Hardware manufacturers that want to ship Microsoft’s upcoming Windows 8 operating system with their PCs need to implement the Secure Boot feature that is part of the UEFI specification. The feature basically determines which code or programs can be started during boot. The core intention here is to prevent malware and other unauthorized code from being executed when the computer boots. (see Windows 8, Boot Security And Third Party Operating Systems for details)
While that looks like a good security feature it also means that the feature will block other unauthorized operating systems from being started on the system.
The main problem that the Free Sofware Foundation (FSF) sees is that Microsoft is giving the manufacturers the power to decide how to implement the feature. This means in particular that hardware vendors could implement the feature in a way that the user could not install any other operating system on the PC.
Matthew Garrett points out that Windows 8 certification requires that hardware ship with UEFI boot enabled, that it does not require users to be able to disable the feature (which can be done) and that it does not require that the PCs ship with any keys other than that of Windows. According to Matthew, some hardware vendors have already confirmed their intention that they wont give the user the option to disable UEFI secure boot.
This means that the user may no longer be in control of the computer. The hardware manufacturers and Microsoft are.
What does this mean for the end user? Microsoft claim that the customer is in control of their PC. That’s true, if by “customer” they mean “hardware manufacturer”. The end user is not guaranteed the ability to install extra signing keys in order to securely boot the operating system of their choice. The end user is not guaranteed the ability to disable this functionality. The end user is not guaranteed that their system will include the signing keys that would be required for them to swap their graphics card for one from another vendor, or replace their network card and still be able to netboot, or install a newer SATA controller and have it recognise their hard drive in the firmware. The end user is no longer in control of their PC.
Even worse, it could furthermore mean that hardware that would otherwise be compatible with the PC won’t function because of missing signing keys. This could mean that users will be unable to swap graphics cards, network cards or other peripherals.
One could now say that users have to just buy from the right vendor to avoid this if they want to install other operating systems on their PC. The issue here is that this would require extensive research on part of the user. They first would need to be aware of the limitations of Secure Boot, and then need to research how particular PC vendors have implemented the feature in their PCs. This is far from practicable.
The only sure way out is to build your own PCs or convince Microsoft and hardware vendors to give users control over the feature. The FSF is asking users to sign a statement to “urge all computer makers implementing UEFI’s so-called “Secure Boot” to do it in a way that allows free software operating systems to be installed”.
© Martin Brinkmann for gHacks Technology News | Latest Tech News, Software And Tutorials, 2011. | Permalink |
Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: free software, microsoft, secure boot, windows 8
0 comments:
Post a Comment