Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

Summary: Will Intel PCs be far behind? It turns out Microsoft will use UEFI to imprison Windows 8 device users to Windows 8.

SHARE:

Microsoft wants to imprison you in its forthcoming Windows 8 devices.

Microsoft wants to imprison you in its forthcoming Windows 8 devices.

Microsoft and its vendor friends said that there's no Windows 8 plot to lock other operating systems from Windows 8 devices, but now we know Microsoft was not telling the whole truth.

Journalist Glyn Moody dug around Microsoft's Windows Hardware Certification Requirements for Windows 8 client and server systems and found on page 116 that will Windows 8 Secure Boot can be disabled: on Intel systems, "Disabling Secure [Boot] must not be possible on ARM systems."

What does that mean? According to Aaron Williamson, a lawyer with the Software Freedom Law Center an organization that provides pro-bono legal services to developers of Free and open-source software, Microsoft has wasted no time in effectively banning most alternative operating systems on ARM-based devices that ship with Windows 8.

Microsoft will be doing this by using Unified Extensible Firmware Interface (UEFI), to block block all other operating systems from Windows 8 systems. UEFI is the 21st century's replacement to PC and other devices' BIOS. It's used to set up your computer and make it ready to boot.

Williamson explains, "The Certification Requirements define ... a 'custom' secure boot mode, in which a physically present user can add signatures for alternative operating systems to the system's signature database, allowing the system to boot those operating systems. But for ARM devices, Custom Mode is prohibited: 'On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable." [sic] Nor will users have the choice to simply disable secure boot, as they will on non-ARM systems: "Disabling Secure [Boot] MUST NOT be possible on ARM systems.' [sic] Between these two requirements, any ARM device that ships with Windows 8 will never run another operating system, unless it is signed with a preloaded key or a security exploit is found that enables users to circumvent secure boot."

In short, Microsoft insists that any Windows 8 ARM-powered device can not be rebooted or rooted with the user's choice of operating system. And you thought rooting some Android phones was troublesome!

Williamson went on to say that while "While UEFI secure boot is ostensibly about protecting user security, these non-standard restrictions have nothing to do with security. For non-ARM systems, Microsoft requires that Custom Mode be enabled-a perverse demand if Custom Mode is a security threat. But the ARM market is different for Microsoft in three important respects"

These are:

Microsoft's hardware partners are different for ARM. ARM is of interest to Microsoft primarily for one reason: all of the handsets running the Windows Phone operating system are ARM-based. By contrast, Intel rules the PC world. There, Microsoft's secure boot requirements-which allow users to add signatures in Custom Mode or disable secure boot entirely-track very closely to the recommendations of the UEFI Forum, of which Intel is a founding member.

Microsoft doesn't need to support legacy Windows versions on ARM. If Microsoft locked unsigned operating systems out of new PCs, it would risk angering its own customers who prefer Windows XP or Windows 7 (or, hypothetically, Vista). With no legacy versions to support on ARM, Microsoft is eager to lock users out.

Microsoft doesn't control sufficient market share on mobile devices to raise antitrust concerns. While Microsoft doesn't command quite the monopoly on PCs that it did in 1998, when it was prosecuted for antitrust violations, it still controls around 90% of the PC operating system market-enough to be concerned that banning non-Windows operating systems from Windows 8 PCs will bring regulators knocking. Its tiny stake in the mobile market may not be a business strategy, but for now it may provide a buffer for its anticompetitive behavior there.

It doesn't have to be this way. As Williamson points out UEFI's secure boot isn't meant to be used to block user's choice. In addition, the Linux Foundation has explained in detail how UEFI secure boot could be implemented by Microsoft so that freedom of choice would be preserved.

Microsoft isn't listening. The Linux Foundation made its proposal in October; Microsoft published its document in December. As Williamson said, "It is clear now that opportunism, not philosophy, is guiding Microsoft's secure boot policy."

Don't think this is about smartphones and thus, given Microsoft's tiny share of the smartphone market of no real importance. Williamson concluded, "Before this week, this policy might have concerned only Windows Phone customers. But just yesterday, Qualcomm announced plans to produce Windows 8 tablets and ultrabook-style laptops built around its ARM-based Snapdragon processors. Unless Microsoft changes its policy, these may be the first PCs ever produced that can never run anything but Windows, no matter how Qualcomm feels about limiting its customers' choices. SFLC predicted in our comments to the Copyright Office that misuse of UEFI secure boot would bring such restrictions, already common on smartphones, to PCs. Between Microsoft's new ARM secure boot policy and Qualcomm's announcement, this worst-case scenario is beginning to look inevitable."

That's the one point I disagree with Williamson on. This isn't the worse case. The worse case is that Microsoft decides, "What the heck" and introduces lock out style UEFI secure booting on Intel PCs. While flirting with fire from the anti-trust action, I wouldn't put it pass them.

Prison Cell image by Tim Pearce, Los Gatos, CC 2.0.

Related Stories:

Leading PC makers confirm: no Windows 8 plot to lock out Linux

Linux Foundation proposes to use UEFI to make PCs secure and free

Free Software Foundation urges OEMs to say no to mandatory Windows 8 UEFI cage

Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

Topics: Microsoft, Enterprise Software, Hardware, Operating Systems, Processors, Software, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

179 comments
Log in or register to join the discussion
  • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

    Dude... Give it up already. It's a new year and we all know you hate Microsoft but move on. I do not hear you complaining that Google locks out other OSes from Chromebooks or that other tablets and PDAs lock out or make it extremely difficult to change the OS. This whole "Are Intel PCs Next" crap is nothing more than your insecurity with yourself and complete and utter bullcrap.
    bobiroc
    • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

      @bobiroc This isn???t the worse case. The worse case is that Linux decides, ???What the heck???, lets go closed source and start charging.

      This isn???t the worse case. The worse case is that Apple decides, ???What the heck???, lets go open source and make everything free.

      Let the imaginations run wild !!! :)
      1773
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @1773 "The worse case is that Linux decides, What the heck, lets go closed source and start charging."

        I don't think that's even legal under the GPL.
        dsf3g
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @1773

        SJVN does not know the "case" he speculates based on his personal bias and hatred for Microsoft but praises companies he loves like Google for doing similar things or conveniently neglects to report on that stuff. If the maker of the tablet (which won't be Microsoft) disables the functionality to disable secureboot then that is the Maker of the Tablet or computer and not Microsoft. If the ARM processor has an incompatibility with disabling Secure Boot like he mentions in the first paragraph then that is a limitation of the ARM processor also not made by Microsoft.

        Also he neglects to mention that at least 90% of the people of this world do not ever change the OS that comes with their devices. People buy it for the features it comes with and use it at that. There are plenty of Tablet choices and if they do not want a Windows based one then they look at one of the many other offerings. This is the same crap that Linux fanboys say about PCs. People buy a computer for what it comes with and if they do not want a Windows based computer then there are many other choices like to assemble their own or support a local geek or PC shop and have one put together with our without an OS of their choice.
        bobiroc
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @1773

        Umm.. Yeah key word there is imagination
        MLHACK
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @1773 <br>0000
        vivianvein
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        Let's go through some nonsense here...

        [i]SJVN does not know the "case" he speculates based on his personal bias and hatred for Microsoft but praises companies he loves like Google for doing similar things or conveniently neglects to report on that stuff.[/i]

        And yet you still read it. Why don't you give up the myth that everybody's supposed to be "unbiased". That's a ridiculous pipe dream.

        [i]If the maker of the tablet (which won't be Microsoft) disables the functionality to disable secureboot then that is the Maker of the Tablet or computer and not Microsoft. If the ARM processor has an incompatibility with disabling Secure Boot like he mentions in the first paragraph then that is a limitation of the ARM processor also not made by Microsoft.[/i]

        Did you bother to read the article, bobiroc?

        It SAYS:

        "Journalist Glyn Moody dug around Microsoft???s Windows Hardware Certification Requirements for Windows 8 client and server systems and found on page 116 that will Windows 8 Secure Boot can be disabled: on Intel systems, [b]"Disabling Secure [Boot] must not be possible on ARM systems."[/b]

        Do you not understand English? Did you miss that part? This is right out of Microsoft's own certification requirements!

        Good grief man, is denial one of your strong suits? Get a grip.

        [i]There are plenty of Tablet choices and if they do not want a Windows based one then they look at one of the many other offerings.[/i]

        Well there really isn't much in the line of ARM-based Windows tablet out there yet. And no, the Slate failure doesn't count.

        [i]This is the same crap that Linux fanboys say about PCs. People buy a computer for what it comes with and if they do not want a Windows based computer then there are many other choices like to assemble their own or support a local geek or PC shop and have one put together with our without an OS of their choice.[/i]

        And you've been told repeatedly that not everyone can afford custom-made PCs just so they can get around Microsoft's monopoly. That is a small fraction of the PC market. A better solution would be to have blank HDs at the time of ordering and let the customer choose what they want. If it's overwhelmingly Windows then so be it.

        You've been told this before, bobiroc. Many times. Many many times.
        ScorpioBlue
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @ScorpioBlue

        And why would you ever need a custom-made PC? Most Linux install discs are easy to set up and allow you to wipe the existing hard drive clean.

        And, no, the HP Slate doesn't count. It's an x86-based tablet. Aimed at business users.

        Also, this entire article isn't news. Basically: "All Windows 8 ARM tablets will have locked bootloaders." (or at least its functional equivalent). So? iPads/iPhones have locked bootloaders. Motorola phones have locked bootloaders. It hasn't stopped people from buying them yet.
        spacespeed
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        [i]And why would you ever need a custom-made PC?[/i]<br><br>That's right. Why would I? And?<br><br>[i]Most Linux install discs are easy to set up and allow you to wipe the existing hard drive clean.[/i]<br><br>That's right. And?<br><br>[i]And, no, the HP Slate doesn't count. It's an x86-based tablet. Aimed at business users.[/i]<br><br>That's right, it doesn't count. And?<br><br>[i]Also, this entire article isn't news. Basically: "All Windows 8 ARM tablets will have locked bootloaders." (or at least its functional equivalent). So? iPads/iPhones have locked bootloaders. Motorola phones have locked bootloaders. It hasn't stopped people from buying them yet.[/i]<br><br>And what's your point? Just about everything you've said I agree with. I think you missed the boat on this.
        ScorpioBlue
    • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

      @bobiroc

      +1 It seems that the bloggers here have become very tech vendor biased to where it is becoming the National Enquirer of tech sites. So sad to see this i have been a daily zdnet site visitor for years. It would be nice to see factuals on there articles instead of complete opinions or interpretations.
      MLHACK
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @MLHACK Blah blah blah... everyone who disagrees is part of a paid conspiracy... blah blah blah... please address the actual subject of the article. There's no "bias" here anyway... it's fact from Microsoft's own policy. You're probably also one of the people who argued vociferously with me that a lock-out was never going to happen. Well, it's happening. Time to apologize to me, Adrian Kingsley-Hughes, SJVN and several others who called this.
        jgm2
      • He gave you the facts...

        @MLHACK

        If you would take the time to actually read the article and look up the references, you would find them to be completely factual. If you want to ignore the facts for your biased opinion, then then is your option. You continue to spin in your fantasy world hoping that it becomes the real one, we the rest of us will deal with the real facts.
        linux for me
    • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

      @bobiroc
      +100000
      vivianvein
    • Agreed. When the truth doesn't support a person's hatred

      @bobiroc
      then they just bend the truth to make it work in their favor.

      Chromebook is different, he says - they make it so you can't install another OS so as to make it "more secure", in a sense, "looking out for our well being".

      But then ZDNet doesn't pay the bloggers on accuracy, they pay on replys
      William Farrel
      • They pay by page views

        @William Farrel If we stop reading his crap he wouldn't get paid.
        oraman
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @William Farrel You said this wasn't going to happen in the early debates on this. Now it has, and instead of apologizing, you criticize SVJN for telling the truth. By the way, Chromebooks aren't even general-pupose laptops... they're locked-down dumb terminals with jeos (just enough os) to run a web browser. They're intended for businesses and schools with IT departments that need to manage device deployment. It's got nothing to do with "looking out for our well being" - they don't even have the storage space to adequately run another OS; I believe they have 20GB SSDs, which is useless for anything other than the cloud computing ChromeOS.

        Please stop talking about the Chromebook and address the fact that Microsoft is requiring ARM devices to be locked down, something you suggested wouldn't happen.
        jgm2
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        [i]Please stop talking about the Chromebook and address the fact that Microsoft is requiring ARM devices to be locked down, something you suggested wouldn't happen.[/i]

        And Microsoft is initiating that, something that they're in deep denial about.
        ScorpioBlue
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        @William Farrel - When Microsoft gets into the hardware business and starts selling MS branded PC's and tablets then they can force which OS is on that hardware. Otherwise the consumer needs to have the choice. Typical monopolistic crap from the unethical, lying, cheating, thieving Microsoft.
        The Danger is Microsoft
      • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

        The problem is, aren't most ARM devices locked down anyways? Try installing a different OS on your iPad. Doesn't work, does it, now?

        Most people don't care about locked bootloaders on ARM devices. They're used for tablets, phones, embedded systems, in which this doesn't matter quite as much.
        spacespeed
    • RE: Microsoft to lock out other operating systems from Windows 8 ARM PCs & devices

      @bobiroc I'm with you. These morons are trying to make this an issue when it clearly isn't for 99.9% of users out there, particularly on tablets. If it was really an issue, the iPad wouldn't be the only tablet selling right now. Only a microscopic fraction of the world cares if their tablet can run other operating systems. For the vast majority, a tablet is like a phone. You just use it to get stuff done. It's a personal information appliance. Nobody cares if their blender can run a different OS...

      It also doesn't really matter for desktops. For those of us who actually DO try other operating systems on desktops, we all know a dozen ways to get around this issue, including VMWare or Hyper-V. In fact, most of that 0.1% who test other operating systems have an old PC sitting around to try things on in a worst case scenario.
      BillDem