Microsoft’s Take on UEFI May Impede Linux (and that’s being polite)
Recent revelations about the way that Windows 8 will make use of UEFI, the next generation PC BIOS, have caused speculation that this may cause problems for people wanting to install Linux. Potentially, this could cause the PC to switch away from its historic position as the standard bearer for open platforms.
The next version of Windows, Windows 8, may only run on a PC that features the UEFI BIOS. The snag is that it will probably make use of the “secure booting” feature of UEFI which prevents unsigned operating systems from booting on the hardware. The maker of the computer can install a certificate into the firmware on the motherboard, and consequently, only signed boot loaders (and possibly kernels and drivers and even applications) can then run on the machine. Software vendors such as Microsoft must send their code away to the manufacture of the computer to be signed so that it will run.
In other words, the PC will undergo a historic change, from the consummate open platform to a closed one. This also means that Linux wont boot on future PCs unless the motherboard manufacturer takes the time to certify each version of the boot loader and possibly each distro or even every kernel. It also seems that compliance with this system may be incompatible with licenses such as GPL 3.
To digress for a moment, it’s worth considering a software environment that may voluntarily go down this path, Mac OS X, as its users could be willing to accept a change in the balance between freedom for security. It’s quite possible that a future version of Mac OS will only allow software installation via the app store, and furthermore, it might become impossible to run a binary that has not been signed and approved by Apple itself. Apple itself would probably not be too bothered that its hardware would be inaccessible to other operating systems.
By contrast, Linux is a broad church. Part of what makes Linux so great is that you can do anything you like with it. You can install it where you like and modify it so that it meets your needs. What we’re facing is a potential future in which ex-corporate PCs, for example, may well be tied to a specific version of Windows and absolutely nothing else will run.
Unsurprisingly, Microsoft employees have attempted to play down the undesirable ramifications of what may happen. In a post entitled “Protecting the pre-OS environment with UEFI”, Microsoft blogger Steven Sinofsky says:
“The most important thing to understand is that we are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available.”
Over the course of the post, he summarizes some of the advantages offered by the new system, namely increased security and faster booting, while also downplaying the barrier to alternative OS installation. In defense of the new policy, he claims that end-users will be able to disable secure booting on a UEFI equipped PC. This may be true, to an extent. However, it will be up to the hardware vendor to decide whether or not leave this option intact. I for one have often encountered PCs that exhibit a curtailed set of BIOS start up options. How long before it becomes a element of standard corporate IT policy that secure boot must be enabled?
Workarounds in the form of altering a jumper on the motherboard, selecting an option in the BIOS or even running an exploit to jail-break the machine are all barriers to Linux adoption.
There has also been some speculation on the subject of who will provide resistance to the adoption of the secure boot environment that Windows 8 will rely on.
How about techs? It’s worth remembering that a lot of technically minded people who work for large companies are fans of Linux. Yet, the Linux intrusion onto company desktops remains nascent, years after it reached sufficient maturity to take on Windows in that role. In the server room, the techs will be allowed to disable secure booting and will probably specify Linux compatible hardware if they run Linux, side stepping the problem. Overall, it’s doubtful that the “nerds in jumpers” will be a sufficient force to prevent Microsoft (let’s be honest here) doing a number on the computer industry.
It’s also possible that the hardware manufacturers will revolt against Microsoft’s plan to “accidentally” lock out alternatives to their product. However, one has to wonder how persuasive the wishes of less than 5% the potential user base will prove. Also, bear in mind that the manufacturers have an incentive to go along with secure boot as it has the potential to turn hardware that is no longer supported by Microsoft into a doorstop, thus encouraging sales of new hardware.
Activists in the fields of poverty alleviation and recycling ought to be on our side, but it’s not clear that many of them will understand the technical issues to a sufficient extent. In the future, Microsoft may well create a version of Windows that only runs for 12 months, unless the customer is willing to pay a new subscription fee. That’s a lot of land-fill and a lot of potential users deprived of a cheap or free computer setup.
So, in summary, whatever level of extra security is foisted onto the computer industry by Microsoft’s latest decision, it looks like it will fly in the face of the freedom that makes alternative operating systems like Linux as great as they are.
Jake Edge pointed out a lot of these problems earlier in the year in this excellent LWN.net post.
UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- The Italian Army Switches to LibreOffice
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Petros Koutoupis' RapidDisk
- Linux Mint 18
- Oracle vs. Google: Round 2
- The FBI and the Mozilla Foundation Lock Horns over Known Security Hole
- Varnish Software's Varnish Massive Storage Engine
- Privacy and the New Math
- Ben Rady's Serverless Single Page Apps (The Pragmatic Programmers)
Until recently, IBM’s Power Platform was looked upon as being the system that hosted IBM’s flavor of UNIX and proprietary operating system called IBM i. These servers often are found in medium-size businesses running ERP, CRM and financials for on-premise customers. By enabling the Power platform to run the Linux OS, IBM now has positioned Power to be the platform of choice for those already running Linux that are facing scalability issues, especially customers looking at analytics, big data or cloud computing.
￼Running Linux on IBM’s Power hardware offers some obvious benefits, including improved processing speed and memory bandwidth, inherent security, and simpler deployment and management. But if you look beyond the impressive architecture, you’ll also find an open ecosystem that has given rise to a strong, innovative community, as well as an inventory of system and network management applications that really help leverage the benefits offered by running Linux on Power.Get the Guide