Windows 8 Secure Boot: The Controversy Continues
Part of the controversy this time around stems from the revelation that the Microsoft's requirements for ARM-based Windows 8 devices include a mandatory Secure Boot feature, effectively locking down such devices and preventing them from booting non-Windows OSes.
Linux users have long been able to install the free and open source operating system on PCs that ship with Windows, but that apparently won't be true with Windows 8 ARM hardware.
"Disabling Secure [Boot] MUST NOT be possible on ARM systems," reads page 116 of the company's Windows Hardware Certification Requirements document, as noted recently by Computerworld UK blogger Glyn Moody.
“Microsoft confirms UEFI fears, locks down ARM devices” was the title of the ensuing blog post from the Software Freedom Law Center (SFLC).
'Custom Mode Allows for More Flexibility'
So that's one bit of bad news for Linux users. On the PC side, however, things are more complicated.
For non-ARM devices, Microsoft's Certification Requirements define a "custom" Secure Boot mode that seems to allow for the installation of Linux. “On non-ARM systems, the platform MUST implement the ability for a physically present user to select between two Secure Boot modes in firmware setup: 'Custom' and 'Standard',” the Microsoft document specifies. “Custom Mode allows for more flexibility.”
Specifically, Custom Mode will let users modify the contents of the Secure Boot signature databases and the platform key (PK) that verifies kernels during system start-up, thus potentially opening the door to alternative operating systems such as Linux.
Sounds good, right? Unfortunately, Red Hat developer Matthew Garrett--the person who originally called attention to all this back in September--isn't so sure.
'Not Really Good Enough'
Microsoft's Custom Mode is “not really good enough,” Garrett explained in a blog post on Tuesday. “People have spent incredible amounts of time and effort making it easy to install Linux by doing little more than putting a CD in a drive. Asking them to go into the firmware and reconfigure things adds an extra barrier that restricts the ability to install Linux to more technically skilled users.”
Not only would less-experienced users potentially be prevented from installing Linux, but there are a number of key details missing from Microsoft's specifications, Garrett charges.
One big problem, for example, is that Microsoft doesn't specify any standard user interface for Custom Mode, meaning that it will likely look different on different PCs. “It's effectively impossible to document Linux installation when the first step becomes (a) complicated and (b) vendor specific,” Garrett wrote.
Also missing from the specifications are a description of the key format and a way to use Custom Mode for unattended installations, such as an administrator might need to perform over a network, he points out.
An Ongoing Saga
The bottom line, then, is that things don't currently look good for Linux users when it comes to Windows 8 ARM devices, and--at least in Garrett's opinion--they don't necessarily look much better on PCs, “Custom Mode” or not.
I'm sure this isn't the end of the story, though. I'll report back as soon as I learn more.