requires new systems conforming to the Windows 8 logo program to ship with UEFI and secure boot enabled.
Although this is good news for blocking malware and rootkits at startup, it might also mean that users won't be able to dual-boot an alternative OS unless it's signed by a certificate authority, and the key that it is signed with is shipped on the system. According to Garrett, that's unlikely to happen if systems ship with only Microsoft and OEM keys.
As ZDNet's Mary-Jo Foley notes, this probably won't be a problem for those who build their own systems, with motherboard makers likely including the option of disabling secure boot or somehow allowing users to add unsigned code to a whitelist. This scenario leaves out laptop computers, however, which are bought directly from manufacturers.
It's a little early to grab a torch and pitchfork as you march your way to Redmond. For one thing I would throw away any conspiracy theory about Microsoft trying to kill Linux on consumer PCs -- why risk the backlash and possible anti-trust scrutiny when Linux barely holds 1% of the market? Nevertheless, its implementation is something to be concerned about and so far Microsoft hasn't come forward to explain how it will handle this situation.
We should note that Microsoft will continue to support the legacy BIOS interface in Windows 8, so current machines dual-booting Windows 7 and Linux should be able to upgrade with no problems. Microsoft only requires new systems conforming to the Windows 8 logo program to ship with UEFI and secure boot enabled.
No comments:
Post a Comment