There's a report circulating -- originating with a Red Hat employee -- that says Microsoft's new secure-boot functionality in Windows 8 could preclude users from running both Windows and Linux on their PCs.
True or false? Well-grounded or unfounded? Microsoft execs will not comment -- which is leading many to assume it's true.
Matthew Garrett, a power management and mobile Linux developer at Red Hat, blogged about the possible lock-out scenario on September 20. He explained how the Unified Extensible Firmware Interface (UEFI) technology and Microsoft's secure-boot plans -- outlined in a new blog post on the "Building Windows 8" blog this week -- potentially could thwart those who want to dual boot Linux and Windows 8 on their Windows 8 machines.
Garrett's conclusion: "It's probably not worth panicking yet. But it is worth being concerned."
Microsoft officials have said -- via a UEFI session at the company's recent Build conference, along with the aforementioned blog post -- all that they are going to say on the topic.
Here's what Microsoft has said, re: its secure boot plans for Windows 8. These tidbits are from the previously mentioned Build session on UEFI:
- All firmware and software in the boot process must be signed by a trusted Certificate Authority (CA)
- Required for Windows 8 client
- Does not require a Trusted Platform Module (TPM)
- Reduces the likelihood of bootkits, rootkits and ransomware
Another slide from the same talk:
(click on slide to enlarge)
Garrett's interpretation of Microsoft's shared information on the topic:
"Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.
"A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux."
I can't resist a rant here: The Windows team's decision not to comment on this report is an example of the new communication strategy that Microsoft seems to be instituting with Windows 8: Clarification on any Windows 8 topic -- not only features and policies that are still unannounced, but also those that already have been disclosed publicly -- apparently will not be provided by anyone from Microsoft in an official capacity. The result: An increasing amount of misinformation about Windows 8 is circulating, and Microsoft is doing little or nothing to correct it.
I understand Microsoft's increased desire for secrecy around its Windows plans, something company officials began pushing post-Vista. (I haven't always agreed with the goal, especially when it results in FUD for customers attempting to make rational buying decisions or OEM/ISV partners attempting to build products that work with Windows.) But allowing wrong information to go unchecked in the name of wanting to control the message and the way it is delivered seems like bad business to me....
Back on topic: Does anyone out there have any more to share (in an official capacity or not) about whether you think the new Windows 8 secure boot technologies and policies will block users from dual-booting Linux? Ars Technica's take: "Ultimately, the Windows 8 changes aren’t likely to wipe out Linux dual-boot scenarios, but they could restrict the types of hardware that will allow them." Other opinions?
Update: Microsoft officials have posted more on UEFI and secure boot. After reading it, I still don't know whether anything about Windows 8's implementation of secure boot will block Linux. Anyone out there able to tell more from the September 22 post on the Building Windows 8 blog?
Update no. 2: (September 23): I gave it my best shot. Here's my attempt at deciphering what Microsoft's response on this issue means: Microsoft: Don't blame us if Windows 8 secure boot requirement blocks Linux dual-boot