Microsoft Changes Secure Boot Rules with Windows 10, Could Mean OS Lockout

Subject: General Tech | March 22, 2015 - 09:14 PM |
Tagged: windows 10, Secure Boot, microsoft, linux

Secure Boot is a security measure that prevents malware from interfering with the boot process, but it can also prevent unsigned operating systems from booting on the same hardware. While Microsoft’s “Designed for Windows 8” guidelines required manufacturers to permit users to disable the Secure Boot option, the upcoming Windows 10 release will not have this rule in effect. At WinHEC it has been revealed that Windows 10 guidelines leave it up to the OEM to decide if they will allow users to disable UEFI Secure Boot in the system setup, and making this optional presents an interesting question about compatibility with other operating systems. OEM's will be required to ship computers with Secure Boot enabled to comply with “Designed for…” rules, and while they could then choose to provide the option to disable it (currently the required standard), preventing user installation of other OS software could be seen as a way to streamline support by eliminating variables.


Image Credit: Ars Technica

Why does this matter if most people who purchase a Windows 10 computer will run Windows 10 on it? This could be an issue for someone who wished to either replace that Windows 10 installation with another OS, or simply dual-boot with an OS that didn’t support the Secure Boot feature (which could be a build of Linux or even an older version of Windows). Requiring OS files to contain digital signatures effectively locks out other operating systems without special workarounds or keys, and although open-source operating systems represent a small segment of the market thanks to the way computer hardware is sold to most people, it is concerning to think future hardware could cause a loss of the freedom of choice we have always had with operating systems.

Microsoft enjoys market dominance with Windows thanks to its licensing model (giving it a monopoly on pre-built PC systems that don’t have an Apple or Chrome logo on them), but reportedly began considering possibilities "to assert its intellectual property against Linux or any other open-source software” a decade ago, and this has reached farther than they probably imagined with the adoption of Android (from which Microsoft makes money on every device sold). Is this Secure Boot move nefarious, and does Microsoft consider Linux to be a potential threat to the their desktop market share? It could be that Microsoft would simply like to claim that Windows 10 is the safest version of Windows yet, and that isn’t a bad thing for consumers. Unless they want to easily use another OS on the hardware they purchased, that is.

Source: Ars Technica

ZDNet Seems to Say Secure Boot Still Sucks for Open Source

Subject: General Tech, Systems | January 1, 2013 - 12:01 AM |
Tagged: Secure Boot, uefi

Steven J Vaughan-Nichols of ZDNet published an update on the status of Secure Boot. Fans of Linux and other open-source operating systems have been outspoken against potential attempts by Microsoft to hinder the installation of free software. While the fear is not unfounded, the situation does not feel to be a house of cards in terms of severity.

Even without an immediate doomsday, there still is room for improvement.


The largest complaint is with Windows RT. If a manufacturer makes a device for Windows RT it will pretty much not run any other operating system. Vice versa, if an OEM does not load Windows RT on their device that PC will never have it. Windows on ARM is about as closed of a platform as you can get.

On the actual topic of Secure Boot, distributions of Linux have been able to sign properly as trusted. Unlike the downstream Fedora 18, Ubuntu 12.10, and others: the Linux Foundation is still awaiting a signed bootloader.

Other distributions will need to disable the boot encryption which many thought would forever be the only way to precede. While not worse than what we have been used to without Secure Boot, disabling boot encryption leaves Linux at a disadvantage for preventing rootkits. Somewhat ironic, we are stuck between the fear of being locked out of our device by a single entity and the fear of malice intentions not being locked out.

Source: ZDNet