Windows 8 secure boot could complicate Linux installs

Windows 8 secure boot could complicate Linux installsPC users who run Windows and Linux on the same machine will want to do some research before purchasing a Windows 8 computer. That's because systems with a "Designed for Windows 8" logo must ship with UEFI secure booting enableda move that prevents booting operating systems that arent signed by a trusted Certificate Authority.

This could pose a problem for Linux users, though in practice most can just change UEFI settings to disable secure boot before installing the open-source OS. But users will have to depend on hardware vendors to make this option possible in the first place.

Disabling secure boot

Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled, Red Hat developer Matthew Garrett writes on his blog in reference to a recent presentation by Microsoft program manager Arie van der Hoeven. The Microsoft exec notes that UEFI and secure boot are required for Windows 8 client with the result that all firmware and software in the boot process must be signed by a trusted Certificate Authority.

Microsoft has a good reason for this. A growing class of malware targets the boot path [and] often the only fix is to reinstall the operating system, van der Hoeven said. UEFI and secure boot harden the boot process [and] reduce the likelihood of bootkits, rootkits and ransomware.

Importantly, though, Garrett writes that theres no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code.

For many (and hopefully most) Windows 8 machines, this means that users have a good chance of successfully entering the UEFI settings interface to turn off secure boot. But this will depend on the hardware vendor.

Experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market, Garrett writes. It's almost certainly the case that some systems will ship with the option of disabling this. Equally, it's almost certainly the case that some systems won't. It's probably not worth panicking yet. But it is worth being concerned.

Technically, vendors can ship Windows 8 PCs without meeting Microsoft's "designed for Windows 8" logo requirements, but major OEMs typically would not do that.

The Windows 8 developer tablet Microsoft handed out at this months BUILD conference did include the ability to turn off the secure boot process. This is reminiscent of Googles Cr-48 Chromebook, which allowed users to turn off the Verified Boot process and install another operating system, though this involved flipping a physical switch instead of changing a software setting.

A signed OS

Besides disabling the Windows 8 secure boot process, another option for Linux lovers is installing a signed version of Linux. But this poses several problems, Garrett notes. Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith. Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by every OEM.

Current machines dual-booting Windows 7 and Linux should be able to upgrade to Windows 8 without wiping out the Linux install. As Microsoft notes in the Building Windows 8 blog, We will continue to support the legacy BIOS interface. However, machines using UEFI instead of BIOS will have significantly richer capabilities including faster boot times and greater security.

Ultimately, the Windows 8 changes arent likely to wipe out Linux dual-boot scenarios, but they could restrict the types of hardware that will allow them. PC users who would boot two operating systems tend to be highly technical, though, so we expect theyll find the necessary workarounds.

Source: Ars Technica

Tags: Linux, Microsoft, OSes, Windows 8

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apples 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (16)