Microsoft’s Take on UEFI May Impede Linux (and that’s being polite)
Recent revelations about the way that Windows 8 will make use of UEFI, the next generation PC BIOS, have caused speculation that this may cause problems for people wanting to install Linux. Potentially, this could cause the PC to switch away from its historic position as the standard bearer for open platforms.
The next version of Windows, Windows 8, may only run on a PC that features the UEFI BIOS. The snag is that it will probably make use of the “secure booting” feature of UEFI which prevents unsigned operating systems from booting on the hardware. The maker of the computer can install a certificate into the firmware on the motherboard, and consequently, only signed boot loaders (and possibly kernels and drivers and even applications) can then run on the machine. Software vendors such as Microsoft must send their code away to the manufacture of the computer to be signed so that it will run.
In other words, the PC will undergo a historic change, from the consummate open platform to a closed one. This also means that Linux wont boot on future PCs unless the motherboard manufacturer takes the time to certify each version of the boot loader and possibly each distro or even every kernel. It also seems that compliance with this system may be incompatible with licenses such as GPL 3.
To digress for a moment, it’s worth considering a software environment that may voluntarily go down this path, Mac OS X, as its users could be willing to accept a change in the balance between freedom for security. It’s quite possible that a future version of Mac OS will only allow software installation via the app store, and furthermore, it might become impossible to run a binary that has not been signed and approved by Apple itself. Apple itself would probably not be too bothered that its hardware would be inaccessible to other operating systems.
By contrast, Linux is a broad church. Part of what makes Linux so great is that you can do anything you like with it. You can install it where you like and modify it so that it meets your needs. What we’re facing is a potential future in which ex-corporate PCs, for example, may well be tied to a specific version of Windows and absolutely nothing else will run.
Unsurprisingly, Microsoft employees have attempted to play down the undesirable ramifications of what may happen. In a post entitled “Protecting the pre-OS environment with UEFI”, Microsoft blogger Steven Sinofsky says:
“The most important thing to understand is that we are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available.”
Over the course of the post, he summarizes some of the advantages offered by the new system, namely increased security and faster booting, while also downplaying the barrier to alternative OS installation. In defense of the new policy, he claims that end-users will be able to disable secure booting on a UEFI equipped PC. This may be true, to an extent. However, it will be up to the hardware vendor to decide whether or not leave this option intact. I for one have often encountered PCs that exhibit a curtailed set of BIOS start up options. How long before it becomes a element of standard corporate IT policy that secure boot must be enabled?
Workarounds in the form of altering a jumper on the motherboard, selecting an option in the BIOS or even running an exploit to jail-break the machine are all barriers to Linux adoption.
There has also been some speculation on the subject of who will provide resistance to the adoption of the secure boot environment that Windows 8 will rely on.
How about techs? It’s worth remembering that a lot of technically minded people who work for large companies are fans of Linux. Yet, the Linux intrusion onto company desktops remains nascent, years after it reached sufficient maturity to take on Windows in that role. In the server room, the techs will be allowed to disable secure booting and will probably specify Linux compatible hardware if they run Linux, side stepping the problem. Overall, it’s doubtful that the “nerds in jumpers” will be a sufficient force to prevent Microsoft (let’s be honest here) doing a number on the computer industry.
It’s also possible that the hardware manufacturers will revolt against Microsoft’s plan to “accidentally” lock out alternatives to their product. However, one has to wonder how persuasive the wishes of less than 5% the potential user base will prove. Also, bear in mind that the manufacturers have an incentive to go along with secure boot as it has the potential to turn hardware that is no longer supported by Microsoft into a doorstop, thus encouraging sales of new hardware.
Activists in the fields of poverty alleviation and recycling ought to be on our side, but it’s not clear that many of them will understand the technical issues to a sufficient extent. In the future, Microsoft may well create a version of Windows that only runs for 12 months, unless the customer is willing to pay a new subscription fee. That’s a lot of land-fill and a lot of potential users deprived of a cheap or free computer setup.
So, in summary, whatever level of extra security is foisted onto the computer industry by Microsoft’s latest decision, it looks like it will fly in the face of the freedom that makes alternative operating systems like Linux as great as they are.
Jake Edge pointed out a lot of these problems earlier in the year in this excellent LWN.net post.
UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.
|Red Hat Enterprise Linux 7.1 beta available on IBM Power Platform||Jan 23, 2015|
|Designing with Linux||Jan 22, 2015|
|Wondershaper—QOS in a Pinch||Jan 21, 2015|
|Ideal Backups with zbackup||Jan 19, 2015|
|Non-Linux FOSS: Animation Made Easy||Jan 14, 2015|
|Internet of Things Blows Away CES, and it May Be Hunting for YOU Next||Jan 12, 2015|
- Designing with Linux
- Wondershaper—QOS in a Pinch
- Red Hat Enterprise Linux 7.1 beta available on IBM Power Platform
- Internet of Things Blows Away CES, and it May Be Hunting for YOU Next
- Ideal Backups with zbackup
- Slow System? iotop Is Your Friend
- Hats Off to Mozilla
- diff -u: What's New in Kernel Development
- Non-Linux FOSS: Animation Made Easy
- 2014 Book Roundup
Editorial Advisory Panel
Thank you to our 2014 Editorial Advisors!
- Jeff Parent
- Brad Baillio
- Nick Baronian
- Steve Case
- Chadalavada Kalyana
- Caleb Cullen
- Keir Davis
- Michael Eager
- Nick Faltys
- Dennis Frey
- Philip Jacob
- Jay Kruizenga
- Steve Marquez
- Dave McAllister
- Craig Oda
- Mike Roberts
- Chris Stark
- Patrick Swartz
- David Lynch
- Alicia Gibb
- Thomas Quinlan
- Carson McDonald
- Kristen Shoemaker
- Charnell Luchich
- James Walker
- Victor Gregorio
- Hari Boukis
- Brian Conner
- David Lane