Red Hat, Canonical and the Linux Foundation have laid out a set of recommendations for hardware vendors in hopes of preserving the ability to install Linux on Windows 8 machines. Windows 8 machines should ship in a setup mode giving users more control right off the bat, the groups argue.
As we reported last month, Windows 8 computers that ship with UEFI secure booting enabled could make the task of replacing Windows with Linux or dual-booting the two operating systems more difficult. In order to get a “Designed for Windows 8” logo, PCs must ship with secure boot enabled, preventing the booting of operating systems that aren’t signed by a trusted Certificate Authority.
Hardware vendors can give users the option of disabling the secure boot feature—but they could also decline to do so, making it impossible to run a non-Windows operating system. In practice, it seems unlikely that dual-boot scenarios will be prevented entirely, but Linux vendors and the Linux Foundation are worried about how UEFI secure booting will be implemented.
Secure boot protects users, but may impede Linux
In a paper titled “UEFI Secure Boot Impact on Linux,” Red Hat and Canonical warn that “Microsoft’s recommended implementation of secure boot removes control of the system from the hardware owner, and may prevent open source operating systems from functioning.” Although Windows 8 isn’t expected to hit the market until later in 2012, the paper notes that hardware vendors could start shipping UEFI-enabled systems in Q1 2012 in preparation for Windows 8.
Red Hat and Canonical agree that UEFI secure boot brings security advantages in malware prevention by protecting against rootkits and in giving IT departments ability to dictate that only authorized OSes can be booted. But given the potential impact on the freedom to install Linux and other alternative operating systems, the open source vendors offer a few recommendations.
These include that “OEMs allow secure boot to be easily disabled and enabled through a firmware configuration interface,” that hardware vendors “provide a standardized mechanism for configuring keys in system firmware”; and that “hardware ship in setup mode,” giving the end user more control right up front.
How much control do users want?
This last recommendation could be problematic for hardware vendors attempting to give a clean out-of-the-box experience to users, the vast majority of whom simply want to use Windows and get the system up and running quickly.
Red Hat and Canonical argue that “If the process required to disable secure boot is difficult for non-technical users, then we risk restricting use of unsigned software to a small portion of the market.” One could also argue that Linux installations are already restricted to a small portion of the market, which tends to be technically savvy enough to work around the restrictions expected in UEFI-enabled systems. However, Red Hat and Canonical may be worried that future attempts to bring Linux desktops to the mainstream will be impeded.
In a separate paper titled “Making UEFI Secure Boot Work With Open Platforms,” the Linux Foundation makes a recommendation similar to the one offered by Red Hat and Canonical, saying “all platforms that enable UEFI secure boot should ship in setup mode where the owner has control over which platform key (PK) is installed. It should also be possible for the owner to return a system to setup mode in the future, if needed.”
The Linux Foundation further supports the establishment of an independent certificate authority to issue keys to third-party hardware and software vendors, presumably allowing Linux-based operating systems to be installed and still gain the security benefits of UEFI secure boot. (The Free Software Foundation has also weighed in with a petition directed at hardware vendors.) Microsoft says there is no mandate
Microsoft, for its part, noted in a blog post last month that it does not “mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows,” but says UEFI secure boot addresses a pre-operating system environment that is vulnerable to attack.
“At the end of the day, the customer is in control of their PC,” Microsoft says. Without mentioning Linux by name, Microsoft said “For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.”
Indeed, as we noted last month, the Windows 8 developer system built by Samsung and distributed at Microsoft’s BUILD conference contains the option to disable secure boot. Since few computers ship with Linux pre-installed, Linux groups hope that same option will be available on all Windows 8 systems, and that it will be easily accessible even for users who aren’t Linux experts.