Posted by: MelanieYarbrough
Microsoft, Secure Boot. BIOS, UEFI, Windows 8
There’s been a bit of outrage recently over what seems to be Microsoft’s sly tactic against open source operating systems on Windows machines.
Worry over what this means for non-Windows users – especially in the vocal Linux community – has run rampant despite Steven Sinofsky’s claim that “[t]he UEFI secure boot protocol is the foundation of an architecturally neutral approach to platform and firmware security. Based on the Public Key Infrastructure (PKI) process to validate firmware images before they are allowed to execute, secure boot helps reduce the risk of boot loader attacks. Microsoft relies on this protocol in Windows 8 to improve platform security for our customers.”
It is precisely the Public Key Infrastructure (PKI) that makes this roadblock possibly permanent. While this is what they say is the “key” to allowing non-Windows users access to their machines, it may prove to be the lock instead. Matthew Garrett, mobile Linux developer at Red Hat, said in a blog post, “As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems.”
The real worry comes when users buy newer models, since Microsoft has no control over whether or not manufacturers allow users to disable secure boot, the one saving grace of the whole fiasco. As Garrett points out on his blog: “[Microsoft's] competition can’t [require hardware vendors to include their keys]. Red Hat is unable to ensure that every OEM carries their signing key….or any other PC component manufacturer.”
Not all Linux users see the hype as warranted, as IT Knowledge Exchange blogger Eric Hansen of I.T. Security and Linux Administration puts it: “I personally think all of this is nonsense.” Citing the optionality of Secure Boot and that this feature only affects newer models already set up for Windows, Hansen doesn’t see any immediate effects on the way he uses Linux.
“I’m not sure what the system specs are for Windows 8, but I’m pretty sure even those systems running the (now) archaic BIOS is going to be able to boot Windows 8. If you don’t have UEFI on your system, then Secure Boot isn’t going to make a difference anyways,” Hansen writes. “[H]ow does this involve Linux? Well, in the short term, it doesn’t.”
It’s true, it doesn’t seem that non-Windows users need to feel threatened by the BIOS replacement and default secure boot for now. Brad Chaco of Maximum PC highlights one Slashdot forum user’s “chilling prophecy of the future“: “Today you can throw Linux on any old hardware, and do something useful with it. 5-10 years from now, you’ll have to specifically hunt down unlocked software. This has a rather drastic effect on the utility of Linux, which is Microsoft’s intention.” Bing Tsher E follows up with an indirect response to Hansen’s less-than-alarmed post: “The hardware vendors are also vigorously trying to make certain there isn’t any ‘old hardware’ to employ…. It won’t matter whether the old hardware can boot Linux if it’s been sucked out of existence and destroyed.”
What do you think: Is this the beginning of the end or mere conspiracy theory?