Leading PC makers confirm: no Windows 8 plot to lock out Linux

Leading PC makers confirm: no Windows 8 plot to lock out Linux

Summary: The drumbeat from Linux advocates about a key security feature in Microsoft's forthcoming Windows 8 is getting louder. They call it an anti-Linux plot. But the two leading PC makers disagree with them. I've got exclusive details.

SHARE:

The campaign to spread FUD about Windows 8 is picking up momentum. In the past week, high-profile Linux advocates have tried to add fear, uncertainty, and doubt into what should be a smooth process for implementing a new next-generation security feature. They've succeeded in creating controversy, but they've also, unfortunately, muddled many of the underlying technical issues.

As I noted last month, the crux of their argument is that Microsoft is deliberately requiring a change in PC hardware that will make it impossible to wipe off a Windows installation and install Linux. The Free Software Foundation even launched an online petition demanding that PC makers "respect user freedom."

Maybe they should be speaking with the companies that actually build those systems.

That's what I did yesterday, when I spoke with representatives of the two largest PC makers in the world.

In an e-mail exchange and a follow-up phone conversation, a Dell spokesperson told me, "Dell has plans to make SecureBoot an enable/disable option in BIOS setup." (That's exactly what the FSF is demanding.) Dell plans to move to the UEFI version that includes Secure Boot in the Windows 8 timeframe, although the spokesperson told me it's far too soon to provide any further details about the company's plans for Windows 8 PCs.

I also contacted HP's PC division, where a spokesperson had to scramble to find anyone within the organization who was even familiar with the issue. Although engineers are busy working on Windows 8 plans, product managers and senior executives are still focused on building and selling the tens of millions of PCs that will be sold with Windows 7 in the next year.

The spokesperson confirmed for me that HP has no plans to participate in any conspiracy against a non-Windows OS: "HP will continue to offer its customers a choice of operating systems. We are working with industry partners to evaluate the options that will best serve our customers."

Those comments are on top of a statement from a spokesperson for leading BIOS maker AMI, who told me last month that "AMI will advise OEMs to provide a default configuration that allows users to enable / disable secure boot, but it remains the choice of the OEM to do (or not do) so."

In fact, the closer you look at the movement against the Secure Boot feature, the more apparent it becomes that this is about propaganda, not technology.

Last week, the Linux Foundation published a white paper, Making UEFI Secure Boot Work With Open Platforms. It's written in apparently neutral language, until you begin looking at it more closely.

For example, on page 3 of the white paper, under the heading "Booting Closed Operating Systems," the authors call out Microsoft's Windows chief by name:

Obviously, a closed operating system could be booted identically to an open one above and still retain all its secure features ... However, Steven Sinofsky has suggested in his blog posting “Protecting the pre-OS environment with UEFI”:

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

that the average platform owner might wish to give up control of the PK (and with it control of the signature database) to Microsoft and the OEM suppliers of the platform.

First of all, that's factually in error: the blog post in question was written by Microsoft's Tony Mangefeste, who works on the Ecosystem team that in turn coordinates with PC hardware makers. More importantly, note the use of the term "suggested" and the absence of any direct quote from the linked blog post. There is in fact nothing in that Microsoft blog post that says any such thing. The exact opposite is true. Here's what the blog post says:

Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows ...

Who is in control?

At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility.

The Linux Foundation white paper makes some interesting suggestions about how PC hardware makers can implement the new UEFI standard on systems they ship next year. They should probably be sending the white paper to Dell, HP, Lenovo, Toshiba, and other leading PC OEMs, as well as to companies like AMI that make the UEFI firmware. There's plenty of time for those suggestions to be incorporated in PCs that will be shipped with Windows 8 in roughly a year.

But one of the suggestions is an absolute non-starter:

To enable proper operation with open systems, all UEFI secure boot platforms should ship in setup mode, with no Platform Key installed. This enables the Platform Owner to take control of the platform securely by installing their own platform key or allowing the Operating System install process to do so.

That's not going to happen. The overwhelming majority of PCs ship with Windows preinstalled. Among consumers, only a tiny percentage of enthusiasts want to replace the preinstalled operating system. Both Microsoft and the hardware makers have a rational desire to make the out-of-box experience as simple as possible. Asking consumers with no technical background to opt in to the Secure Boot process and manually install a certificate during their initial setup of the PC adds needless complexity to the process.

No, the real goal of the campaign against Secure Boot is to whip up antipathy toward Microsoft and its hardware partners. And it's already working.

On Google+, Jan Wildeboer, who lists his occupation as an evangelist for Linux vendor Red Hat, recently posted a link with the inflammatory text: "The Lock-in with "secure' boot is reality. Read here. HP, please fix ASAP."

The shared link, from another Open Source advocate, contains still more inflammatory text about "disturbing news on the UEFI/Secure Boot situation. Evidently, we don’t have to wait until the release of Windows 8 to find GRUB locked out of the boot sector on new computers."

That Google+ post ultimately leads to this blog post: UEFI Headaches Begin For Linux Users. It contains a secondhand account from an unidentified person in Oregon, who writes:

My friend recently got an HP s5-1110 with Win 7 installed. UEFI has prevented the installation of GRUB on this machine.

Got it? A Red Hat evangelist links to a Google+ post from some guy, who links to a blog post from some other guy, who quotes an unidentified person who tells a story about "a friend."

I am not making this up.

The PC in question is an HP Slimline. Here are its specs. It's a small-form-factor consumer PC that ships with Windows 7. It doesn't include the Secure Boot feature in its firmware. (To my knowledge, the only PC that currently includes that feature is the prototype Samsung device that was given to attendees at Microsoft's BUILD conference in September.)

The person who complained about being unable to install Linux on that machine needs to go take a course in how to boot a PC using optical media. The blog post and its comments are filled with laughable inaccuracies.

And yet an employee of Red Hat is spreading this story as an example of why Linux users need to rise up and demand their rights.

That, ladies and gentlemen, is how a FUD campaign works.

Related posts:

Why do Linux fanatics want to make Windows 8 less secure?

With Windows 8, Microsoft can't forget past antitrust issues

Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

Topics: Linux, Browser, Hardware, Hewlett-Packard, Microsoft, Open Source, Operating Systems, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

418 comments
Log in or register to join the discussion
  • This can not be. The Linux Foundation says otherwise

    and we know that they have no hidden agenda, as they claim they do not.

    :|
    Tim Cook
    • I'll take that as sarcasm

      @Mister Spock
      ;)
      William Farrell
      • No point locking what kills itself out

        It already does itself to 0% market share anyway.
        LBiege
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        Doesn't seem like FUD to me, IF the OEMs refuse to provide SOME WAY to declaw UEFI for that 1%, even if it's just a little program you download from manufacturer's website that disables UEFI for you and unlocks the boot sector.
        ZazieLavender
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @ZazieLavender

        <i>IF the OEMs refuse to provide SOME WAY to declaw UEFI for that 1%, even if it's just a little program you download from manufacturer's website that disables UEFI for you and unlocks the boot sector.</i>

        Well, this is the problem - The whole thing revolves around Windows 8 certification that is pretty much the major place where Microsoft has clout with vendors (and they have a LOT of clout, believe-you-me), and one of the requirements is not just that the system has secure-boot enabled UEFI, but that SecureBoot cannot be disabled programmatically. So the vendor can't provide a small program to disable it, but they may be able to allow it to be disabled by the user accessing the firmware setup itself.
        daftkey
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @ZazieLavender If you allow the security to be disabled with a small program, it is no longer secure. That is the entire point of putting this extra security on the machines. It's to prevent small programs from taking over the machine. At that point, you'd be installing better locks, but then handing out your keys to all the criminals. What's the point?

        This entire media uproar is mental. The hardware vendors will still be selling Linux boxes without this extra security measure active. Servers are often sold with no OS installed. On top of that, most Linux users are probably building their own systems anyway.

        Personally, I've been saying they should have secure UEFI booting for ages and I'm glad to see it finally coming down the pike. Protecting 99% of users is more important than catering to the whims of a whiny 1%. In fact, I'd someday like to see a secured VM host kernel that boots from ROM with the OS image loaded as a VM session rather than booted. Nothing should touch the kernel and the OS should be a kill-able process to prevent tampering.
        BillDem
        • Completely agreed!

          I am, and have been, an arch linux dev for years. Prior to that, I was a gentoo dev. Microsoft's latest move affects me in no way. As long as I always have the option of building my own machine, I will do so.

          The only time I see this being even remotely negative, is when something bad happens in windows (e.g. file system corruption), and I'd like to boot from a linux rescue disk, simply to try and salvage a friend's files. I *could* use a Windows rescue disk, but Linux is just what I'm comfortable with.
          L.j. Tibbs
      • MS Track record clearly states that any FUD

        has some teeth to it.

        Otherwise ask other MS competitors:

        WordPerfect
        Visicalc
        Borland all products
        Netscape.

        MS has a sneaky way of getting rid of its competitors.

        Personally I shall avoid win 8 as much as possible. Most of my development now is on Android and thats were it will stay. There is a little WPF thats required by clients but other than that, phasing it all out.
        Uralbas
      • @LBiege Linux is the basis of Android

        so its market share is considerable.<br><br>Any "inconvenience" will have a ripple effect.<br><br>MS knows its losing on all fronts. This is because a SalesMan leads it and not a Tech guy. As long as that happens. Business will go the way it does and MS will keep on losing market share and relevance. Then one day it will realize too late like it did with its windows phones, that their products are irrelevant. <br><br>Technology is for those who make the future and work with others to make it happen. Apple does this with big corporations (media companies and telcos) so it can keep on growing.<br><br>MS use to do this with PC manufacturers. Though given how much power cellphone's have now a days, it is not far fetched to replace PCs for non technical tasks. Tasks that require processing power will still be based on Intel/Amd/MS in the near future. But take a look at the new ARM servers. Its just a matter time.
        Uralbas
    • Unfortunately from decades of past experience ....

      @Mister Spock
      .... if this hadn't started as a FUD campaing there would be no options till it is TOO LATE!
      Although I don't condone inaccuracies, sometimes you have to make a huge racket to get attention to a problem while it is small.
      :-(
      kd5auq
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @kd5auq My problem with this is that it IS a small PROBLEM! Why is less than 1% of the computer USERS so concerned. I can't install OSX on my machine :-)
        bvonr
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @bvonr: Uhm... So you'd say the same about a law that runs right over minorities that's <1% of the population, just because the majority aren't affected at all? "Small problem"?
        Edit: Not being able to install OSX is because of Apple.
        Natanael_L
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @kd5auq
        No one judges inaccuracies, they are usuall not planned. However, a planned, regimented, deliberate spreading of inaccuracies becomes lies, and I have a Problem with that!
        eargasm
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @kd5auq
        You sound like a polition to me. Lie until you are caught then find excuses.
        arlkay1
      • That's self-serving speculation.

        @kd5auq Since there are no systems that have UEFI with SecureBoot active (or inactive) in the consumer market - and since the first ones won't be out for a bit... AND since every OEM so far has said they planned to make it switchable anyway... AND given that the lead time for design and implementation is fairly long... AND since Microsoft has NEVER mandated that UEFI computers require SecureBoot be on and locked on - it's far, far more likely that no one had ever planned to do this in the first place.

        Seriously, Linux people have the ego of Mac fans with 1/10th the user base. It's really quite something.
        TheWerewolf
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @kd5auq

        Read my lips: no new taxes
        Alan Smithie
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @bvonr<br>Because linux users already have the ability to install linux in an unrestricted manner. How would you like it if suddenly you were locked out from your choice operating system? So what if they are a small marketshare?<br><br>Its not a FUD campaign, linux users were genuinely worried about the implications of this securenboot feature. It would be very possible for them to be locked out so they made noise about it to make sure their voice is heard, and that this doesn't happen.
        bwat47
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @kd5auq Very true!
        wmatthews702
    • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

      @Mister Spock It's absolutely FUD ... I mean Ed Bott asked HP, a company who knows exactly what it wants to do with its PC division.
      davidr69
      • RE: Leading PC makers confirm: no Windows 8 plot to lock out Linux

        @davidr69 :D
        Natanael_L