The right to dual-boot: Linux groups plead case prior to Windows 8 launch

Linux logoRed Hat, Canonical and the Linux Foundation have laid out a set of recommendations for hardware vendors in hopes of preserving the ability to install Linux on Windows 8 machines. Windows 8 machines should ship in a setup mode giving users more control right off the bat, the groups argue.

As we reported last month, Windows 8 computers that ship with UEFI secure booting enabled could make the task of replacing Windows with Linux or dual-booting the two operating systems more difficult. In order to get a Designed for Windows 8 logo, PCs must ship with secure boot enabled, preventing the booting of operating systems that arent signed by a trusted Certificate Authority.

Hardware vendors can give users the option of disabling the secure boot featurebut they could also decline to do so, making it impossible to run a non-Windows operating system. In practice, it seems unlikely that dual-boot scenarios will be prevented entirely, but Linux vendors and the Linux Foundation are worried about how UEFI secure booting will be implemented.

Secure boot protects users, but may impede Linux

In a paper titled UEFI Secure Boot Impact on Linux, Red Hat and Canonical warn that Microsofts recommended implementation of secure boot removes control of the system from the hardware owner, and may prevent open source operating systems from functioning. Although Windows 8 isnt expected to hit the market until later in 2012, the paper notes that hardware vendors could start shipping UEFI-enabled systems in Q1 2012 in preparation for Windows 8.

Red Hat and Canonical agree that UEFI secure boot brings security advantages in malware prevention by protecting against rootkits and in giving IT departments ability to dictate that only authorized OSes can be booted. But given the potential impact on the freedom to install Linux and other alternative operating systems, the open source vendors offer a few recommendations.

These include that OEMs allow secure boot to be easily disabled and enabled through a firmware configuration interface, that hardware vendors provide a standardized mechanism for configuring keys in system firmware; and that hardware ship in setup mode, giving the end user more control right up front.

How much control do users want?

This last recommendation could be problematic for hardware vendors attempting to give a clean out-of-the-box experience to users, the vast majority of whom simply want to use Windows and get the system up and running quickly.

Red Hat and Canonical argue that If the process required to disable secure boot is difficult for non-technical users, then we risk restricting use of unsigned software to a small portion of the market. One could also argue that Linux installations are already restricted to a small portion of the market, which tends to be technically savvy enough to work around the restrictions expected in UEFI-enabled systems. However, Red Hat and Canonical may be worried that future attempts to bring Linux desktops to the mainstream will be impeded.

In a separate paper titled Making UEFI Secure Boot Work With Open Platforms, the Linux Foundation makes a recommendation similar to the one offered by Red Hat and Canonical, saying all platforms that enable UEFI secure boot should ship in setup mode where the owner has control over which platform key (PK) is installed. It should also be possible for the owner to return a system to setup mode in the future, if needed.

The Linux Foundation further supports the establishment of an independent certificate authority to issue keys to third-party hardware and software vendors, presumably allowing Linux-based operating systems to be installed and still gain the security benefits of UEFI secure boot. (The Free Software Foundation has also weighed in with a petition directed at hardware vendors.) Microsoft says there is no mandate

Microsoft, for its part, noted in a blog post last month that it does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows, but says UEFI secure boot addresses a pre-operating system environment that is vulnerable to attack.

At the end of the day, the customer is in control of their PC, Microsoft says. Without mentioning Linux by name, Microsoft said For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.

Indeed, as we noted last month, the Windows 8 developer system built by Samsung and distributed at Microsofts BUILD conference contains the option to disable secure boot. Since few computers ship with Linux pre-installed, Linux groups hope that same option will be available on all Windows 8 systems, and that it will be easily accessible even for users who arent Linux experts.

Source: Ars Technica

Tags: Linux, OSes, Windows 8

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Last news

A mobile hotspot in Australia will be capable of hitting gigabit speeds on the go
A new game could be in the works as Blizzard appears to have been hiring for a Diablo-related project
Nokia CEO Rajeev Suri will speak at MWC 2017
However what if you could go way, way back?
The Helio P15 packs an octa-core Cortex-A53 processor clocked at 2.2GHz
Samsung claims up to 27-percent higher performance or 40-percent lower power
Preliminary data for October shows another Windows 10 boom
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /
HP Slate 7 is a 7-inch Android 4 Tablet PC with good sound
A cost-effective, 7-inch tablet PC from a renowned manufacturer
October 25, 2013 / 4

News Archive



Do you use microSD card with your phone?
or leave your own version in comments