Microsoft Bans Linux/Android Dual-Booting on Windows 8 ARM Devices
January 16, 2012 11:39 AM
comment(s) - last by
Anti-Android crackdown would make Apple proud
Microsoft Corp.'s (
) UEFI Secure Boot technology -- the
long-awaited BIOS replacement
-- has some people concerned due to its digital rights management features, which can be used by OEMs to prevent dual-booting to other operating systems like Linux.
Microsoft Windows President Steven Sinofsky sought to assuage disgruntled Windows users,
There have been some comments about how Microsoft implemented secure boot and unfortunately these seemed to synthesize scenarios that are not the case so we are going to use this post as a chance to further describe how UEFI enables secure boot and the options available to PC manufacturers. The most important thing to understand is that we are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available. Tony Mangefeste on our Ecosystem team authored this post. --Steven
UEFI allows firmware to implement a security policy
Secure boot is a UEFI protocol not a Windows 8 feature
UEFI secure boot is part of Windows 8 secured boot architecture
Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows.
In other words, Microsoft isn't forcing laptop and desktop makers to ban Linux, though it's giving them the tools to do so.
That statement rebuked previously claims of a Red Hat, Inc. (
) Linux engineer who
Microsoft requires that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled. The two alternatives here are for Windows to be signed with a Microsoft key and for the public part of that key to be included with all systems, or alternatively for each OEM to include their own key and sign the pre-installed versions of Windows. The second approach would make it impossible to run boxed copies of Windows on Windows logo hardware, and also impossible to install new versions of Windows unless your OEM provided a new signed copy. The former seems more likely.
A system that ships with only OEM and Microsoft keys will not boot a generic copy of Linux.
Now, obviously, we could provide signed versions of Linux. This poses several problems. Firstly, we'd need a non-GPL bootloader. Grub 2 is released under the GPLv3, which explicitly requires that we provide the signing keys. Grub is under GPLv2 which lacks the explicit requirement for keys, but it could be argued that the requirement for the scripts used to control compilation includes that. It's a grey area, and exploiting it would be a pretty good show of bad faith. Secondly, in the near future the design of the kernel will mean that the kernel itself is part of the bootloader. This means that kernels will also have to be signed. Making it impossible for users or developers to build their own kernels is not practical. Finally, if we self-sign, it's still necessary to get our keys included by ever OEM.
Or does it?
's UK correspondent Glyn Moody dug up this interesting tidbit in Microsoft's ARM license. Writes Microsoft in "
Windows Hardware Certification Requirements
" for client and server systems, a document that regulates licensing (certification) (pg. 116):
MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible.
Disabling Secure MUST NOT be possible on ARM systems.
In other words dual-booting Linux on a standard x86 desktop should be no issue. But if you were hoping to load dual-booting Android and Windows kernels on a Windows 8 tablet (which will likely have an ARM) CPU or on
certain notebooks with ARM chips
, think again. Microsoft could soften its stance and/or users could find a way to break its DRM protections -- but there's no guarantee of either outcome.
ARM on Windows 8 -- don't you dare dual boot. [
In this regard Microsoft is very much "
Apple, Inc.'s (
) line". Apple has long prevented dual booting to Linux or the
installation of OS X on non-Apple computers
. Apple does
allow Windows installation via Boot Camp
, but only via a special understanding with Microsoft who cross licenses patents with Apple.
Windows 8 was a
star of the show
at the 2012 Consumer Electronics Show and is expected to
land in tablets and PCs this fall
Computer World UK
This article is over a month old, voting and posting comments is disabled
RE: Why do you say they're following in Apple's footsteps
1/18/2012 3:05:38 AM
>You've written an immense amount of lines in this article trying to
>say something completely wrong.
I'd wager there's no one posting here who understands the issue better than myself.
>You seem to confuse anticompetitive with undesirable. Microsoft is
>not mandating that anyone that wants to install Windows 8 on an ARM
>device conforms with this, it's mandating that anyone that wants a
>"Designed for Windows 8" (or something along those lines)
>certification on their device conform with this.
And any vendor that shipped a Windows product without being certified would be eaten alive by its competitors for just that reason and it would be product suicide. Can you name any significant vendor who has ever shipped products that weren't certified? Microsoft is a monopoly and the devices need to have that certification. That's why MS needs to be extra careful to avoid stifling competition and why this move is quite clearly anti-competitive.
>It is not anticompetitive to demand that companies that bundle your
>software with their devices and want your certification, conform to
Sigh. Are you a trial lawyer by any chance? First of all, since we're talking about a monopoly, there's an entirely different set of measurements that come into play when gauging anti-competitiveness and you neglect to mention. But we'll set that aside for the moment. Of course there's nothing inherently anti-competitive about asking vendors to "conform to your guidelines". There is something anti-competitive when those "guidelines" include
locking the customer in to your product and not allowing them to try or switch to a competitor's product
. I see what you did there. Nice try. Would you say that if Microsoft decided to pull the same thing with x86 Win8 the Justice Department wouldn't be on them in an instant? No? If a "guideline" was that the device not be allowed to replace the browser with Firefox or Chrome, would that be just peachy too and not draw the attention of regulators? No? Then there goes your argument. I commend you for keeping a straight face while making it.
>Maybe it's not what you want, but it certainly isn't
>anticompetitive (do you even know what that concept legally
You got me. I'm clueless about the concept and you've demonstrated here your superior grasp of the matter. You can do anything you want so long as you call it a "guideline". The fact that you're a monopoly and vendors need that certification to sell products doesn't even factor into it.
>If the device isn't what you want, don't buy it.
And when every eventual ARM laptop ships with Windows 8 just like every x86 laptop does, is that the same answer? Where were you during MS' anti-trust trial...
>That crap about "We shouldn't need the OEM's permission to choose
>what we do with it once we've paid them for it. It's ours." is
Yeah, just crazy talk, right?
>It's certainly wrong to penalize people for doing what they want
>with their devices (A.K.A. hacking or modding), like what happened
>with Sony and the PS3.
I haven't seen an argument so boldly wrong since the 90s when Rush Limbaugh said that when we choose which color shirt to wear or which hamburger to order we're "discriminating" so therefore that proves that there's nothing wrong with discrimination. Yes, because we can't do things with our devices that are illegal, that negates the concept of being able to do whatever we want that is legal with our own property.
>But this is a free market after all,
Thank you for the perfect straight line... "Not if a monopoly like Microsoft can get away with things like this."
>companies and manufacturers
>aren't required to leave the device open so that a very vocal
>minority is happy.
Funny it's not the companies that are locking it then, huh? And are you guys all using the same talking points? The argument always goes from attempts to confuse to misusing terms to you're all crazy there's nothing to see here to you're just a minority so your opinion doesn't count.
Companies very likely will be required to leave devices unlocked for the good of consumers and to prevent MS from stifling competition. We'll see how long it takes the EFF to file a lawsuit, although I bet MS will change the policy before anything ever sees a court.
>I'll just write this again in case it isn't already clear, this are
>the requirements for the Windows Logo Program, not the System
>Requirements. If at any point this become the latter, then I'll
>gladly change my stance.
You've made it clear that you don't understand anything about monopoly power in a marketplace or may have been in a cave since the 90s to understand that in a monopoly market OEMs don't have a realistic option to not be certified and thus the monopoly has extra requirements placed on it to avoid using its position to eliminate competition (you know, the same reason the EU made MS put a browser choice screen on start-up to let users choose what browser they want to use).
RE: Why do you say they're following in Apple's footsteps
1/18/2012 4:46:46 PM
> You've made it clear that you don't understand anything about monopoly power in a marketplace
You've made it clear as well.
RE: Why do you say they're following in Apple's footsteps
1/22/2012 5:56:25 PM
I bow to that amazing refutation. Bowled over by the slew of facts you used to back up what would otherwise have been a groundless claim and an acknowledgment that my arguments couldn't be rebutted, I humbly yield.
"There is a single light of science, and to brighten it anywhere is to brighten it everywhere." -- Isaac Asimov
CES 2012: Intel -- 2012 is the Year of the Ultrabook
January 9, 2012, 12:05 PM
Qualcomm to Lead ARM in War Against Intel With New Laptop Chips
January 3, 2012, 10:30 AM
Ballmer: Windows 8 Will Land in 2012, Pop up in Tablets
May 24, 2011, 2:49 PM
Say Bye to BIOS and Hello to PCs that Boot in Seconds With UEFI
October 4, 2010, 9:24 AM
Microsoft Exec: Windows Phone 7 is "Following in Apple’s Line", Won't Initially Support Multitasking or Memory Cards
April 12, 2010, 11:14 AM
Retiree Sues Apple For $7,500 for Wiping Honeymoon Photos From His iPhone
November 30, 2015, 10:23 AM
iPhone 7 May Pack 3-4 GB Memory, More Storage; 4-Inch Comeback is Rumored
November 20, 2015, 10:12 PM
OnePlus One, OnePlus 2 Will Receive Android Marshmallow in Q1 2016
November 16, 2015, 9:58 AM
Lenovo Whoa: Motorola Droid MAXX 2 and Turbo 2 Break Cover in Leaks
October 26, 2015, 3:12 PM
Leak: Apple Preps for First Real Android App Foray With New Apple Music App
October 24, 2015, 1:59 PM
Pepsi Smartphone? Empty Calories Coming Soon to the Midrange
October 12, 2015, 11:41 PM
Most Popular Articles
Free Windows 10 offer ends July 29th, 2016: 10 Reasons to Upgrade Immediately
July 22, 2016, 9:19 PM
Smart Security Cameras: 5 Good Choices For Any Budget
July 25, 2016, 7:13 PM
Top 5 Smart Watches
July 21, 2016, 11:48 PM
2017 Porsche Panamera: I’ll Take Three of These.
July 24, 2016, 6:44 PM
Latest Blog Posts
Sceptre Airs 27", 120 Hz. 1080p Monitor/HDTV w/ 5 ms Response Time for $220
Dec 3, 2014, 10:32 PM
Costco Gives Employees Thanksgiving Off; Wal-Mart Leads "Black Thursday" Charge
Oct 29, 2014, 9:57 PM
"Bear Selfies" Fad Could Turn Deadly, Warn Nevada Wildlife Officials
Oct 28, 2014, 12:00 PM
The Surface Mini That Was Never Released Gets "Hands On" Treatment
Sep 26, 2014, 8:22 AM
ISIS Imposes Ban on Teaching Evolution in Iraq
Sep 17, 2014, 5:22 PM
More Blog Posts
Copyright 2016 DailyTech LLC. -
Terms, Conditions & Privacy Information