RealTime IT News

Red Hat Engineer Calls out Windows 8 Secure Boot as a Linux Risk

From the 'GRUB Killer' files:

Red Hat developer Matthew Garrett has discovered a potential Linux killing feature in Windows 8.

Microsoft's next major OS is set include a secure boot. The system will prevent any executable from loading unless they are signed by a specific set of keys. The problem with that is non-key signed executable - say Linux - might not be able to put on a piece of hardware that has been built for Windows.

That's a problem.

Many of us, (myself included) have hardware that was originally running Windows (the so-called Microsoft tax). That hardware has since been re-imaged or dual-booted to load something else, namely Linux.

The Windows 8 secure boot process could potentially eliminate that ability on new hardware.

"Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled," Garrett blogged. "A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux."

That said Garrett added that, "there's no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code."

In my view there are a few potential solutions to this issue:

1) Buy bare metal. If you buy a bare metal machine without the Microsoft tax than this isn't going to be an issue.

2) Grub replacement. As it stands Grub would likely not work under a strict interpretation of Microsoft's safe bootloader approach, that said, when something doesn't work in open source, there is an 'itch to scratch' and history has shown as that itches don't get left unscratched for long.

3) It won't happen with small vendors. Big vendors like Dell, HP and Lenovo are likely to preload and be part of this program. Smaller vendors that pre-load on site likely won't and will find their own workarounds too.

4) Virtualize. No this is not an ideal solution...but, if the secure boot can be linked to say Hyper-V (i know...),easy enough to run Linux virtualized.

None of these solutions are ideal and the Windows 8 secure boot could be a real problem. The good news is that developers like Matthew Garrett are watching. Microsoft isn't going to surprise anyone this time.

Comment and Contribute