Windows 8 Secure Boot: Designed to Lock Out Linux?

[[H]@RD5TUFF]

Because it is, there is nothing illegal about it. It's included in the UEFI 2.3.1 specification.

I sure do hope there will be a workaround, I enjoy running linux, it's more stable more responsive and aside from not being able to run a few of my games, does everything I need it to.

 

[TRWOV]

It's akin to joining a club. If you want to enter the "Designed for Windows 8" logo club you have to use UEFI 2.3.1 which provides the secure boot feature.



To recap:
- The UEFI 2.3.1 specification includes the secure boot option
- Microsoft mandates that OEMs whom want to enter the "Designed for Windows 8" logo program have to use UEFI 2.3.1 on their boards
- It's up to the OEM if the disable feature is included
- If the option to disable the secure boot isn't present you can still install linux but it would have to be signed.

 

[digibucc]

It's akin to joining a club. If you want to enter the "Designed for Windows 8" logo club you have to use UEFI 2.3.1 which provides the secure boot feature.



To recap:
- The UEFI 2.3.1 specification includes the secure boot option
- Microsoft mandates that OEMs whom want to enter the "Designed for Windows 8" logo program have to use UEFI 2.3.1 on their boards
- It's up to the OEM if the disable feature is included
- If the option to disable the secure boot isn't present you can still install linux but it would have to be signed.

perfectly explained!

 

[The Jedi]

For one, with whitelisting and blacklisting of keys can be an anti-piracy measure. I believe in buying Windows, so have no problem with that, and most people would just get Windows with their new pre-built computer.

Also, with Windows 8 being able to boot to a virtualized OS, or like a .VHD virtual hard drive file like Windows 7 Ultimate/Enterprise, MS may want extra protection for security purposes for a corporate PC.

The "Windows 8 Certified" is only for a mass produced computer with the Designed for Windows 8 logo, and DIY'ers need not concern themselves that their PC is not certified. It's a formality in some respects. A PC can be built with Windows 8 Logo'ed components and use official release WHQL drivers and be the same as certified. A Certified PC however means that I can't ship you a PC with beta drivers, so there is some intent to ensure the quality in a PC that gets Microsoft's logo sticker.

I doubt any company will ship a PC with an EFI BIOS that doesn't allow the secure boot to be disabled. I would imagine there would be options like Secure Boot: On/Off/Off for Next Boot

Then an IT department can just set a BIOS password for security, and no big deal. The actual PC designers surely have the sense that alternate OSes should be able to be installed like Knoppix or booting to anti-virus scanners and such. Also with a company like Dell, they sell PC's with Linux to certain customers, so often I think it'd be inappropriate to built in limitations into the PC. But HP for example locks their BIOSes on Pavilions so it will only work with the CPU model that it ships with - so you not only can't overclock, you can't upgrade your CPU, you'd need to buy a new PC for more CPU power. At least this was my experience several years ago. So sometimes depending on the company they have different model lines and different support agendas. I notice that with BIOS activation of Windows, Dell will ship a Linux PC with a different BIOS than the same model with Windows. And if you're an enthusiast who's buying pre-built and certain stuff matters to you, either do a little research before you buy or return it within 30 days and go with a better company.

I don't see this as a credible threat to Linux or DIY'ers, it's just more modernizing with the move to UEFI and the new things they can do now. If it were real Microsoft anti-competitiveness I think it'd surely get shot down one way or the other. As stated above, surely MS would want to avoid another confrontation with the governmental regulators.

 

[[H]@RD5TUFF]

I don't see this as a credible threat to Linux or DIY'ers, it's just more modernizing with the move to UEFI and the new things they can do now. If it were real Microsoft anti-competitiveness I think it'd surely get shot down one way or the other. As stated above, surely MS would want to avoid another confrontation with the governmental regulators.

I currently use WUBI to boot Ubuntu, if I can't do so I have serious issue with that!

 

[Drone]

I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen

 

[Shihab]

I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen

http://www.maximumpc.com/files/u138055/secure_boot.jpg

Thank you !

Now we just have to hope that OEMs won't disable this option in their products. But if you ask me, I think some -of not most- laptops will come without this option. At least it won't be MS's fault. Unless someone digs out a document showing MS paying OEMs to remove this "off button" from their products.

 

[Drone]

^ yes, anything is possible

 

[Solaris17]

/angry face.

 

[[H]@RD5TUFF]

I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen

http://www.maximumpc.com/files/u138055/secure_boot.jpg

Oh thank jebus, I was legitimately worried for a little bit.