• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Windows 8 Secure Boot: Designed to Lock Out Linux?

Joined
Nov 13, 2009
Messages
5,614 (1.02/day)
Location
San Diego, CA
System Name White Boy
Processor Core i7 3770k @4.6 Ghz
Motherboard ASUS P8Z77-I Deluxe
Cooling CORSAIR H100
Memory CORSAIR Vengeance 16GB @ 2177
Video Card(s) EVGA GTX 680 CLASSIEFIED @ 1250 Core
Storage 2 Samsung 830 256 GB (Raid 0) 1 Hitachi 4 TB
Display(s) 1 Dell 30U11 30"
Case BIT FENIX Prodigy
Audio Device(s) none
Power Supply SeaSonic X750 Gold 750W Modular
Software Windows Pro 7 64 bit || Ubuntu 64 Bit
Benchmark Scores 2017 Unigine Heaven :: P37239 3D Mark Vantage
Because it is, there is nothing illegal about it. It's included in the UEFI 2.3.1 specification.

I sure do hope there will be a workaround, I enjoy running linux, it's more stable more responsive and aside from not being able to run a few of my games, does everything I need it to.
 
Joined
Aug 11, 2011
Messages
4,357 (0.89/day)
Location
Mexico
System Name Dell-y Driver
Processor Core i5-10400
Motherboard Asrock H410M-HVS
Cooling Intel 95w stock cooler
Memory 2x8 A-DATA 2999Mhz DDR4
Video Card(s) UHD 630
Storage 1TB WD Green M.2 - 4TB Seagate Barracuda
Display(s) Asus PA248 1920x1200 IPS
Case Dell Vostro 270S case
Audio Device(s) Onboard
Power Supply Dell 220w
Software Windows 10 64bit
It's akin to joining a club. If you want to enter the "Designed for Windows 8" logo club you have to use UEFI 2.3.1 which provides the secure boot feature.



To recap:
- The UEFI 2.3.1 specification includes the secure boot option
- Microsoft mandates that OEMs whom want to enter the "Designed for Windows 8" logo program have to use UEFI 2.3.1 on their boards
- It's up to the OEM if the disable feature is included
- If the option to disable the secure boot isn't present you can still install linux but it would have to be signed.
 
Last edited:
Joined
May 21, 2009
Messages
4,966 (0.87/day)
System Name i7-PC / HTPC / iMac
Processor i7 3820 / Phenom II 940
Motherboard GIGABYTE G1.ASSASSIN2 / M3A79-T Deluxe
Cooling Corsair Hydro H100i / Scythe II (HS only)
Memory G.SKILL Trident X Series 8GB (2 x 4GB) DDR3 1600mhz / 4GB DDR2 1066 (@800) Corsair Dominator
Video Card(s) GB Radeon HD 7950s 3GB / GB Radeon HD 7950s 3GB
Storage 2x 80GB Intel X-25, 2x600gb SATA, 1x1tb 5400RPM storage /1x600GB, 3x500GB,1x160,1x120 SATA
Display(s) 1x 27" Yamakasi / Vizio 42" HDTV
Case Lian Li Lancool PC-K58 / Antec 900
Audio Device(s) HT Omega Striker 7.1 / Onboard and HDMI from ATi Card
Power Supply PC Power & Cooling 750W / 610W
Software Ubuntu / Windows 8.1 Pro / OS X / PHPStorm / Gaming
It's akin to joining a club. If you want to enter the "Designed for Windows 8" logo club you have to use UEFI 2.3.1 which provides the secure boot feature.



To recap:
- The UEFI 2.3.1 specification includes the secure boot option
- Microsoft mandates that OEMs whom want to enter the "Designed for Windows 8" logo program have to use UEFI 2.3.1 on their boards
- It's up to the OEM if the disable feature is included
- If the option to disable the secure boot isn't present you can still install linux but it would have to be signed.

perfectly explained!
 
Joined
Nov 11, 2010
Messages
27 (0.01/day)
Location
Saint Louis, Missouri USA
For one, with whitelisting and blacklisting of keys can be an anti-piracy measure. I believe in buying Windows, so have no problem with that, and most people would just get Windows with their new pre-built computer.

Also, with Windows 8 being able to boot to a virtualized OS, or like a .VHD virtual hard drive file like Windows 7 Ultimate/Enterprise, MS may want extra protection for security purposes for a corporate PC.

The "Windows 8 Certified" is only for a mass produced computer with the Designed for Windows 8 logo, and DIY'ers need not concern themselves that their PC is not certified. It's a formality in some respects. A PC can be built with Windows 8 Logo'ed components and use official release WHQL drivers and be the same as certified. A Certified PC however means that I can't ship you a PC with beta drivers, so there is some intent to ensure the quality in a PC that gets Microsoft's logo sticker.

I doubt any company will ship a PC with an EFI BIOS that doesn't allow the secure boot to be disabled. I would imagine there would be options like Secure Boot: On/Off/Off for Next Boot

Then an IT department can just set a BIOS password for security, and no big deal. The actual PC designers surely have the sense that alternate OSes should be able to be installed like Knoppix or booting to anti-virus scanners and such. Also with a company like Dell, they sell PC's with Linux to certain customers, so often I think it'd be inappropriate to built in limitations into the PC. But HP for example locks their BIOSes on Pavilions so it will only work with the CPU model that it ships with - so you not only can't overclock, you can't upgrade your CPU, you'd need to buy a new PC for more CPU power. At least this was my experience several years ago. So sometimes depending on the company they have different model lines and different support agendas. I notice that with BIOS activation of Windows, Dell will ship a Linux PC with a different BIOS than the same model with Windows. And if you're an enthusiast who's buying pre-built and certain stuff matters to you, either do a little research before you buy or return it within 30 days and go with a better company.

I don't see this as a credible threat to Linux or DIY'ers, it's just more modernizing with the move to UEFI and the new things they can do now. If it were real Microsoft anti-competitiveness I think it'd surely get shot down one way or the other. As stated above, surely MS would want to avoid another confrontation with the governmental regulators.
 
Joined
Nov 13, 2009
Messages
5,614 (1.02/day)
Location
San Diego, CA
System Name White Boy
Processor Core i7 3770k @4.6 Ghz
Motherboard ASUS P8Z77-I Deluxe
Cooling CORSAIR H100
Memory CORSAIR Vengeance 16GB @ 2177
Video Card(s) EVGA GTX 680 CLASSIEFIED @ 1250 Core
Storage 2 Samsung 830 256 GB (Raid 0) 1 Hitachi 4 TB
Display(s) 1 Dell 30U11 30"
Case BIT FENIX Prodigy
Audio Device(s) none
Power Supply SeaSonic X750 Gold 750W Modular
Software Windows Pro 7 64 bit || Ubuntu 64 Bit
Benchmark Scores 2017 Unigine Heaven :: P37239 3D Mark Vantage
I don't see this as a credible threat to Linux or DIY'ers, it's just more modernizing with the move to UEFI and the new things they can do now. If it were real Microsoft anti-competitiveness I think it'd surely get shot down one way or the other. As stated above, surely MS would want to avoid another confrontation with the governmental regulators.

I currently use WUBI to boot Ubuntu, if I can't do so I have serious issue with that!
 
Joined
Sep 1, 2010
Messages
7,023 (1.34/day)
I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen

 
Joined
Jan 10, 2011
Messages
1,451 (0.28/day)
Location
[Formerly] Khartoum, Sudan.
System Name 192.168.1.1~192.168.1.100
Processor AMD Ryzen5 5600G.
Motherboard Gigabyte B550m DS3H.
Cooling AMD Wraith Stealth.
Memory 16GB Crucial DDR4.
Video Card(s) Gigabyte GTX 1080 OC (Underclocked, underpowered).
Storage Samsung 980 NVME 500GB && Assortment of SSDs.
Display(s) ViewSonic VA2406-MH 75Hz
Case Bitfenix Nova Midi
Audio Device(s) On-Board.
Power Supply SeaSonic CORE GM-650.
Mouse Logitech G300s
Keyboard Kingston HyperX Alloy FPS.
VR HMD A pair of OP spectacles.
Software Ubuntu 24.04 LTS.
Benchmark Scores Me no know English. What bench mean? Bench like one sit on?
I've read that MS replied to this and said that secure boot can be opt in/out and they posted this screen

http://www.maximumpc.com/files/u138055/secure_boot.jpg

Thank you !

Now we just have to hope that OEMs won't disable this option in their products. But if you ask me, I think some -of not most- laptops will come without this option. At least it won't be MS's fault. Unless someone digs out a document showing MS paying OEMs to remove this "off button" from their products.
 

Solaris17

Super Dainty Moderator
Staff member
Joined
Aug 16, 2005
Messages
27,088 (3.83/day)
Location
Alabama
System Name RogueOne
Processor Xeon W9-3495x
Motherboard ASUS w790E Sage SE
Cooling SilverStone XE360-4677
Memory 128gb Gskill Zeta R5 DDR5 RDIMMs
Video Card(s) MSI SUPRIM Liquid X 4090
Storage 1x 2TB WD SN850X | 2x 8TB GAMMIX S70
Display(s) 49" Philips Evnia OLED (49M2C8900)
Case Thermaltake Core P3 Pro Snow
Audio Device(s) Moondrop S8's on schitt Gunnr
Power Supply Seasonic Prime TX-1600
Mouse Razer Viper mini signature edition (mercury white)
Keyboard Monsgeek M3 Lavender, Moondrop Luna lights
VR HMD Quest 3
Software Windows 11 Pro Workstation
Benchmark Scores I dont have time for that.
/angry face.
 
Joined
Nov 13, 2009
Messages
5,614 (1.02/day)
Location
San Diego, CA
System Name White Boy
Processor Core i7 3770k @4.6 Ghz
Motherboard ASUS P8Z77-I Deluxe
Cooling CORSAIR H100
Memory CORSAIR Vengeance 16GB @ 2177
Video Card(s) EVGA GTX 680 CLASSIEFIED @ 1250 Core
Storage 2 Samsung 830 256 GB (Raid 0) 1 Hitachi 4 TB
Display(s) 1 Dell 30U11 30"
Case BIT FENIX Prodigy
Audio Device(s) none
Power Supply SeaSonic X750 Gold 750W Modular
Software Windows Pro 7 64 bit || Ubuntu 64 Bit
Benchmark Scores 2017 Unigine Heaven :: P37239 3D Mark Vantage
Top