Microsoft’s Take on UEFI May Impede Linux (and that’s being polite)
Recent revelations about the way that Windows 8 will make use of UEFI, the next generation PC BIOS, have caused speculation that this may cause problems for people wanting to install Linux. Potentially, this could cause the PC to switch away from its historic position as the standard bearer for open platforms.
The next version of Windows, Windows 8, may only run on a PC that features the UEFI BIOS. The snag is that it will probably make use of the “secure booting” feature of UEFI which prevents unsigned operating systems from booting on the hardware. The maker of the computer can install a certificate into the firmware on the motherboard, and consequently, only signed boot loaders (and possibly kernels and drivers and even applications) can then run on the machine. Software vendors such as Microsoft must send their code away to the manufacture of the computer to be signed so that it will run.
In other words, the PC will undergo a historic change, from the consummate open platform to a closed one. This also means that Linux wont boot on future PCs unless the motherboard manufacturer takes the time to certify each version of the boot loader and possibly each distro or even every kernel. It also seems that compliance with this system may be incompatible with licenses such as GPL 3.
To digress for a moment, it’s worth considering a software environment that may voluntarily go down this path, Mac OS X, as its users could be willing to accept a change in the balance between freedom for security. It’s quite possible that a future version of Mac OS will only allow software installation via the app store, and furthermore, it might become impossible to run a binary that has not been signed and approved by Apple itself. Apple itself would probably not be too bothered that its hardware would be inaccessible to other operating systems.
By contrast, Linux is a broad church. Part of what makes Linux so great is that you can do anything you like with it. You can install it where you like and modify it so that it meets your needs. What we’re facing is a potential future in which ex-corporate PCs, for example, may well be tied to a specific version of Windows and absolutely nothing else will run.
Unsurprisingly, Microsoft employees have attempted to play down the undesirable ramifications of what may happen. In a post entitled “Protecting the pre-OS environment with UEFI”, Microsoft blogger Steven Sinofsky says:
“The most important thing to understand is that we are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available.”
Over the course of the post, he summarizes some of the advantages offered by the new system, namely increased security and faster booting, while also downplaying the barrier to alternative OS installation. In defense of the new policy, he claims that end-users will be able to disable secure booting on a UEFI equipped PC. This may be true, to an extent. However, it will be up to the hardware vendor to decide whether or not leave this option intact. I for one have often encountered PCs that exhibit a curtailed set of BIOS start up options. How long before it becomes a element of standard corporate IT policy that secure boot must be enabled?
Workarounds in the form of altering a jumper on the motherboard, selecting an option in the BIOS or even running an exploit to jail-break the machine are all barriers to Linux adoption.
There has also been some speculation on the subject of who will provide resistance to the adoption of the secure boot environment that Windows 8 will rely on.
How about techs? It’s worth remembering that a lot of technically minded people who work for large companies are fans of Linux. Yet, the Linux intrusion onto company desktops remains nascent, years after it reached sufficient maturity to take on Windows in that role. In the server room, the techs will be allowed to disable secure booting and will probably specify Linux compatible hardware if they run Linux, side stepping the problem. Overall, it’s doubtful that the “nerds in jumpers” will be a sufficient force to prevent Microsoft (let’s be honest here) doing a number on the computer industry.
It’s also possible that the hardware manufacturers will revolt against Microsoft’s plan to “accidentally” lock out alternatives to their product. However, one has to wonder how persuasive the wishes of less than 5% the potential user base will prove. Also, bear in mind that the manufacturers have an incentive to go along with secure boot as it has the potential to turn hardware that is no longer supported by Microsoft into a doorstop, thus encouraging sales of new hardware.
Activists in the fields of poverty alleviation and recycling ought to be on our side, but it’s not clear that many of them will understand the technical issues to a sufficient extent. In the future, Microsoft may well create a version of Windows that only runs for 12 months, unless the customer is willing to pay a new subscription fee. That’s a lot of land-fill and a lot of potential users deprived of a cheap or free computer setup.
So, in summary, whatever level of extra security is foisted onto the computer industry by Microsoft’s latest decision, it looks like it will fly in the face of the freedom that makes alternative operating systems like Linux as great as they are.
Jake Edge pointed out a lot of these problems earlier in the year in this excellent LWN.net post.
UK based freelance writer Michael Reed writes about technology, retro computing, geek culture and gender politics.
|Happy Birthday Linux||Aug 25, 2016|
|ContainerCon Vendors Offer Flexible Solutions for Managing All Your New Micro-VMs||Aug 24, 2016|
|Updates from LinuxCon and ContainerCon, Toronto, August 2016||Aug 23, 2016|
|NVMe over Fabrics Support Coming to the Linux 4.8 Kernel||Aug 22, 2016|
|What I Wish I’d Known When I Was an Embedded Linux Newbie||Aug 18, 2016|
|Pandas||Aug 17, 2016|
- Download "Linux Management with Red Hat Satellite: Measuring Business Impact and ROI"
- Happy Birthday Linux
- Updates from LinuxCon and ContainerCon, Toronto, August 2016
- ContainerCon Vendors Offer Flexible Solutions for Managing All Your New Micro-VMs
- New Version of GParted
- What I Wish I’d Known When I Was an Embedded Linux Newbie
- Tor 0.2.8.6 Is Released
- NVMe over Fabrics Support Coming to the Linux 4.8 Kernel
- Blender for Visual Effects
- All about printf
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide