Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Summary: ... it's the OEMs you have to watch out for.
The Free Software Foundation seems to have caused a bit of a stir the other day by calling on PC users to stand up for their freedom to install free software onto their systems and demand that OEMs be responsible in how they use the UEFI 'secure boot' feature on Windows 8 PCs.
Note: For background on UEFI and 'secure boot' check out some of my previous posts on the matter:
- Yes, UEFI 'secure boot' could lock out Linux from Windows 8 PCs - Microsoft confirms that UEFI 'secure boot' might lock out Linux and older versions of Windows from new PCs - Windows 8 certification will make it 'difficult or impossible' to install Linux on PCs
This call to action seems to have created a rift here on ZDNet. In the 'Open Source' corner is Steven J. Vaughan-Nichols, who calls UEFI a 'cage' and urges everyone to sign the FSF's petition so that 'your PC remains in your hands and not Microsoft's'. In the 'Windows' corner is Ed Bott, who wonders who 'Linux fanatics' want to make 'Windows 8 less secure'.
Can't we all just get along? No ... oh well, it was worth a try.
Note: It's worth pointing out that 'secure boot' wouldn't just prevent PC owners from installing Linux on their system, but it would also block the installation of older versions of Windows too.
See, the problem here is that in order to see the real issue, you have to look beyond party lines. If you see this issue as a 'Windows vs. Linux' or 'Windows vs. Open Source' issue, then you FAIL, and you FAIL hard. Why? Because the 'enemy' (and I use that word loosely) here isn't Microsoft or Linux or even 'secure boot' - it's the PC OEMs who will be responsible for building the Windows 8 PCs.
It is true that Microsoft is making 'secure boot' a mandatory part of the Windows 8 logo certification program, which means that if any OEM wants to slap that Windows 8 logo on the PCs they're shoveling out of the door, those systems are going to have 'secure boot' enabled. And no big-box OEM is going to sell uncertified PCs because that would put them at an enormous disadvantage from a marketing point of view.
So 'secure boot' is coming.
But what's important to note here is that Microsoft making 'secure boot' mandatory isn't part of some grand plan at world domination. 'Secure boot' is a good thing because it will be a valuable line of defense against rootkit malware infection. Rootkits are nasty are damn hard to remove, so anything that blocks them from being installed is a good thing. Bott is right, 'secure boot' will make Windows 8 more secure.
But ...
Next -->
(Image credit: Silly Little Man)
The problem is that Microsoft is putting the decision as to whether 'secure boot' can be disabled in the hands of the OEMs (even UEFI firmware makers won't get a say in this). While a Windows 8 certified PC must have the 'secure boot' enabled, there's no requirement that OEMs fit a kill-switch.
And there's the root of the problem.
OEMs are in a race-to-the-bottom to build the cheapest PC possible at a specific price point, and that often means cutting corners and features. One feature that could get the chop (both for cost reasons and to keep users safe from themselves) is a kill-switch for 'secure boot'. Bott actually backs up this point, albeit inadvertently, with the following statement:
PC profit margins are razor thin. A single 10-minute support call can eat through the entire profit that an OEM makes on a computer sold in the retail channel. If the call goes on for long enough, it gobbles up the profit for 10 PCs.
Do OEMs really want users having the ability to disable 'secure boot'? How long is a support call related to a rootkit infection going to take? What's more likely - calls from people who have hosed their systems after goofing around with UEFI settings, or calls from people wanting to install Linux on their new PC?
Think OEMs wouldn't cut out a feature out of a system for no reason? Ponder on this example for a moment. I've come across numerous PC systems from a number of different OEMs where the CPU supported hardware virtualization but for some inexplicable reason it was hard disabled in the BIOS with no mechanism to switch it on. Unlike Bott, who says that OEMs 'would be insane not to' make fit a 'secure boot' kill-switch, I never assume that OEMs won't do stupid, bone-headed things because I've seen them do plenty of stupid, bone-headed things in the past.
This is why Vaughn-Nichols is also right. We do need to sign the FSF petition to make sure that OEMs use 'secure boot' responsibly on Windows 8 systems. There's no technical reason for them not to (the Windows 8 tablets handed out to //BUILD/ participants had an option to disable the feature), but since we can't just assume that the OEMs will always do the right thing, we need to put pressure on them to do the right thing and make sure that a 'secure boot' kill-switch is present in the UEFI firmware of all systems they ship.
So, Vaughn-Nichols and Bott are both right - That's not the sort of thing that happens every day.
Note: Alternatively, build you own system. Any UEFI motherboard that you buy will have a 'secure boot' option that can be toggled.
(Image credit: L. Marie)
<< Home >>
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Support call for a rootkit infection?
Sorry, I'm with Ed on this. It's not up to MS to tell OEM's or even firmware makers what options to offer. And when I look at the menus I get from my current PCs BIOS configuration, Secure Boot on/off would fit right in.
Simple Avoid Windows 8
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Which planet are you from?
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Well, there certainly are choices. Always have been. Feel free to use whatever best suits your needs.
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Choices a and b don't actually run on PCs, do they?
(yes I know there's an Android emulator, but it still needs Windows)
Besides, this is for *new* PCs that will come with Windows 8 *pre-installed*.
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Android-x86
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Be a fanboy all you want and I get that, but lets be serious here. Windows is for serious people, not geeks who want to 'tinker' and play with the command line. Many linux OS's tell you, that to 'fiix' things or even initially do some things, you must drop to terminal and deal with it. Your average computer user, has no desire to deal with that. Why do you think macosX is on the rise in market share , leaving linux in the proverbial dust ?
Linux is 'restrictive', windows is not.
Try playing your favorite games in linux, without bugs and slowness and you get why linux is problematic for millions of users, and why its marketshare is tanked.
Not to mention Linux playing with mono, against warnings from the FSF. Real mature.
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
And what does the mobile market have to do with Windows 8? Shows you are a bit biased against Microsoft. Did they sack your pirated copy of Windows 7? :-)
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
What is "OLD Windows"? Sorry but yea you
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Then don't use Windows 8. Period. Join the group...
I myself have read plenty about Windows 8, most reviews are positive and certainly nobody has said its not a very quick stable trouble free OS. Sounds good to me, particularly when I read some user reviews that plainly say they think its great and enjoy it and think its a step in the right direction.
So don't use Windows 8. But sorry to tell you Microsoft will not be simply "keeping" their OS, they will be selling it by the countless millions soon, and you not using it...PERIOD, will not alter that reality one little bit.
@~MIRV~
"You're living in fairyland. If consumers really had choice, Microsoft would be broke."
People have had many choices and for a long time now. More then long enough to tank Microsoft if people really didnt want Windows.
You are just ignoring reality and soory but the fact exists that Apple has been around a long time, and Linux in numerous flavors has been around a long time, and been available for free. People really really love free stuff, but appearantly they dont like Linux a whole lot.
The only way your statement could be close to correct is if in fact your implying that neither Linux or Apple provide any real choice for consumers because they are non starters for whatever reason,they dont cut the mustard. While I know many who would disagree with that approach, I guess you could be looking at the Linux/Mac vs. Windows usage base and maybe have decided that after all these years with Windows still covering around 90% of users that Macs and Linux provide for no real alternative at all.
Maybe they dont and maybe thats the real bottom line.
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
You can call an OEM when your machine gets infected?
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
The problem is that the average user, not we techie geeks that read this newsletter, can't tell a root-kit infection from a disk crash.
So, yes, a lot of people that get infections like this will call tech support to find out what has happened to thier computer that "suddenly started giving me these wierd errors!".
Then the tech support person has to dig out the real symptoms from a person that calls thier computer a "hard drive" (yes, I have a client that does just that!), and determine that it is in fact a root-kit infection that isn't covered rather than a hardware failure that is under warrenty.
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
SecureBoot is *already* there in UEFI. That's how Apple locks their hardware from booting any other OS without the use of their proprietary VM software. Of course, the existence of "Hackintoshes" shows that it's *completely* possible to disable the SecureBoot...& shows that the Linuxite fears are groundless.
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
But the point is you shouldn't have to hack a tickbox that should already be there in the UEFI but with no guarantees that it will.
I'm not interested in doing a workaround just to cater to some predatory monopoly.
RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs
Then we should be hearing you yell as loudly about Apple's monopoly as you do about Microsoft -- moreso, in fact, since Apple *directly* controls the manufacture of the hardware that implements the UEFI preventing non-Apple OSs from being loaded.