Windows 8 secure boot, could alienate alternative operating systems

0
microsoft-hq

Data scientists are warning that Windows 8 and its secure boot process that will hinder unauthorized operating systems may alienate alternatives. This could strike hard against Linux or FreeBSD, which has made bells ring all over the world and in worst case could put Microsoft before the EU courts again.

We reported on the new boot menu that certainly adds a nice touch to an otherwise dull experience. UEFI (Unified Extensible Firmware Interface) will be a just as important detail in the new OS. UEFI is the sucessor to the aging BIOS that is still used, and the advantages are many, including faster boots and higher security.

Microsofthas made changes to UEFI, that would mean that a PC would only be capable of booting an operating system with a digital signature, from a keychain built into the PC. Microsoft was hoping to make this implementation mandatory, which means that end users would not be able to override it.

Linux

Alternative operating systems in danger of not being installed or used at all with OEM computers

This would effectively lock out all other alternatives for operating systems, like flavors of Linux and FreeBSD. Nothing is set in stone with this change, but a signed version of Linux would work. But such a change woiuld cause major problem according to professor Matthew Garret:

Firstly, we’d need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It’s a grey area, and exploiting it would be a pretty good show of bad faith.

Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it’s still necessary to get our keys included by ever OEM.

There’s no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code. However, experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market.

The change in UEFI that Microsoft has suggested would make it impractical for users and developers to build or modify you own kernel. Microsoft could offer OEMs firmwares for disabling the function, and allow systems to run unsigned code, but this is not something OEMs are keen on doing.

The reasons for the change can be questioned, but one reason is that Microsoft actually cares about the security of the end-user, and doesn’t want to deal with help support with a dual-boot with unsigned software. It can also be argued that Microsoft is doing it for its own winnings, and they could very well end up in court, again – for violating anticompetition laws in the EU.

Windows8_boot4

As it stands today this should only affect OEM computers, home builders should not worry. However, notebooks would only be capable of running Microsoft Windows, or other signed operating systems. This could very well an attempt to revive the controversial Trusted Computing. While Trusted Computing had the security advantage, there were great disadvantages that did not allow the user to control its own system.

Garret does add that there is no reason to panic yet, but there is grounds for concern.

Source: TheRegister

Subscribe
Notifiera vid
0 Comments
äldsta
senaste flest röster
Inline Feedbacks
View all comments