Microsoft Bans Linux/Android Dual-Booting on Windows 8 ARM Devices
January 16, 2012 11:39 AM
comment(s) - last by
Anti-Android crackdown would make Apple proud
Microsoft Corp.'s (
) UEFI Secure Boot technology -- the
long-awaited BIOS replacement
-- has some people concerned due to its digital rights management features, which can be used by OEMs to prevent dual-booting to other operating systems like Linux.
Microsoft Windows President Steven Sinofsky sought to assuage disgruntled Windows users,
There have been some comments about how Microsoft implemented secure boot and unfortunately these seemed to synthesize scenarios that are not the case so we are going to use this post as a chance to further describe how UEFI enables secure boot and the options available to PC manufacturers. The most important thing to understand is that we are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available. Tony Mangefeste on our Ecosystem team authored this post. --Steven
UEFI allows firmware to implement a security policy
Secure boot is a UEFI protocol not a Windows 8 feature
UEFI secure boot is part of Windows 8 secured boot architecture
Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows.
In other words, Microsoft isn't forcing laptop and desktop makers to ban Linux, though it's giving them the tools to do so.
That statement rebuked previously claims of a Red Hat, Inc. (
) Linux engineer who
Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.
A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.
Now, obviously, we could provide signed versions of Linux. This poses several problems. Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith. Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM.
Or does it?
's UK correspondent Glyn Moody dug up this interesting tidbit in Microsoft's ARM license. Writes Microsoft in "
Windows Hardware Certification Requirements
" for client and server systems, a document that regulates licensing (certification) (pg. 116):
MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible.
Disabling Secure MUST NOT be possible on ARM systems.
In other words dual-booting Linux on a standard x86 desktop should be no issue. But if you were hoping to load dual-booting Android and Windows kernels on a Windows 8 tablet (which will likely have an ARM) CPU or on
certain notebooks with ARM chips
, think again. Microsoft could soften its stance and/or users could find a way to break its DRM protections -- but there's no guarantee of either outcome.
ARM on Windows 8 -- don't you dare dual boot. [
In this regard Microsoft is very much "
Apple, Inc.'s (
) line". Apple has long prevented dual booting to Linux or the
installation of OS X on non-Apple computers
. Apple does
allow Windows installation via Boot Camp
, but only via a special understanding with Microsoft who cross licenses patents with Apple.
Windows 8 was a
star of the show
at the 2012 Consumer Electronics Show and is expected to
land in tablets and PCs this fall
Computer World UK
This article is over a month old, voting and posting comments is disabled
RE: Possibly illegal?
1/16/2012 2:31:04 PM
Are these companies selling you devices meant to install whatever OS you want on it, or are they selling you hardware only intended to run specific software on it? I guess that's what it ultimtaely ends up boiling down to. I suppose the market will sort itself out, don't buy these devices if that policy offends you. Personally, I don't think many will care. x86 remains untouched anyways
RE: Possibly illegal?
1/17/2012 5:11:47 PM
>I suppose the market will sort itself out,
That's the problem though: in markets where monopolies exist, they DON'T sort themselves out if anti-competitive behavior is present. This is anti-competitive behavior.
>don't buy these devices if that policy offends you.
Again, Windows monopoly. It's like telling users not to buy laptops with Windows pre-installed. Other than a few people selling generic devices out of their garages, that's an almost impossible thing to find. If Win8 ARM takes off, it'll be the same way. The reality is, if you're a Linux user, this move threatens to significantly shrink the number of ARM devices you'll be able to run Linux on in the future. It's also hurting the consumer since Linux can offer the full desktop experience on ARM right now, vs. the widgets of Android and Win8 Metro. At least ASUS caved in to pressure to unlock the Transformer Prime bootloader. The problem is high-spec devices in the future will probably be the ones using Win8, which also means they'll be the best ones to use to run a full desktop on but will be locked down.
>Personally, I don't think many will care.
It's completely irrelevant how many people care. They SHOULD care, though.
>x86 remains untouched anyways
For now. If they get away with locking down ARM, they might try x86 later, just as locking Metro UI apps to their app store now could lead to locking all app installs later. If ARM continues its rise in the mobile space (and an ARM Windows will certainly help that), it'll matter more and more.
"There's no chance that the iPhone is going to get any significant market share. No chance." -- Microsoft CEO Steve Ballmer
CES 2012: Intel -- 2012 is the Year of the Ultrabook
January 9, 2012, 12:05 PM
Qualcomm to Lead ARM in War Against Intel With New Laptop Chips
January 3, 2012, 10:30 AM
Ballmer: Windows 8 Will Land in 2012, Pop up in Tablets
May 24, 2011, 2:49 PM
Say Bye to BIOS and Hello to PCs that Boot in Seconds With UEFI
October 4, 2010, 9:24 AM
Microsoft Exec: Windows Phone 7 is "Following in Apple’s Line", Won't Initially Support Multitasking or Memory Cards
April 12, 2010, 11:14 AM
New Qi Version 1.2 Allows Wireless Charging From 2 Inches Away
July 31, 2014, 3:53 PM
HTC J Butterfly Announced by Japan's KDDI, Packs LTE-A Carrier Aggregation
July 31, 2014, 2:34 PM
T-Mobile Subscriber Numbers Surpass 50 Million, Sees Q2 Profit of $391M
July 31, 2014, 12:24 PM
Verizon Wireless Launches 5.7", 960x540 LG G Vista Smartphone for $400 Off Contract
July 31, 2014, 11:02 AM
Mini-Me: Xperia Z3's Petite Companion, Xperia Z3 Mini Leaks
July 31, 2014, 9:40 AM
Samsung Reports Lower Smartphone Sales, Operating Profit Falls 25% YoY
July 31, 2014, 8:55 AM
Most Popular Articles
Facebook Will Force Android, iOS Users to Use Messenger App This Week
July 29, 2014, 11:26 AM
Ford's Extensive Use of Aluminum in '15 F-150 Results in $395 Increase for Base Models
July 28, 2014, 3:02 PM
Sony's Xperia Z3 Gets Detailed in Leaked Photos
July 25, 2014, 2:30 PM
T-Mobile CEO John Legere is on the Warpath Again; Introduces $100, 10GB Family Plan
July 28, 2014, 10:12 AM
UK Drivers Must Now Give Their Cell Phones to Police After a Crash
July 29, 2014, 4:37 PM
Latest Blog Posts
Space Terrorism is a Looming Threat For the United States
Apr 23, 2014, 7:47 PM
Facebook Aims to Provide Internet to "Every Person in the World" with Drones, Satellites
Apr 1, 2014, 10:20 AM
Retail Mobile Sites Experience Outages in Light of Simplexity's Bankruptcy
Mar 14, 2014, 8:48 AM
Tesla vs. BMW: Who Has the Safer EV?
Feb 1, 2014, 2:56 PM
Justice Leaks Details of Next HTC One Two Flagship Phone
Dec 5, 2013, 4:04 PM
More Blog Posts
Copyright 2014 DailyTech LLC. -
Terms, Conditions & Privacy Information