Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

Summary: It doesn't take much reading between the lines to see that Microsoft is going to try to keep Linux, older versions of Windows, and other operating systems off Windows 8 PCs.

SHARE:

Thanks to Mary Jo Foley, we now know that in the name of "security," Microsoft will be trying to use UEFI (Unified Extensible Firmware Interface) to block Linux, older versions of Windows, and other alternative operating systems from booting on Windows 8 PCs. Thanks Microsoft we appreciate it.

In a new Microsoft blog, Building Windows 8, by Steven Sinofsky, Microsoft's president of the Windows division, Linux isn't mentioned, and he tries to place the blame on the UEFI security protocol. Behind all his dodging, the facts are that Microsoft UEFI secure boot is requirement for Windows 8 certification and that, while "OEMs [original equipment manufacturers) are free to choose how to enable this support," they still have to have it. In turn, that will make it harder for OEMs to support alternative operating systems and, if the OEM does bow down to Microsoft's demands, it will make it almost impossible for end-users to run Linux, older versions of Windows, or other alternative operating systems on Windows 8 certified PCs.

In short, if Microsoft has its way, all Windows 8 PCs will be even more locked into their pre-installed operating systems than Macs are into Mac OS X. Indeed, a better comparison would be how phone companies lock you into their smartphone operating systems. Just like them the Windows 8 PC you buy in 2013 will be permanently locked into Windows 8. And, like smartphones, only expert firmware hackers will be able to switch out operating systems or even enable dual-booting operating systems.

This isn't the first time Microsoft has tried to lock out competitors from Windows PCs. In the early 2000s, Microsoft tried to combine Windows and the BIOS with a Digital Right Management (DRM) scheme called Next Generation Secure Computing Base (NGSCB), AKA Palladium. At the time, the point wasn't so much as to block operating systems as it was to build DRM into PCs so you couldn't play any music or video content unless you had a license for it. That effort failed.

That isn't stopping Microsoft from once more trying to stop you from using your computer the way you want to use it though.

Matthew Garrett, the Red Hat engineer who first spotted Microsoft's new sneak attack on alternative operating systems, has taken a new look at Microsoft's latest announcements and Garrett and Red Hat after "discussing the problem with other Linux vendors, hardware vendors and BIOS vendors [to make] sure that we understood the ramifications of the policy in order to avoid saying anything that wasn't backed up by facts. These are the facts:"

  • Windows 8 certification requires that hardware ship with UEFI secure boot enabled.
  • Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option.
  • Windows 8 certification does not require that the system ship with any keys other than Microsoft's.
  • A system that ships with UEFI secure boot enabled and only includes Microsoft's signing keys will only securely boot Microsoft operating systems.

Garrett explains that this is a problem "Because there's no central certification authority for UEFI signing keys. Microsoft can require that hardware vendors include their keys. Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's."

Indeed Microsoft still owns the desktop market. Macs still have less than 5% of the world desktop market according to Gartner and the Linux desktop has proven to be a non-starter, PC vendors will have little choice but to kowtow to Microsoft's Windows 8 demands.

"What does this mean for the end user?" continued Garrett. "Microsoft claims that the customer is in control of their PC. That's true, if by 'customer' they mean 'hardware manufacturer.' The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognize their hard drive in the firmware. The end user is no longer in control of their PC."

Garrett concluded, "So, the truth is that Microsoft's move removes control from the end user and places it in the hands of Microsoft and the hardware vendors. The truth is that it makes it more difficult to run anything other than Windows. The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft [is] misusing to gain tighter control over the market. And the truth is that Microsoft [hasn't] even attempted to argue otherwise."

Garrett is, understandably, most concerned about how this will effect desktop Linux. I wonder though if what Microsoft really wants is to avoid a repeat of the Vista fiasco by making sure OEMs and end-users can't go back to Windows 7 or XP. As Windows 7's slow adoption and Vista's flop has shown, users really haven't been that interested in moving off Windows XP. Since Windows 8's Metro interface adds an entirely new level of complications for both independent software vendors (ISV)s and end-users, I can see why Sinofsky would want to force Windows 8 down the throats of Windows users "for their own good."

So what does it all boil down to? As it stands now Microsoft is saying OEMs don't have to do it. They just have to do it if they want to sell PCs with Windows on them. Paging the anti-trust lawyers, I think Microsoft's latest attempt to abuse their PC monopoly power bears investigation. Welcome back Evil Empire, I knew you couldn't really be that far away.

Related Stories:

Microsoft: Don't blame us if Windows 8's secure boot requirement blocks Linux dual-boot

Microsoft tries to block Linux off Windows 8 PCs

Will Windows 8 block users from dual-booting Linux? Microsoft won't say

Yes, UEFI 'secure boot' could lock out Linux from Windows 8 PCs

Topics: Software, Hardware, Linux, Microsoft, Open Source, Operating Systems, Windows

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

135 comments
Log in or register to join the discussion
  • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

    I guess you missed the memo that said end users could disable secure boot.<br><br>Go read your colleague's articles before spouting FUD.
    Aerowind
    • It wasn't missed

      @Aerowind
      It was carefully ignored. Which is how you run a good old FUD article.
      If you pointed out the truth, people would laugh.
      mdemuth
    • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

      @Aerowind
      "I guess you missed the memo that said end users could disable secure boot."

      "could" does not mean "can."
      ac1234555
      • &quot;could&quot; does not mean &quot;can't&quot;

        @ac1234555
        It had to be said.
        toddybottom
      • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

        @ac1234555 disable, yes. Allow dual boot ... another question. So you can have Win8, or VM, or Linux ... but not all 3 able to boot on one machine.
        BrentRBrian
        • Why dual-boot, just use the built-in Win8 Hyper-V to run a Linux VM

          Intel based Windows 8 64-bit ships with Hyper-V so just build a Linux VM and run it as a guest of Windows 8. Also, you can bitlocker the drive and the Linux VM image will also be encrypted with no additional work. In fact, if you like, you can run a number of Linux, XP, BSD, etc VMs all at the same time. With Win8 Hyper-V the VMs will run at near metal speeds without the hassle of dealing with driver issues on your cool new, touch enabled laptop.
          BioDieselUser
          • How Microsoft stole Hyper-V from Linux

            Just the story repeating itself: Microsoft steals and claims its theirs.
            http://en.wikipedia.org/wiki/Hyper-V#Linux_support
            3r0s
    • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

      @Aerowind Do your own research. BIOS manufactures are ALLOWED to offer the ability to turn off secure boot, not required. Given most inexpensive implementation do the minimum required, that means as is there will probably be many machines without this capability. What is worse is even when it is possible to turn it off, it may not be easy to do so. According to another article one of the prototype BIOSES with this feature required literally opening the case and flipping a dip switch to disable secure boot.

      The next obvious step is for Windows to only boot when secure boot is enabled. At that point, for a dual boot system with a dip switch you would have to open your case and flip the switch each time you toggled your boot.
      docbillnet
      • That isn't Microsoft stopping them

        @docbillnet

        That's the OEM.
        Michael Alan Goff
        • Did you do any research before posting this?

          When M$ says that they will not issue their stupid annoying little stickers for Windows 8 Compatibility, Compliance, etc unless you include this specific 'BIOS Feature' how does that get translated to the OEM is making that choice?
          meaje
      • This will tie into Microsoft's secret OEM cartel NDA agreements.

        @docbillnet <br>The next obvious step for Microsoft of course would be to offer OEMs a discount on Windows for disallowing turning off of secure boot - hidden under a secret agreement protected by a non disclosure clause like all their other evil PC OEM cartel agreements. Voila - you exclude Linux "because OEMs are not selling it because customers don't want Linux". Of course customers don't get a choice.<br><br><br>Microsoft is evil, criminal, abusive, and always will be.
        Mah
      • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

        @docbillnet
        Marbux
      • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

        As a technologist and retired lawyer, I sincerely doubt that dual-booting is the threat Microsoft seeks to blunt with this "feature." That non-threat has existed for more than a decade.

        I think it far more likely that the primary perceived threat motivating this Microsoft move is USB 3.0 thumb drives that boot a a Linux desktop.

        With raw data throughput rates across the USB 3.0 fifth channel already near 4 G-bit/second and 5 G-bit performance approaching as hardware is refined, such drives are already cheap in 32-GB configuration and prices are dropping rapidly on 64-GB versions. Either are more than sufficient for a portable Linux desktop, particular when coupled with cloud storage of data through services such as Dropbox.

        With its business model and EULAs locked into one OS copy per *computer,* Windows installed to a thumb drive is a destination Windows can't strive for, whilst desktop Linux is well suited to the task.

        But Microsoft's implementation of UEFI would seem to neatly blunt that threat. This is definitely a competition killer.

        To those insisting that there is no antitrust issue here, I'll suggest that you do some research on relevant case law, particularly in the E.U. where such a complaint is most likely to be lodged. See e.g., paragraph 7 of Nederlandse Federatieve Vereniging voor de Groothandel op Elektrotechnisch Gebied and Technische Unie BV v Commission, (joined cases T-5/00 and T-6/00), Judgment of the Court of First Instance (First Chamber) (16 December 2003), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:62000A0005:EN:NOT
        Marbux
      • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

        @Mah

        Stopping dual-booting wouldn't do anything to their bottom-line. They still sell a license, even if you decide to use Windows less than your dual-boot Linux.

        So why would they do it?
        Michael Alan Goff
      • Michael Alan Goff

        Actually Microsoft is using the OEMs as proxies to block Linux. By adjusting the "License fee" up or down relative to the OEM's choice regarding blocking Linux. Microsoft is effectively blocking the OEM from installing it. Say Dell makes a $10 profit per machine, and by blocking everything but Window 8, Microsoft does not raise the license fee. Yet if Dell refuses to block all other OSs, the license fee goes up $15 per machine. That increase effectively would kill dell in a heartbeat, as Dell could not afford a $5 loss per machine.
        Jumpin Jack Flash
    • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

      @Aerowind But then the OS that came with the PC won't boot.
      anothercanuck
    • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

      @Aerowind
      It is widely believed - with good justification - that Microsoft and the hardware OEMs run a series of illegal anti-competitive cartels which are based on implementation of secret agreements signed between Microsoft and the OEMs protected from scruitiny by the damaged parties (competitors and the consumer) by non disclosure agreements. These are believed to use rebates on Windows, advertising rebates, patent extortion and racketeering, withholding or delaying certification or driver support etc. and price/specification fixing in order to induce or prevent OEMs from pre-installing or post-installing anything other than Windows on PCs. Microsoft's most recent successful use of these anti-competitive tactics is believed to be in the elimination of previously successful Linux netbooks from the market. Many believe this was achieved by a combination of advertising subsidies provided they did not sell Linux netbooks in retail stores to remove them from being displayed or advertised, by predatory price fixing of Windows netbooks at below cost (free can't compete with below cost) paid for by levies on other Windows PCs on which Microsoft has a monopoly, and an enforced low hardware specification applied to netbook hardware in order to qualify for the predatory pricing schemes in order to prevent the predatory pricing scheme resulting in cannibalisation of other Windows PCs.

      Microsoft's secret agreements with the OEMs absolutely need to be forced public by law in order to prevent Microsoft abusing them. If they are not, then Microsoft will definitely abuse them as they have without pause since they first abused competition laws with the pay per processor licensing of Windows more than 15 years ago.

      Allowing a convicted serial offender like Microsoft free reign to make secret OEM deals without the possibility of scrutiny in the past was like allowing a paedophile to roam free near children without supervision, but what we have now is like allowing a paedophile to take charge of a nursery and force all the staff to sign non disclosure agreements to prevent them from speaking out about abuses.

      Microsoft shouldn't have been allowed to apply NDA terms to its agreements with OEMs in areas where it holds a monopoly in the past, and as with other monopolies, the agreements should have been make public so that an ombudsman and organisations representing the public could have scrutinised what was going on. With this total lockout mechanism, things only get much worse from an anti-trust viewpoint.
      Mah
      • WOW!

        -- WOW How perfectly stated:

        Microsoft's secret agreements with the OEMs absolutely need to be forced public by law in order to prevent Microsoft abusing them. If they are not, then Microsoft will definitely abuse them as they have without pause since they first abused competition laws with the pay per processor licensing of Windows more than 15 years ago.

        Allowing a convicted serial offender like Microsoft free reign to make secret OEM deals without the possibility of scrutiny in the past was like allowing a paedophile to roam free near children without supervision, but what we have now is like allowing a paedophile to take charge of a nursery and force all the staff to sign non disclosure agreements to prevent them from speaking out about abuses
        meaje
  • RE: Microsoft to stop Linux, older Windows, from running on Windows 8 PCs

    The rest of the world seems quite happy knowing they don't have to worry about some rogue user installing linux. I want to thank Microsoft for making this move. Notice how its a Red Hat employee putting his nose into places it doesn't belong and making a bigger deal out of this than need be? Anyways, this won't affect too many people because not many people run linux to begin with.
    LoverockDavidson_-24231404894599612871915491754222
    • humorous.

      @LoverockDavidson_

      So, when mention of the hundreds of thousands of viruses for Windows is made, people aren't talking about rootkits, spyware, keyloggers, and phone home trojans... they're actually talking about some "rogue user installing linux" on their system?

      In the words of Johnny Carson: "I did not know that"

      And yes, it [i]would[/i] be an engineer from RH to point this out; the linux community is usually the only ones willing to point out, suggest checks and balances for, and offer substitution (and often times better) products for the iron-fisted controlled platforms of vendors such as MS and Apple.

      Also, as you pointed out, linux users are the only ones capable of running complex machines using o/s in a multi-boot fashion.
      UrNotPayingAttention