The right to dual-boot: Linux groups plead case prior to Windows 8 launch

Linux logoRed Hat, Canonical and the Linux Foundation have laid out a set of recommendations for hardware vendors in hopes of preserving the ability to install Linux on Windows 8 machines. Windows 8 machines should ship in a setup mode giving users more control right off the bat, the groups argue.

As we reported last month, Windows 8 computers that ship with UEFI secure booting enabled could make the task of replacing Windows with Linux or dual-booting the two operating systems more difficult. In order to get a Designed for Windows 8 logo, PCs must ship with secure boot enabled, preventing the booting of operating systems that arent signed by a trusted Certificate Authority.

Hardware vendors can give users the option of disabling the secure boot featurebut they could also decline to do so, making it impossible to run a non-Windows operating system. In practice, it seems unlikely that dual-boot scenarios will be prevented entirely, but Linux vendors and the Linux Foundation are worried about how UEFI secure booting will be implemented.

Secure boot protects users, but may impede Linux

In a paper titled UEFI Secure Boot Impact on Linux, Red Hat and Canonical warn that Microsofts recommended implementation of secure boot removes control of the system from the hardware owner, and may prevent open source operating systems from functioning. Although Windows 8 isnt expected to hit the market until later in 2012, the paper notes that hardware vendors could start shipping UEFI-enabled systems in Q1 2012 in preparation for Windows 8.

Red Hat and Canonical agree that UEFI secure boot brings security advantages in malware prevention by protecting against rootkits and in giving IT departments ability to dictate that only authorized OSes can be booted. But given the potential impact on the freedom to install Linux and other alternative operating systems, the open source vendors offer a few recommendations.

These include that OEMs allow secure boot to be easily disabled and enabled through a firmware configuration interface, that hardware vendors provide a standardized mechanism for configuring keys in system firmware; and that hardware ship in setup mode, giving the end user more control right up front.

How much control do users want?

This last recommendation could be problematic for hardware vendors attempting to give a clean out-of-the-box experience to users, the vast majority of whom simply want to use Windows and get the system up and running quickly.

Red Hat and Canonical argue that If the process required to disable secure boot is difficult for non-technical users, then we risk restricting use of unsigned software to a small portion of the market. One could also argue that Linux installations are already restricted to a small portion of the market, which tends to be technically savvy enough to work around the restrictions expected in UEFI-enabled systems. However, Red Hat and Canonical may be worried that future attempts to bring Linux desktops to the mainstream will be impeded.

In a separate paper titled Making UEFI Secure Boot Work With Open Platforms, the Linux Foundation makes a recommendation similar to the one offered by Red Hat and Canonical, saying all platforms that enable UEFI secure boot should ship in setup mode where the owner has control over which platform key (PK) is installed. It should also be possible for the owner to return a system to setup mode in the future, if needed.

The Linux Foundation further supports the establishment of an independent certificate authority to issue keys to third-party hardware and software vendors, presumably allowing Linux-based operating systems to be installed and still gain the security benefits of UEFI secure boot. (The Free Software Foundation has also weighed in with a petition directed at hardware vendors.) Microsoft says there is no mandate

Microsoft, for its part, noted in a blog post last month that it does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows, but says UEFI secure boot addresses a pre-operating system environment that is vulnerable to attack.

At the end of the day, the customer is in control of their PC, Microsoft says. Without mentioning Linux by name, Microsoft said For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.

Indeed, as we noted last month, the Windows 8 developer system built by Samsung and distributed at Microsofts BUILD conference contains the option to disable secure boot. Since few computers ship with Linux pre-installed, Linux groups hope that same option will be available on all Windows 8 systems, and that it will be easily accessible even for users who arent Linux experts.

Source: Ars Technica

Tags: Linux, OSes, Windows 8

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apples 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (16)