Microsoft tries to block Linux off Windows 8 PCs
Summary: Microsoft may say that Linux isn't enemy number one anymore, but they sure still act like it is.
If this wasn't so sad, it would be funny. After Microsoft recently declared victory over Linux, it turns out that Microsoft appears is still trying to arrange it so that Linux won't even boot on the next generation of PCs that come with Windows 8. Yeah, Linux isn't on your enemy list anymore right Microsoft? Sure.
Matthew Garrett, a Red Hat engineer, gets the credit for spotting Microsoft's latest anti-Linux move. In a blog posting, Garrett explains that Windows 8 logo guidelines require that systems have Unified Extensible Firmware Interface (UEFI) secure boot enabled. This, in turn, would block Linux, or any other operating system, from booting on it.
There's nothing in UEFI that's wrong. Indeed there's a lot of good in UEFI. It's a 21st century replacement for your PC's basic input/output system (BIOS). Its job is to initialize your hardware and then hand over control over to the operating system.
Where the Microsoft sneak attack comes in, Garret writes, is with the UEFI secure boot protocol:
UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys. Another set of keys (Pkek) permits communication between an OS and the firmware. An OS with a Pkek matching that installed in the firmware may add additional keys to the whitelist. Alternatively, it may add keys to a blacklist. Binaries signed with a blacklisted key will not load.
There is no centralized signing authority for these UEFI keys. If a vendor key is installed on a machine, the only way to get code signed with that key is to get the vendor to perform the signing. A machine may have several keys installed, but if you are unable to get any of them to sign your binary then it won't be installable.
This impacts both software and hardware vendors. An OS vendor cannot boot their software on a system unless it's signed with a key that's included in the system firmware. A hardware vendor cannot run their hardware inside the EFI environment unless their drivers are signed with a key that's included in the system firmware. If you install a new graphics card that either has unsigned drivers, or drivers that are signed with a key that's not in your system firmware, you'll get no graphics support in the firmware.
Microsoft requires (PowerPoint Link) that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.
To sum up: "a system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux."
What does Microsoft have to say about the subject? ZDNet's own Mary Jo Foley asked them and they've got nothing to say about UEFI, Linux and Windows 8. That's reassuring.
Personally, I don't think it's going to happen. I think Microsoft is going to have its hands full getting hardware vendors to buy into Windows 8 in the first place nevermind trying to shove a signed UEFI secure boot protocol down their throats as well. The OEMs know darn well that while not that many companies will switch out Windows for Linux, a lot of them will switch out Windows 8 for Windows 7 or even XP. Will Dell, Lenovo, et. al. Really want to tick off their corporate customers by locking them into Windows 8? I don't think so.
In short, this is 2011, not 1998. Microsoft doesn't get to call the shots to the OEMs anymore. If the OEMs and customers want freedom of operating system choice on their hardware-and they will-Microsoft can't force Windows 8 on them.
Related Stories:
Will Windows 8 block users from dual-booting Linux? Microsoft won't say
The Linux desktop is dead. Long live the Linux desktop.
Linux snickers at Microsoft's victory declaration
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
I would wager this is oversight
MSFT is not playing foul here
The restrictions appear to be for Windows 8 logo ...
... PCs. If a user doesn't want the restrictions, he should not buy a Windows 8 logo PC. That is all. The measure is obviously for security, and OEMs appear to have the option to include signed Linux OSs with Windows 8 logo PCs.
The only way users are going to get secure Windows PCs, and great user experiences, are if things become buttoned down. There is no other way. So again, if users don't like the signed OS approach, do not buy a Windows 8 logo PC - instead buy a non-Windows logo PC.
RE: Microsoft tries to block Linux off Windows 8 PCs
THE SKY IS FALLING!!!
http://www.zdnet.com/blog/open-source/the-top-five-linux-desktop-vendors/9313
Maybe the desktop Linux vendors can look forward to some growth. And, maybe, their prices will drop a bit.
What's wrong with choice?
I don't understand the problem. If users have the option to buy Windows 8 logo, signed PCs, and also non-Windows 8 logo, unsigned PCs, what is the problem? MS will not be forcing OEMs to build only one type of PC. MS is merely providing a choice.
RE: Microsoft tries to block Linux off Windows 8 PCs
RE: Microsoft tries to block Linux off Windows 8 PCs
RE: Microsoft tries to block Linux off Windows 8 PCs
Linux is free to download and install. How can the price be lower?
RE: Microsoft tries to block Linux off Windows 8 PCs
Yes. Yes they will. No one who wants Windows is going to buy a non-certified machine, so the vendors are all going to be cooperating with Microsoft. You know that, I know that. Why are you pretending otherwise?
"instead buy a non-Windows logo PC. "
Yes... all 5 of them sold from some guy working out of his garage. No, sorry, that's not acceptable, anymore than 99% of PCs being sold locked into running Linux would be. What is WRONG with people today praising their choices being taken away from them? It's not up to an OS vendor to decide where you can buy software from, and it's not up to an OS vendor or a hardware vendor to decide what OSes you can run on your PC.
RE: Microsoft tries to block Linux off Windows 8 PCs
RE: Microsoft tries to block Linux off Windows 8 PCs
have you ever tried to buy a computer that is NOT ms or mac logo pc?? let me tell you it's not an easy task short of building one yourself
RE: Microsoft tries to block Linux off Windows 8 PCs
[i]if users have the option to buy Windows 8 logo, signed PCs, and also non-Windows 8 logo, unsigned PCs[/i]
This is speculation. It's less profitable to manufacture more types of devices than only a few. It's more likely that an OEM will certify it's whole line than a portion of it, simplifying the process. MS doesn't have to force them. Basic math will suggest it.
:)
Yeah it's not like theyve been investigated for market abuse in the past
RE: Microsoft tries to block Linux off Windows 8 PCs
In other words...
That's really the end result, now isn't it @Rndmacts?
Nice corporate spin post, btw... ;)
RE: Microsoft tries to block Linux off Windows 8 PCs
RE: Microsoft tries to block Linux off Windows 8 PCs
RE: Microsoft tries to block Linux off Windows 8 PCs
RE: Microsoft tries to block Linux off Windows 8 PCs
I thought Apple's market share has been growing 5 times faster than the rest of the market for years now. Sure, their usage share never seems to increase (on the desktop, OS X not IOS), but it's dead clear MS isn't a monopoly, and never was. Apple has always been a choice.