from Hacker News

Windows 8 OEM specs may block Linux booting

by ramen on 9/21/11, 2:22 AM with 139 comments

  • by dpark on 9/21/11, 3:32 AM

    Unless I'm misunderstanding something, this is silly FUD. Microsoft isnt stupid enough (or evil enough, despite what some like to believe) to attempt to force PC oems to effectively block all OSes except Windows. They know this wouldn't work, and there'd be no point in trying to force it.

    Supporting hardened boot is not the same as requiring it. Microsoft already utilizes this for BitLocker. You can still install Linux on a machine that supports hardened booting and signed images. You just can't enable hardened boot unless you use signed images.

  • by sciurus on 9/21/11, 2:55 AM

    Here is a direct link to Matthew Garret's blog post so that you can skip itworld's paraphrasing.

    http://mjg59.dreamwidth.org/5552.html

  • by ghshephard on 9/21/11, 3:24 AM

    The first paragraph is just silly:

    "After years of trying to cut off Linux growth as a desktop platform on x86 and x64 PCs, Microsoft may have actually figured out a way to stop Linux deployments on client PCs dead in their tracks."

    I'm quite certain Microsoft has (A) not put any significant effort into cutting off growth as a desktop platform, and (B) If they had, they were almost completely successful, and characterizing it as "trying" implies that they had limited success.

  • by jrockway on 9/21/11, 3:05 AM

    I doubt any major vendor will do this. First off, they don't want to be locked into selling Microsoft-only machines. If they can't pretend Linux is an option, Microsoft can charge them $1000 for a Windows license and there's nothing they can do about it. If they have Linux hanging over Microsoft's head, though, they'll get better pricing on Windows. (Think this won't happen? It already did with XP on netbooks. When Microsoft realized that everyone was happy to get $100 off the price of their laptop to run Firefox under Linux instead of under Windows, they had no choice but to make it nearly free.)

    If that doesn't work, the need for booting non-standard Windows images will save us. I've never worked for any company that ran a stock Windows install -- everyone rolls their own. If new machines won't boot this image, guess what, that new machine is bought from some vendor that doesn't do this to them. And the only reason most people use Windows at home is because they use Windows at work. If big companies started migrating away from Windows, Microsoft could be in serious trouble. (Yup, Microsoft Word is much nicer than LibreOffice Writer or AbiWord. But you don't know that if you've never used it. Or, you don't care, because you're writing a memo, not a book. And that's $600 Microsoft loses right there.)

    Next, we're forgetting the all-important server market. Nobody uses Windows as a server OS, so all those servers are going to have to be able to run Grub. Since servers are what make the OEMs money (they actually need that quad core chip, you don't), keeping users of that market happy will be the hardware companies' biggest concern. If Intel chips stop booting Linux, guess what, AMD is the new king of the market.

    Finally, many of these companies are in markets other than consumer computers, and they won't want to alienate their other partners. If, say, Samsung says "our hardware will only run Windows", then they won't be manufacturing Android phones or Chromebooks anymore. And that's a big deal, because they won't be manufacturing iPhones either, and that means they're out of the mobile market. (Have you ever seen anyone without MVP certification anywhere near a Windows Phone? I didn't think so.)

    Basically, Windows is important, but not so important that anyone would want to be the first to go Windows-only in hardware. Hardware companies want to provide nice computers at a nice price. End users mostly want to browse the web. This puts Microsoft in a position to do exactly what the market wants, not what it thinks it can bear. When you're at the top, the only place to go is down. And that is where Microsoft is going.

  • by daeken on 9/21/11, 2:42 AM

    This could block Linux from booting, but realistically speaking, does anyone believe that will happen? It seems very, very unlikely to me that you won't be able to disable signing restrictions at the firmware level.

  • by rdl on 9/21/11, 7:00 AM

    This is overblown. However, if this means secure boot hardware is even more widely available, it is a win -- if the keys are under control of the user or his organization, it is a huge security win.

  • by yason on 9/21/11, 7:55 AM

    I've long thought that the only place where I allow Windows is in a virtual machine. This seems to hint in that direction: buy a machine that isn't broken (can boot Linux) and do your Windows duties under VirtualBox or something.

  • by ableal on 9/21/11, 3:19 PM

    LWN notice and discussion of "Garrett: UEFI secure booting" at http://lwn.net/Articles/459569/

  • by tree_of_item on 9/21/11, 3:25 AM

    To everyone saying "I doubt anyone will do this": wasn't the consensus also against Microsoft restricting application distribution to their app store?

  • by krschultz on 9/21/11, 11:16 AM

    It won't happen, and if it does happen, it won't matter.

    Can you imagine the Anti-Trust problems this would create? Microsoft is still a big fat target for anti-trust lawsuits and this one is pretty blatant.

    And if it does happen, while we're waiting for the Justice Department to end it I'm pretty sure the Linux hackers will find a way around it. When there is a will, there is a way.

  • by sunyc on 9/21/11, 3:25 AM

    chromeos has similar thing, with a developer switch at back basically turns off the signature validation in firmware. what they should worry about is, which CA root to put in there.

  • by tbrownaw on 9/21/11, 8:46 AM

    > The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or

    Does it have to be directly signed by that key, or does it work like the CA system that web browsers use?

    > A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux. [ from the blog post rather than the article ]

    Which tells us that either systems will not ship with only those keys, or there will be a simple way to disable this ("Press F2 for setup"), or somebody will be getting sued on antitrust grounds (which maybe would be ignored again in the US, but not the rest of the world) and forced to provide a workaround.

  • by TallGuyShort on 9/21/11, 2:44 PM

    No one seems to have mentioned the impact this will have on Live systems. I'm frequently called on by Windows users to recover lost data on corrupted systems, which I do using a Live Linux distribution (especially when they have discarded their installation media & access keys, and have no interest in investing money in continuing using Windows if I can give them a free alternative to getting online). How will I be able to do that for people with Windows 8 computers?

    I'm sure I'll be able to find unsigned hardware for my personal use, but it's the interoperability that concerns me.

  • by gizzlon on 9/21/11, 7:33 AM

    The articles doesn't say, but this would require an TPM in the machine to be successful.. right?

    Without a TPM how can the EFI be trusted? You just have to replace it as well as the boot loader and kernel.

  • by wedesoft on 9/21/11, 9:32 AM

    It certainly won't get easier to install a Linux dual-boot. It is already difficult enough as it is:

    * Windows PCs without installation medium

    * Windows installation with a full partitition table (four primary partitions)

    * (intentionally?) corrupted partition tables

    I.e. installing GNU/Linux requires you to resize partitions with a potentially corrupted NTFS file system and/or delete backup partitions. Alternatively the user uses a Windows image file as Linux file system (Wubi) which is slower and a more fragile solution.

  • by jsz0 on 9/21/11, 4:08 AM

    Linux (on the desktop) is probably of little or no concern to Microsoft at this point. They've got bigger problems to worry about. If they want to focus on making computers sold with Windows offer the best possible experience it will benefit the most people. Possibly it will make things harder for Linux users but from Microsoft's perspective if the OEM is shipping Windows there's no reason to consider Linux as part of the equation.

  • by moontear on 9/21/11, 11:37 AM

    "We will continue to support the legacy BIOS interface, but machines using the UEFI interface will have significantly richer capabilities."

    == Will not block Linux or any other OS booting. Secondly anti-trust cases would kill MS if they would block any other OS, so they won't.

    http://blogs.msdn.com/b/b8/archive/2011/09/20/reengineering-...

  • by bitops on 9/21/11, 5:42 AM

    Agree that its a non-issue. Linux is established, would be a really dumb move to block it like this.

    In two weeks we'll have forgotten all about it.

  • by christkv on 9/21/11, 12:44 PM

    If this makes it into real hardware I expect the EU to reopen their case against Microsoft fairly quickly on anti-competitive grounds. There are to many governmental institutions and businesses dependent on linux for their day to day work for this to go unchallenged.

  • by paulja on 9/21/11, 8:33 AM

    Thats one way to stop all the shops that slap XP on modern hardware, due to corporate IT policy.

  • by mkup on 9/21/11, 11:57 AM

    There was a time when Windows Logo was considered prestigious, respectable and trendy thing.

    With such a practice Microsoft is quickly approaching a time when Windows Logo will be perceived like a hot-iron branding of robbers and other criminals in the medieval era.

  • by karolisd on 9/21/11, 2:53 AM

    Does this effect dual booting OS X? I doubt the side-effect of blocking Linux boots was anything but a coincidence. But could Microsoft be fearful of Hackintoshes becoming more popular and a increase of OS X running on non-Apple hardware?

  • by dhimes on 9/21/11, 1:58 PM

    If the UEFI could be made to handle multiple keys, and allow the owner to enter them into the firmware, then this could work. One more step in the setup but a more secure system overall.

  • by braco_alva on 9/21/11, 3:55 AM

    But even if this was true, there is still ways around this right? I mean rEFIt does a pretty good job booting up Linux in Mac, so wouldn't this be possible in those PC's as well?

  • by prayag on 9/21/11, 3:25 AM

    I bought a Windows machine from Amazon. The reason that I wasn't able to install Linux was acceptable enough for Amazon to pay for return shipping.

  • by RexRollman on 9/21/11, 2:00 PM

    Why is this being written like it is solely a "linux" problem? It seems to me that it effects every non-Windows operating system.

  • by kvk on 9/21/11, 5:17 AM

    The start of a Windows jailbreaking scene?

  • by nagnatron on 9/21/11, 10:11 AM

    I know I'm speaking through my reality distortion field, but who cares about this?

  • by ivanbernat on 9/21/11, 7:06 AM

    It looks to me like it's designed with tablets in mind, not desktops / laptops.

  • by lhnn on 9/21/11, 4:06 AM

    Wouldn't this draw anti-trust battles? Since complying with EFI signing is against the license of one of the only other major alternatives to Windows, this would not bode well for Microsoft.

  • by dramaticus3 on 9/21/11, 8:06 AM

    Summary : Machines that have the "Windows 8" logo must have UEFI, which means the bootloader must be signed with a key that's in the BIOS. Additionally the OS can use the keys to check other signed code : device drivers etc.

    My conclusion : A smart vendor will include a signed program that will manage said keys in the BIOS.

  • by pointyhat on 9/21/11, 3:15 PM

    Like I suspected, this entire thread has been turned by zealots into a Microsoft-bashing exercise.

    I genuinely dispair for people who spend their entire time platform bashing and don't add something constructive to the discussion or tar and feather a side religiously. It paints a very bad picture of the "startup culture" amongst more established organisations.

  • by guard-of-terra on 9/21/11, 7:05 AM

    Does this also mean that you won't be able to boot Windows 8 on a PC you assembled yourself? Oh, they did not think of that.

    One more reason to hate MS and want it die everywhere.

  • by brokensystem on 9/21/11, 8:29 AM

    I use ubuntu but surely my harddrive is full of malware (boot system compromised). Linux is for hacker playing with backdoors. I like free software and linux, but if I need a secure system, I should have to pay the prize of using windows 8.