Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

Summary: ... it's the OEMs you have to watch out for.

SHARE:

The Free Software Foundation seems to have caused a bit of a stir the other day by calling on PC users to stand up for their freedom to install free software onto their systems and demand that OEMs be responsible in how they use the UEFI 'secure boot' feature on Windows 8 PCs.

Note: For background on UEFI and 'secure boot' check out some of my previous posts on the matter:

Yes, UEFI 'secure boot' could lock out Linux from Windows 8 PCsMicrosoft confirms that UEFI 'secure boot' might lock out Linux and older versions of Windows from new PCsWindows 8 certification will make it 'difficult or impossible' to install Linux on PCs

This call to action seems to have created a rift here on ZDNet. In the 'Open Source' corner is Steven J. Vaughan-Nichols, who calls UEFI a 'cage' and urges everyone to sign the FSF's petition so that 'your PC remains in your hands and not Microsoft's'. In the 'Windows' corner is Ed Bott, who wonders who 'Linux fanatics' want to make 'Windows 8 less secure'.

Can't we all just get along? No ... oh well, it was worth a try.

Note: It's worth pointing out that 'secure boot' wouldn't just prevent PC owners from installing Linux on their system, but it would also block the installation of older versions of Windows too.

See, the problem here is that in order to see the real issue, you have to look beyond party lines. If you see this issue as a 'Windows vs. Linux' or 'Windows vs. Open Source' issue, then you FAIL, and you FAIL hard. Why? Because the 'enemy' (and I use that word loosely) here isn't Microsoft or Linux or even 'secure boot' - it's the PC OEMs who will be responsible for building the Windows 8 PCs.

It is true that Microsoft is making 'secure boot' a mandatory part of the Windows 8 logo certification program, which means that if any OEM wants to slap that Windows 8 logo on the PCs they're shoveling out of the door, those systems are going to have 'secure boot' enabled. And no big-box OEM is going to sell uncertified PCs because that would put them at an enormous disadvantage from a marketing point of view.

So 'secure boot' is coming.

But what's important to note here is that Microsoft making 'secure boot' mandatory isn't part of some grand plan at world domination. 'Secure boot' is a good thing because it will be a valuable line of defense against rootkit malware infection. Rootkits are nasty are damn hard to remove, so anything that blocks them from being installed is a good thing. Bott is right, 'secure boot' will make Windows 8 more secure.

But ...

Next -->

(Image creditSilly Little Man)

The problem is that Microsoft is putting the decision as to whether 'secure boot' can be disabled in the hands of the OEMs (even UEFI firmware makers won't get a say in this). While a Windows 8 certified PC must have the 'secure boot' enabled, there's no requirement that OEMs fit a kill-switch.

And there's the root of the problem.

OEMs are in a race-to-the-bottom to build the cheapest PC possible at a specific price point, and that often means cutting corners and features. One feature that could get the chop (both for cost reasons and to keep users safe from themselves) is a kill-switch for 'secure boot'. Bott actually backs up this point, albeit inadvertently, with the following statement:

PC profit margins are razor thin. A single 10-minute support call can eat through the entire profit that an OEM makes on a computer sold in the retail channel. If the call goes on for long enough, it gobbles up the profit for 10 PCs.

Do OEMs really want users having the ability to disable 'secure boot'? How long is a support call related to a rootkit infection going to take? What's more likely - calls from people who have hosed their systems after goofing around with UEFI settings, or calls from people wanting to install Linux on their new PC?

Think OEMs wouldn't cut out a feature out of a system for no reason? Ponder on this example for a moment. I've come across numerous PC systems from a number of different OEMs where the CPU supported hardware virtualization but for some inexplicable reason it was hard disabled in the BIOS with no mechanism to switch it on. Unlike Bott, who says that OEMs 'would be insane not to' make fit a 'secure boot' kill-switch, I never assume that OEMs won't do stupid, bone-headed things because I've seen them do plenty of stupid, bone-headed things in the past.

This is why Vaughn-Nichols is also right. We do need to sign the FSF petition to make sure that OEMs use 'secure boot' responsibly on Windows 8 systems. There's no technical reason for them not to (the Windows 8 tablets handed out to //BUILD/ participants had an option to disable the feature), but since we can't just assume that the OEMs will always do the right thing, we need to put pressure on them to do the right thing and make sure that a 'secure boot' kill-switch is present in the UEFI firmware of all systems they ship.

So, Vaughn-Nichols and Bott are both right - That's not the sort of thing that happens every day.

Note: Alternatively, build you own system. Any UEFI motherboard that you buy will have a 'secure boot' option that can be toggled.

(Image credit: L. Marie)

<< Home >>

Topics: Software, Hardware, Linux, Microsoft, Open Source, Operating Systems, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

120 comments
Log in or register to join the discussion
  • Support call for a rootkit infection?

    That call will last less than 30 seconds. The OEM operator will say, "your machine is infected, sorry, not our problem" and hang up.

    Sorry, I'm with Ed on this. It's not up to MS to tell OEM's or even firmware makers what options to offer. And when I look at the menus I get from my current PCs BIOS configuration, Secure Boot on/off would fit right in.
    hornerea
    • Simple Avoid Windows 8

      Now you do have choices:<br><br>A) Android<br>B) MacOS<br>C) Linux<br>D) Old Windows<br><br>I am not going to use Windows 8 Period. MS can keep their OS. With Android and IOS there are choices, this is a fact MS has failed to recognize and like smart phones before. By the time they react it shall too late and Windows will become irrelevant!<br><br>Proof, just look at how much market share Mobile and Apple currently hold. MS activations keep declining in all fronts.
      Uralbas
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @Uralbas
        owlnet
        • Which planet are you from?

          @owlnet
          owlnet
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @Uralbas

        Well, there certainly are choices. Always have been. Feel free to use whatever best suits your needs.
        Badgered
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @Uralbas
        Choices a and b don't actually run on PCs, do they?
        (yes I know there's an Android emulator, but it still needs Windows)
        Besides, this is for *new* PCs that will come with Windows 8 *pre-installed*.
        CarlitosLx
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @CartlitosLx: Actually...

        Android-x86
        Natanael_L
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @Uralbas Are you kidding me,,,linux has worse fragmentation than even android. I'd take windows any day of the week. Installing certain proprietary apps is a no brainer in windows, compared with the nutty way linux deals with it . Ubuntu even calls it 'restrictive', as if thats a fair term for a company that went out of its way to support linux . Real nice, but then thats often that 'tude' you get within the linux world.

        Be a fanboy all you want and I get that, but lets be serious here. Windows is for serious people, not geeks who want to 'tinker' and play with the command line. Many linux OS's tell you, that to 'fiix' things or even initially do some things, you must drop to terminal and deal with it. Your average computer user, has no desire to deal with that. Why do you think macosX is on the rise in market share , leaving linux in the proverbial dust ?

        Linux is 'restrictive', windows is not.

        Try playing your favorite games in linux, without bugs and slowness and you get why linux is problematic for millions of users, and why its marketshare is tanked.

        Not to mention Linux playing with mono, against warnings from the FSF. Real mature.
        heyu
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @Uralbas : Last I checked "Android" ain't a PC OS. Maybe you mean buggy Chrome OS?

        And what does the mobile market have to do with Windows 8? Shows you are a bit biased against Microsoft. Did they sack your pirated copy of Windows 7? :-)
        Gisabun
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @Uralbas

        What is "OLD Windows"? Sorry but yea you
        timothycpa@...
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @Uralbas: You're living in fairyland. If consumers really had choice, Microsoft would be broke. Unless you're into building your own system from parts (which I do), its very difficult to buy a new PC (let alone laptop) without the latest version of Windows preinstalled. OEMs don't have the choice either, as unless they meet the demands of the Redmond mafia, they don't get their OEM Windows licenses as cheap, which means the OEM either loses profit or increases price. If you could go to any computer shop and choose from your list which OS you wanted (if any), that would be choice. When the choice is Windows8, Windows 8 or erm... Windows 8 (or go build your own), what kind of choice is that? OEMs will fall in line with Microsoft, because their bottom line depends on it. Microsoft generates their market afterall. OEM licensing of Windows means that if users need to upgrade their Windows - due to lack of support from Microsoft - they need to buy a new computer (even buying a copy of Windows separately is out of the question as newer Windows is always designed to require newer hardware). It's a rort, with both Microsoft and OEMs teaming up to devise ways to cheat more and more money out of consumers. There's even less choice with Apple (due to limited hardware offings), but that's a whole different story.<br><br>@heyu: dude, you sound like a dumb **** teenager. have you even used linux? i mean, really? for anything other than trying to install call of duty (for windows)? seriously mate, get a friggin clue.
        ~MIRV~
      • Then don't use Windows 8. Period. Join the group...

        ...because I understand there is actually a group, a group that amounts to about a total of 10% users who do not use Windows.

        I myself have read plenty about Windows 8, most reviews are positive and certainly nobody has said its not a very quick stable trouble free OS. Sounds good to me, particularly when I read some user reviews that plainly say they think its great and enjoy it and think its a step in the right direction.

        So don't use Windows 8. But sorry to tell you Microsoft will not be simply "keeping" their OS, they will be selling it by the countless millions soon, and you not using it...PERIOD, will not alter that reality one little bit.
        Cayble
      • @~MIRV~

        You say:
        "You're living in fairyland. If consumers really had choice, Microsoft would be broke."

        People have had many choices and for a long time now. More then long enough to tank Microsoft if people really didnt want Windows.

        You are just ignoring reality and soory but the fact exists that Apple has been around a long time, and Linux in numerous flavors has been around a long time, and been available for free. People really really love free stuff, but appearantly they dont like Linux a whole lot.

        The only way your statement could be close to correct is if in fact your implying that neither Linux or Apple provide any real choice for consumers because they are non starters for whatever reason,they dont cut the mustard. While I know many who would disagree with that approach, I guess you could be looking at the Linux/Mac vs. Windows usage base and maybe have decided that after all these years with Windows still covering around 90% of users that Macs and Linux provide for no real alternative at all.

        Maybe they dont and maybe thats the real bottom line.
        Cayble
    • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

      @hornerea
      You can call an OEM when your machine gets infected?
      kirovs@...
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @kirovs@...
        The problem is that the average user, not we techie geeks that read this newsletter, can't tell a root-kit infection from a disk crash.
        So, yes, a lot of people that get infections like this will call tech support to find out what has happened to thier computer that "suddenly started giving me these wierd errors!".
        Then the tech support person has to dig out the real symptoms from a person that calls thier computer a "hard drive" (yes, I have a client that does just that!), and determine that it is in fact a root-kit infection that isn't covered rather than a hardware failure that is under warrenty.
        VBJackson
    • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

      @hornerea Then why IS Microsoft telling OEMs what options to offer already - i.e. including secure boot in the first place? This argument doesn't follow from the facts.
      jgm@...
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @jgm@... <br><br>The functionality for secure boot will <b>already exist</b> in the firmware/hardware, Microsoft is saying that they want to make use of it for Windows 8 to make it more secure.<br><br>So how does this not follow the facts?
        PollyProteus
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @jgm@...

        SecureBoot is *already* there in UEFI. That's how Apple locks their hardware from booting any other OS without the use of their proprietary VM software. Of course, the existence of "Hackintoshes" shows that it's *completely* possible to disable the SecureBoot...& shows that the Linuxite fears are groundless.
        spdragoo@...
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        [i]SecureBoot is *already* there in UEFI. That's how Apple locks their hardware from booting any other OS without the use of their proprietary VM software. Of course, the existence of "Hackintoshes" shows that it's *completely* possible to disable the SecureBoot...& shows that the Linuxite fears are groundless.[/i]

        But the point is you shouldn't have to hack a tickbox that should already be there in the UEFI but with no guarantees that it will.

        I'm not interested in doing a workaround just to cater to some predatory monopoly.
        ScorpioBlue
      • RE: Microsoft isn't the enemy when it comes to blocking Linux on Windows 8 PCs

        @ScorpioBlue

        Then we should be hearing you yell as loudly about Apple's monopoly as you do about Microsoft -- moreso, in fact, since Apple *directly* controls the manufacture of the hardware that implements the UEFI preventing non-Apple OSs from being loaded.
        spdragoo@...