by Andy Patrizio
Part of a continuing series on the ins and outs of Microsoft’s coming Windows 8 operating system.
As Microsoft pushes toward the official beta release for Windows 8, the company is still being harangued over accusations that its Windows 8 hardware specs will exclude the Linux operating system.
The logic behind Secure Boot is to prevent malware that loads first, before even the most basic elements of the operating system. In particular, this would help combat rootkits, some of the hardest forms of malware to detect and remove because they hide themselves from the OS.
In October, Linux vendors Red Hat and Canonical linked arms to produce a white paper articulating concerns that the Windows 8 hardware specs. The Linux community is continuing to make hay about this requirement, claiming Microsoft is up to its bad old tricks again, trying to lock out competitors.
Microsoft declined to comment, as did Intel, who leads the development of the UEFI firmware. The UEFI Forum, the consortium that created the spec, did not respond to requests for comment.
Mike Cherry, lead analyst at Directions on Microsoft, thinks companies like Red Hat and Canonical need not worry because they can get their software signed to work with Secure Boot. “Those kinds of organizations can certainly and should certainly look at what it takes to certify and sign their componentry to be a part of a UEFI Secure Boot spec,” he said.
The problem is that Linux is easily split. If you don’t like a distribution, just take the source code and make your own. At that point, you would have to get it signed so it would run on a Secure Boot-protected system. Although now you are talking about supporting a fringe of a few well-meaning hackers vs. the greater issue of security.
“I want the software signed,” Cherry added. “I don’t want the system booting unsigned software because you don’t know what’s loading.” Not only would unsigned software allow for rootkits, there is full-disk encryption software and tracking software in case a laptop is lost or stolen. It could be possible to disable those security measures by using a non-signed operating system.
Why the Fuss?
Microsoft’s PC specs state that in order for a PC to get a “Designed for Windows 8” logo, the PCs must ship with the UEFI firmware and Secure Boot enabled. UEFI is a new firmware that replaces the ancient BIOS firmware in PCs. BIOS dates back to the origins of the PC, is written in 16-bit assembly code and has a whopping 1MB of addressable space. It’s taken a very long time, but the PC hardware industry has finally replaced it.
You can turn off Secure Boot, but one of the key elements of Secure Boot is that it will block any OS from booting that is not signed by a trusted Certificate Authority. If you turn off Secure Boot — and Microsoft does mandate that PCs have the option to disable Secure Boot — Windows 8 won’t run.
So why the fuss from the Linux community? Because in the Windows 8 PC specs, right on page 116, Microsoft says “Disabling Secure [Boot] MUST NOT be possible on ARM systems.”
First, there are no ARM PCs, nor will there be. ARM devices will be tablets only. And as the hobbyist site ExtremeTech points out, the iPad and every other tablet has a locked bootloader and will not load an unsigned operating system either. People hacking new operating systems for the HP TouchPad, which flooded the market thanks to a $99 fire sale, have to do firmware hacks before they can load something other than webOS.
“Tablets are a completely different market. PCs are bought to be a multi-purpose device, a device I can do pretty much whatever I want to do with it. I don’t want that in a tablet. I see the tablet as a much more closed environment and I am comfortable with,” said Cherry.
But, he admits, “this is as partisan as anything happening in Congress and I know of no neutral party, including myself.” Cherry wished that the UEFI consortium would make a statement to quell the complaints, perhaps on what it would take to get software signed for use with Secure Boot, but the group remains silent.
More articles in DesktopReview’s continuing series on the upcoming release of Microsoft’s next-generation Windows 8 operating system, scheduled for release sometime late this year.