Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

Summary: Microsoft officials provided more information on plans for UEFI secure boot support in Windows 8 in response to fears by some users that they may be blocked from dual-booting Linux on Windows 8 machines.

SHARE:

Microsoft officials have indirectly attempted to address concerns that surfaced earlier this week that Windows 8's secure boot implementation might end up blocking users who want to dual-boot Linux on Windows 8 PCs. The Microsoft response -- a September 22 blog post on the Building Windows 8 blog -- doesn't ever mention the word "Linux." Instead, the post adds more information on Windows 8's support for the Unfied Extensible Firmware Interface (UEFI) and the secure boot protocol that is part of it.

"For the enthusiast who wants to run older operating systems, the option (disabling secure boot) is there to allow you to make that decision," said the Microsoft blog post. (The statement didn't specify whether this is a reference to older versions of Windows only or if it also applies to Linux and other operating systems.)

In the comments section of the post, Windows President Steven Sinofsky got a little closer to directly addressing the issue, noting "How secure boot works with any other operating systems is obviously a question for those OS products :-)."

In the September 22, Microsoft officials noted that:

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

"Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems," according to the post.

Microsoft officials told attendees of the recent Build developers conference that Windows 8 clients must be certified in UEFI mode, and that support for secure boot is a Windows 8 certification requirement. But even though Microsoft is requiring OEMs to support secure boot in UEFI as part of its certification requirements, "OEMs are free to choose how to enable this support," the new post said.

In other words, with Windows 8 certified systems secure boot support has to be there, but OEMs can decide whether or not they want to allow customers to be able to turn it off and how they handle the signature process for supported operating system versions. In the September 22 post, officials said that Microsoft designed the Windows 8 firmware to allow customers to disable secure boot in the Windows 8 Developer Preview release if they so choose.

By mandating UEFI secure boot support as a Windows 8 requirement, Microsoft is attempting to better secure Windows machines, which is a good thing, obviously. Some have suggested those wanting dual-boot simply run Linux in a VM on Windows 8. But, as the relatively small contingent of users who want to dual-boot Linux note, if the requirement results in users who pay for Windows machines being unable to use them in the way they want, is this fair -- or even legal?  Thoughts, readers?

Update (September 26): Red Hat employee Matthew Garrett -- whose post last week kicked off the whole Windows 8 UEFI controversy, has posted a two-part response to Microsoft's latest post on this topic. It ends with:

"Microsoft's rebuttal is entirely factually accurate. But it's also misleading. The truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market. And the truth is that Microsoft haven't even attempted to argue otherwise."

Update No. 2: It looks like some Australian Linux users are agitating for possible antitrust-focused legal actions over the coming UEFI secure boot changes.

Topics: Linux, Hardware, Microsoft, Open Source, Operating Systems, Software, Windows

About

Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

271 comments
Log in or register to join the discussion
  • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

    For the 99.999% of users who never need to install another OS, secure boot is a good thing. For the 0.001% of people who do need to install another OS, I think they are also smart enough to disable secure boot so they can install Windows 7 or Linux if they so choose.
    Jeff Kibuule
    • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

      @dagamer34
      Exactly my thoughts
      regsrini
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @regsrini

        Want to use xp, 7 or any other OS think again and you pirates out there are about to get a very nasty form of WGA
        Alan Smithie
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @regsrini : Microsoft never considers any other OS on the system. If you wanted to dual boot with previous versions of Windows you HAD to install windows first. The Windows install process was too stupid to be able to detect any previously installed and running OS on the system. The windows install destroyed the ability to run any other OS on the system until you re-installed the other system. Other OS's were clever enough to install themselves by considering other installed OS's and creating a proper dual boot structure.
        deaf_e_kate
    • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

      @dagamer34
      And you came with this percentage how?
      This is actually VISTA again. With VISTA MS attempted to lock out Linux. There was eventually a work around. Personally this made me ban MS products from home, even though I was thinking of an xbox for my son. He ended up with a Wii.
      kirovs
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @kirovs@... [i]This is actually VISTA again. With VISTA MS attempted to lock out Linux.[/i]

        You read this part right?

        [b]Secure boot is a UEFI protocol not a Windows 8 feature
        UEFI secure boot is part of Windows 8 secured boot architecture
        Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure[/b]

        [i]Personally this made me ban MS products from home, even though I was thinking of an Xbox for my son. He ended up with a Wii.[/i]

        So your blindness led your son to have to put up with a Wii? That's just wrong. At least get him a PS3 for Pete's sake.
        Badgered
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @Badgered@... <br>I am sorry I have not made this clearer to you.<br>It is the same as a behavior, not tech approach. VISTA tried to lock out Linux, this has the same purpose (at least to a large extent). And do not tell me MS does not control OEM's behavior through license policy.<br>As for PS3 vs Wii, I am sure we could argue all day. I have better things to do...
        kirovs
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @kirovs@... [i]VISTA tried to lock out Linux, [b]this has the same purpose[/b][/i]

        No. It doesn't. But I guess we'll have to agree to disagree.
        Badgered
      • Predates Vista

        @kirovs@...

        UEFi integration came out with Windows *XP* 64-bit.

        It's even technically available as a protocol for x86-32 processors (i.e. Windows XP 32-bit). Microsoft never implemented it because the *hardware vendors* weren't interested in it at the time.
        spdragoo
      • Lowering the cost of XP on low end machines required a work-around?

        @kirovs@...

        Are you serious? Was the work-around to make Linux more usable?
        Bruizer
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @kirovs@...

        So everytime Microsoft revises their bootloader, it's an attempt to lock out Linux? The people whose machines boot non-Windows OS don't care, for they write there own boot loaders to the disk. Only the people who try to dual-boot were the ones affected by the improvements to the Windows boot process. There were many welcome improvements in the boot manager for Windows that benefited a huge amount of people, and pissed off a handful of those trying to dual-boot.

        Occam's Razor: What's more likely, that Microsoft revised the boot loader to allow for improvements (in the face of EFI machines)? Or as an attempt to prevent the segment of users who want to have both a bootable Windows and another OS?
        ChuckOp65
      • Get the xbox and stop being dumb.

        @kirovs@...

        We have a Wii and a PS3 for various reasons and they're great for their own thing. That xbox and kinnect is awesome though and may well go in the extension.

        We probably only use them 1 night a week at most, but still looks worth buying jus for the fun factor. Go buy your son one and dont let him suffer for your pride.

        ps It's up to MS if they want to block out others, and for you to buy win8 or not. Will Linux dual boot with OSX or are you going to throw out your Apple products too? (I say dual boot as in plop the disks in and install... not something that might need custom boot loaders and a PHD in computing science, plus a spare week in your life)
        johnmckay
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @Badgered: Sony are worse.
        Natanael_L
      • Just as we ban all Linux and OS x products from our home

        @kirovs@...
        Linux as too insecure, OS X as too proprietary.

        And if your son is like most, he hates you for forcing a Wii on him when al his friends have the better XBox360.
        William Farrell
      • kirovs , Here's your problem - You give Linux too much credit

        @kirovs@...
        I really don't thnk the percentage of people dual booting Linux on a PC or tablet to be anywhere near something that MS would feel the need to lock it out from dual booting on a PC.

        You're giving Linux too much weight - what percentage do you think dual boot Windows/Linux?

        I would bet that more people dual boot Windows/OS X then they do Windows/Linux.
        William Farrell
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @kirovs@... "As for PS3 vs Wii, I am sure we could argue all day. I have better things to do...". This is usually stated by someone who CAN'T argue all day about a particular subject.

        Sorry, but this kind of cop out always bugs me.
        Hameiri
      • Yeah, you're a bad parent

        @kirovs@... Booo... boooo.. Wii is just aweful. I love my XBox, but if you must hate something because of the maker, go PS3. Or the closest thing to Linux is Android (tablet maybe?) or IPad?

        MS doesn't care about Linux on the desktop anymore, they care about Linux on mobile.
        A Gray
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @kirovs@... -> "With VISTA MS attempted to lock out Linux."

        Please provide details and verifiable reference to where you got those details. As far as I can tell, people are successfully dual booting with Linux and Post-XP Windows (Vista, Win7, Server 2008, etc.) so without references, your statement is FUD, pure and simple.
        PollyProteus
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @kirovs@...
        i believed UEFI is originally a brainchild of intel. it was conceived as replacement to the BIOS that is showing age. it has nothing to do with m$.
        kc63092
      • RE: Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

        @kirovs@..."OEMs can decide whether or not they want to allow customers to be able to turn it off and how they handle the signature process for supported operating system versions"

        Doesn't sound like they are controlling the OEM's to me. And I kinda bet this is more about security, and not about locking linux out.
        waterhzrd