Skip to comments.Microsoft explains Windows 8 boot to quell Linux fears
Posted on 09/23/2011 10:00:55 AM PDT by SeekAndFind
Microsoft has become locked in a dispute over whether the boot process in Windows 8 will block Linux from running on hardware designed for the next version of its flagship platform.
Windows 8 secure boot uses pre-OS boot checks, as well as third-party software checks, to ensure that users PCs remain healthy. Photo credit: Microsoft
Matthew Garrett, a power management and mobile Linux developer at Red Hat, raised questions in a blog post on Tuesday about dual-booting of Linux in Windows 8. He argued the use of Public Key Infrastructure (PKI)-based secure boot means either Windows 8 will be signed with a Microsoft key, with the public part of the key included on the system; or the hardware maker could use their own key and sign the pre-installed Windows.
"The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM [original equipment manufacturer] provided a new signed copy. The former seems more likely," Garrett said.
"A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux," he concluded.
On Thursday, Tony Mangefeste, a member of the Windows Ecosystem team, responded to the suggestions in a blog post that detailed what the secure boot system means for running alternative operating systems.
Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. Matthew Garrett
Unlike Windows 7, Windows 8 uses the Unified Extensible Firmware Interface (UEFI) secure boot protocol. This allows manufacturers to set up a security policy for the hardware that prevents people from running loaders for operating systems and software it does not recognise. Ultimately, the protocol is designed to make the computer safer from pre-OS boot attacks or malware.
The approach being taken by Microsoft is to provide the "best experience" first, Mangefeste said, by setting things up initially so most people will be protected against boot-loader attacks. After that, people can change the setting, if hardware makers give them the choice.
"At the end of the day, the customer is in control of their PC... For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision," Mangefeste said.
Secure boot is a UEFI protocol and not a Windows-specific feature, and hardware makers have the option of customising their firmware to specify the level of certificate and policy management, Mangefeste said. This means that the final decision will lie with them on whether to allow or disallow the disabling of secure boot.
"Secure boot doesn't 'lock out' operating system loaders, but is a policy that allows firmware to validate authenticity of components," Mangefeste said.
"Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows," he added.
However, in a subsequent blog post on Friday, Garrett claimed that Microsoft had not contradicted any of the points he had made, and that the situation he had described remained the same.
"Microsoft's rebuttal is entirely factually accurate. But it's also misleading," Garrett said. "The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows."
So.. if you don’t want Windows 8, just don’t buy it. Right? I don’t see anything wrong here.
are you using win 8?
does one have to be a techie to use it?
Win 8 is NOT out yet. You’ll have to wait another year for the major launch.
In the meantime there’s a lot of buzz because Microsoft has given copies away to a lot of tech people for them to check it out in advance.
I believe every participant in the latest MS developer’s conference were given a copy.
i meant the beta.
it’s available on line.
They weren't just given copies of the software, they were given tablets with it already installed.
I think the question is what happens when new computers start shipping with Win8 on them. With Microsoft’s track record of about 50% of their OS’s sucking, Win8 might be another dog.
I suppose that same can be said about anything new, like a car, which is why I wait a bit before buying anything so I know(as you said) whether or not it is a “dog”. One could always buy a Mac and really, how many typical home users are going to setup a dual boot machine in the first place?
Windows 8 is not the issue. The hardware is the issue.
China won't be held hostage by Gates & Co. They will continue to build hardware that will boot their bootleg windoze and modified linux.
The question comes about because many users of linux have dual boot loaders that allow the user to select from multiple OSs during the boot cycle. This would potentially disable the capability to choose at boot time.
Win 8 is a tablet-friendly OS first . Just say no and keep the 7. MS-Sources close to the debate are worried that there will be no justification for businesses in buying something replacing a very popular Win7.
It isn't beta... it is DP (Developer Preview) and the 'Metro" interface (like anything 'metro') SUCKS.
It has to be better than vista and IE9. I wish I knew how to put XP on here.
hmm.. the way I read it is that it is a hardware vendor’s choice on how to implement firmware for the final product. Either way, if someone does not want to deal with Windows 8, buy a machine (or better yet, build your own) that allows you to load whatever you want on it
It does suck. I loaded a laptop with it to check it out and I couldn't get the BIOS screen on boot-up anymore. So I wiped it.
So.. if you dont want Windows 8, just dont buy it. Right? I dont see anything wrong here.
It's not that simple. After Microsoft releases Windows 8, most new computers will be produced with it preinstalled and most hardware manufacturers don't sell a naked laptop. So, if you want to buy a new computer you'll almost certainly have to get one with Windows 8 preinstalled. Thus, with this new mechanism, Microsoft accomplishes two things.
First, it makes it hard for "grandma" to install an alternative operating system. Additionally, when "grandma" tries to install an alternative OS, all "grandma" will know is that it "doesn't work". Since "grandma" doesn't know or understand the technical reason why, "grandma" will associate the alternative OS not working as being a deficiency in the OS itself which will more firmly entrench Windows in "grandma's" mind as the OS that works.
The second accomplishment is that if Microsoft "convinces" hardware manufacturers to disable the ability for the user to disable this "protection" they essentially guarantee their continued monopoly in the OS space and can continue to leverage that monopoly into other software spaces. With Microsoft's difficulties in the OS space and the continued move toward applications being web-based and OS-neutral, you can be certain that Microsoft will apply substantial pressure on hardware makers to "convince" them to lock the user out from being able to load his or her own OS onto the new hardware. Thus, we could see Microsoft return to the questionable practices from the '80s and '90s which enabled it to gain its monopoly in the OS space to begin with.
Regardless, it prevents users from enjoying the control over the hardware that they bought. For example, say a user wants to stay with Microsoft OSes and wants to buy and install Windows 9 when it comes out. If the user is locked out from installing new OSes with this new "protection", he won't be able to do so. Rather, he will have to buy a new machine with Windows 9 preinstalled.
Yup... a brave new world, ain't it? now let's see if MS is as good at wiping out bios as it is wiping out drives...
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.