PC vendors may not have to include a Secure Boot toggle with Windows 10, making it harder for users to install alternative operating systems.
In Windows 8, Microsoft embraced a protocol known as Unified Extensible Firmware Interface (or UEFI) Secure Boot. UEFI is a more modern replacement for the traditional BIOS that earlier PCs used to start up, and Secure Boot is intended to lock out low-level malware that might try to infect the boot process. PC vendors that wanted “Designed for Windows” certification had to include UEFI Secure Boot on their machines.
The arrival of UEFI caused some anxiety in the Linux community a few years ago, as it could have shut out alternative operating systems that didn’t work with the new technology. But in the end, Microsoft provided a workaround: PC vendors had to provide a way to turn off UEFI secure boot (at least for x86-based machines), essentially letting users manually unlock the door and install whatever they wanted.
According to Ars Technica, citing a slide from a Microsoft WinHEC presentation last week, Microsoft may no longer require PC makers to provide a toggle for UEFI Secure Boot in Windows 10. In other words, PC vendors can decide to raise bigger barriers for alternative operating systems in the name of security. (As with before, Windows 10 smartphones cannot have secure boot disabled.)
Ars notes that Microsoft hasn’t finalized the exact specs yet, so it’s possible that things could change. Additionally, this requirement would only affect new PCs—not older models upgrading to Windows 10. But given that the current Windows secure boot mechanism isn’t attack-proof, it’s not surprising that Microsoft would look to lock things down further.
Why this matters: This move doesn’t completely shut out Linux distributions on Windows-based machines. Larger distributions such as Ubuntu already include their own tools to work with UEFI, and the Linux Foundation has been working with Microsoft on a secure boot loader that works with independent distributions. But dropping the option to turn off UEFI would create more work for creators of alternative distros, and takes a little more control out of the hands of users.