Wednesday, September 21st 2011

Windows 8 Secure Boot: Designed to Lock Out Linux?

Proposed changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications would mean PCs would only boot from a digitally signed image derived from a keychain rooted in keys built into the PC. Microsoft is pushing hard to make this mandatory, so that users cannot override it. This feature would have the handy benefit of excluding alternative operating systems such as Linux and FreeBSD. This is according to Professor Ross Anderson of Cambridge University and other industry insiders. Also, it's not at all clear that it actually secures against viruses and other malware and appears to be solely designed to appease corporate self interests for unbreakable Digital Restrictions Management (DRM).

UEFI supercedes the 30 year old veteran BIOS found in most PCs today, which is very inefficient and slow for modern PCs, carrying a lot of old, legacy compatibility baggage that's just not needed in today's PC. UEFI, a key component of Windows 8, is designed to work on several CPU architectures, such as ARM and is streamlined and efficient. It also includes a much improved graphical interface that replaces the keyboard-driven menu system of the BIOS.

If the changes are adopted, then any system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux. Tech blogger Matthew Garrett explains that while a signed version of Linux would work, this poses problems:
Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith.

Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM.

There's no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code. However, experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market.
However, there's no need to panic just yet, concluded Garrett.

The effect of all these changes is to return to the dark days of 2003, when the Trusted Computing platform was being pushed as a way to completely DRM your entire PC to satisfy the content industries. However, this version will be far worse:
These issues last arose in 2003, when we fought back with the Trusted Computing FAQ and economic analysis. That initiative petered out after widespread opposition. This time round the effects could be even worse, as 'unauthorised' operating systems like Linux and FreeBSD just won't run at all. On an old-fashioned Trusted Computing platform you could at least run Linux - it just couldn't get at the keys for Windows Media Player.

The extension of Microsoft's OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate.
Anderson concludes that this restrictive technology might violate EU competition law, on Cambridge University's Light Blue Touchpaper blog.
Source: The Register
Add your own comment

84 Comments on Windows 8 Secure Boot: Designed to Lock Out Linux?

#1
Sean8
Doesn't mac osx have this? and you can dual boot it.
Posted on Reply
#2
qubit
Overclocked quantum bit
No, it has UEFI, but not this digital signing. This is something new - well, resurrected. :rolleyes:
Posted on Reply
#3
v12dock
Block Caption of Rainey Street
It would be cracked before launch anyways
Posted on Reply
#4
qubit
Overclocked quantum bit
v12dockIt would be cracked before launch anyways
Nah, don't be silly - just look at all the other secure and successful DRM solutions out there. :laugh:
Posted on Reply
#6
OneMoar
There is Always Moar
Way to add some sensationalism there qubit
a sniplet from > arstechnica.com/business/news/2011/09/windows-8-secure-boot-will-complicate-linux-installs.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+Featured+Content%29&utm_content=Google+Feedfetcher <
Disabling secure boot

“Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled,” Red Hat developer Matthew Garrett writes on his blog in reference to a recent presentation by Microsoft program manager Arie van der Hoeven. The Microsoft exec notes that UEFI and secure boot are “required for Windows 8 client” with the result that “all firmware and software in the boot process must be signed by a trusted Certificate Authority.”

Microsoft has a good reason for this. A “growing class of malware targets the boot path [and] often the only fix is to reinstall the operating system,” van der Hoeven said. “UEFI and secure boot harden the boot process [and] reduce the likelihood of bootkits, rootkits and ransomware.”

Importantly, though, Garrett writes that “there’s no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code.”

For many (and hopefully most) Windows 8 machines, this means that users have a good chance of successfully entering the UEFI settings interface to turn off secure boot. But this will depend on the hardware vendor.

“Experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market,” Garrett writes. “It's almost certainly the case that some systems will ship with the option of disabling this. Equally, it's almost certainly the case that some systems won't. It's probably not worth panicking yet. But it is worth being concerned.”

Technically, vendors can ship Windows 8 PCs without meeting Microsoft's "designed for Windows 8" logo requirements, but major OEMs typically would not do that.

The Windows 8 developer tablet Microsoft handed out at this month’s recent BUILD conference did include the ability to turn off the secure boot process. This is reminiscent of Google’s Cr-48 Chromebook, which allowed users to turn off the Verified Boot process and install another operating system, though this involved flipping a physical switch instead of changing a software setting.
Posted on Reply
#7
btarunr
Editor & Senior Moderator
The only "DRM" that ever actually worked is Casino security.
Posted on Reply
#8
OneMoar
There is Always Moar
its not really DRM its no different the driver signature enforcement its there to keep bad people from doing bad things and it has a "off switch"
Posted on Reply
#9
qubit
Overclocked quantum bit
OneMoarWay to add some sensationalism there qubit
Thanks, I'll take that as a complement. ;) My writing style is a combination of irreverent, humourous and at times cynical and sarcastic. I particularly liked my headline "Customer Agony over Netflix's Price Rises & New Split Personality". I loved the "Customer agony" bit. :D
OneMoara sniplet from > arstechnica.com/business/news/2011/09/windows-8-secure-boot-will-complicate-linux-installs.ars?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+Featured+Content%29&utm_content=Google+Feedfetcher <
Disabling secure boot

“Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled,” Red Hat developer Matthew Garrett writes on his blog in reference to a recent presentation by Microsoft program manager Arie van der Hoeven. The Microsoft exec notes that UEFI and secure boot are “required for Windows 8 client” with the result that “all firmware and software in the boot process must be signed by a trusted Certificate Authority.”

Microsoft has a good reason for this. A “growing class of malware targets the boot path [and] often the only fix is to reinstall the operating system,” van der Hoeven said. “UEFI and secure boot harden the boot process [and] reduce the likelihood of bootkits, rootkits and ransomware.”

Importantly, though, Garrett writes that “there’s no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code.”

For many (and hopefully most) Windows 8 machines, this means that users have a good chance of successfully entering the UEFI settings interface to turn off secure boot. But this will depend on the hardware vendor.

“Experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market,” Garrett writes. “It's almost certainly the case that some systems will ship with the option of disabling this. Equally, it's almost certainly the case that some systems won't. It's probably not worth panicking yet. But it is worth being concerned.”

Technically, vendors can ship Windows 8 PCs without meeting Microsoft's "designed for Windows 8" logo requirements, but major OEMs typically would not do that.

The Windows 8 developer tablet Microsoft handed out at this month’s recent BUILD conference did include the ability to turn off the secure boot process. This is reminiscent of Google’s Cr-48 Chromebook, which allowed users to turn off the Verified Boot process and install another operating system, though this involved flipping a physical switch instead of changing a software setting.
Of course Microsoft are gonna dress it up as something positive and benign, they're trying to get it established! People like the prof and the blogger however, can see right through it. As you see in the article, it was only widespread opposition eight years ago that stopped this restrictive practice from becoming standard. This stuff is like Apple lock-ins on steroids; you ain't seen nothin' yet, baby!

Personally, I think once more it will fail, because it's too blatant an attempt at shutting out the competition, but society must remain eternally vigilant against such abuses.
Posted on Reply
#10
OneMoar
There is Always Moar
qubitThanks, I'll take that as a complement. ;) My writing style is a combination of irreverent, humourous and at times cynical and sarcastic. I particularly liked my headline "Customer Agony over Netflix's Price Rises & New Split Personality". I loved the "Customer agony" bit. :D


Of course Microsoft are gonna dress it up as something positive and benign, they're trying to get it established! People like the prof and the blogger however, can see right through it. As you see in the article, it was only widespread opposition eight years ago that stopped this restrictive practice from becoming standard. This stuff is like Apple lock-ins on steroids; you ain't seen nothin' yet, baby!

Personally, I think once more it will fail, because it's too blatant an attempt at shutting out the competition, but society must remain eternally vigilant against such abuses.
typical foss user ranting lulz :banghead: people like you are why linux has less then a 5% share of the desktop market
Posted on Reply
#11
Katanai
This article: Designed to start a flamewar?
Posted on Reply
#12
EastCoasthandle
I have to wonder if this would have any effect on 3rd party software that is not driver signed?
And would we need to update our bios if we want win8?
Posted on Reply
#13
qubit
Overclocked quantum bit
OneMoartypical foss user ranting lulz :banghead: people like you are why linux has less then a 5% share of the desktop market
Thanks for the personal attack. :rolleyes: I would have appreciated an intelligent response to my intelligent (and pleasant) response.
Posted on Reply
#14
OneMoar
There is Always Moar
KatanaiThis article: Designed to start a flamewar?
pretty much its your typical twist the facts and bend words to make it looks like the big evil corporation has it out for them
not what I like to see on tpu :(
Posted on Reply
#15
OneMoar
There is Always Moar
qubitThanks for the personal attack. :rolleyes: I would have appreciated an intelligent response to my intelligent (and pleasant) response.
there was nothing intelligent or pleasant about your post its badly edited and copypasta and its apparently made to look like OMG Microsoft is evil and disregards both the fact that A: if Microsoft wanted to _block linux_ they could have done so years ago b: thats not what this is intended for
Posted on Reply
#16
qubit
Overclocked quantum bit
OneMoarthere was nothing intelligent or pleasant about your post its badly edited and copypasta and its apparently made to look like OMG Microsoft is evil and disregards both the fact that A: if Microsoft wanted to _block linux_ they could have done so years ago b: thats not what this is intended for
You are really becoming blatantly insulting now. And you really need to stop. How about you just unsub from this thread and stop crapping in it?
Posted on Reply
#17
FordGT90Concept
"I go fast!1!11!1!"
qubitAlso, it's not at all clear that it actually secures against viruses and other malware and appears to be solely designed to appease corporate self interests for unbreakable Digital Restrictions Management (DRM).
On the surface, I reach the same conclusion. This is bad joo joo.
Posted on Reply
#18
OneMoar
There is Always Moar
OneMoarthere was nothing intelligent or pleasant about your post its badly edited and copypasta and its apparently made to look like OMG Microsoft is evil and disregards both the fact that A: if Microsoft wanted to _block linux_ they could have done so years ago b: thats not what this is intended for
and no I was making a generalization not a _personal attack_
THIS is a personal attack
[example] qubit is the stereotypical FOSS zelot that doesn't know his carriage returns from his brackets and should go burn in the fiery pits of mordor [example/]
Posted on Reply
#19
Fx
I didnt see this coming but it doesnt surprise me either

smh
Posted on Reply
#20
bear jesus
This sounds like it may suck for pre built computers, i know it does not seam like much of an issue for most of us but that would include laptops, netbooks and other things that people like us would buy pre built.

Oh and qubit i must say i have been enjoying your news posts, one of the reasons is the late night posing, well late night for users like me in britland. :toast:
Posted on Reply
#21
micropage7
so
because this the user of cracked windows will rise high than before?
i guess this is interesting
Posted on Reply
#22
Fx
bear jesusOh and qubit i must say i have been enjoying your news posts, one of the reasons is the late night posing, well late night for users like me in britland. :toast:
aye, +1 for qubit
Posted on Reply
#23
OneMoar
There is Always Moar
the lot of you keep overlooking the point that it HAS a off button AND its A uEFI foundation spec NOT a Microsoft one its not any different the SLIC embedded in most oem bios's
mjg59.dreamwidth.org/5552.html
Posted on Reply
#24
DrPepper
The Doctor is in the house
OneMoartypical foss user ranting lulz :banghead: people like you are why linux has less then a 5% share of the desktop market
Actually it's more to do with the fact Linux is a niche OS that is only used by professionals and techies since the average user doesn't want to go through all the hoops to get what they want out of software.
Posted on Reply
#25
RoutedScripter
Microsoft trying to turn PC into iMac, if so ... over my dead body.

Microsoft has no authority to do that for the whole industry, if so it could shape out to be a conspiracy, imo
Posted on Reply
Add your own comment
Nov 22nd, 2024 17:34 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts