News

Windows 8 Secure Boot Controversy Refuses To Die

• By Kurt Mackie
• 01/20/2012

A "secure boot" feature that Microsoft will require of computer makers with Windows 8 continues to draw controversy.

Initial fears by the Linux community -- that Microsoft's requirements for secure boot on future Windows 8-based machines would thwart Linux use -- appear to be half-correct. The catch seems to be that Linux will have trouble dual booting on Windows 8 ARM-based hardware only. Unfortunately, Microsoft has added nothing new to clarify this confusing matter.

Secure boot is part of the Unified Extensible Firmware Interface (UEFI) specification. It's an optional security procedure in the UEFI spec that promises to address a security hole in current BIOS boot-up procedures. With secure boot, initial system-checking software can talk with the operating system, and it can ensure that malware doesn't get loaded when a computer starts by verifying a Certificate Authority. This process is seen as advance in security because antimalware software today typically does not check the BIOS firmware upon bootup. BIOS is considered old software technology, and it's static enough that it's like an open book for hackers to attach malware to systems in an undetected manner.

The Linux community has complained that Microsoft will make it difficult, or impossible, to dual-boot Linux on Windows machines by requiring secure boot. By requiring hardware makers to enable secure boot on Windows 8 machines, future use of Linux will be thwarted, they have argued. The Linux Foundation, along with Red Hat and Canonical, has described some alternative plans to Microsoft's secure boot requirement to address this potential problem.

Microsoft denied in a September blog post that using secure boot on Windows 8 PCs would prohibit dual boot to Linux. However, the company did indicate that users would have to turn off secure boot first before booting to Linux. They also claimed that OEMs had complete control over the decision to enable secure boot when producing new PCs.

This argument seemed somewhat settled until Computerworld author Glyn Moody noticed something a little different from Microsoft's line of argument on page 116 of Microsoft's "Windows Hardware Certification Requirements" for client and server systems, which bears a publish date of December 2011. On that page, it appears that Microsoft is telling OEMs producing ARM-based machines that secure boot is mandatory, whereas it can be disabled on non-ARM (x86) machines.

"On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable [sic]," the document reads.

"21. MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure MUST NOT be possible on ARM systems."

The reference to Custom Mode in Microsoft's document represents another option closed off to Linux users on ARM-based machines. With Custom Mode enabled, users can write their own signatures for custom loaders, but Microsoft is precluding that option for ARM systems. This point is explained in an excellent overview of UEFI by Woody Leonhard in this Windows Secrets story.

Microsoft on Wednesday offered no comment on its Windows 8 certification requirements for ARM hardware and whether it indicates that secure boot is required on those systems. A spokesperson for Microsoft just pointed to the September blog post. However, based on Microsoft's requirements document, that blog post appears to mislead with regard to ARM hardware.

It could be argued that by using the word, "PCs," in the blog post Microsoft meant x86 machines only. However, that might amount to semantic quibbling given recent trends. Future ARM machines are expected to have multiple form factors. An ARM-based desktop model is part of the strategy for ARM Holdings, according to its CEO.

Device makers at last week's Consumer Electronics Show mostly displayed tablet devices running Windows 8, according to a Computerworld article. However, Microsoft has argued in previous direction statements about enabling "create" kinds of experiences on tablets with its next-generation operating system. The idea is to make tablets akin to PCs in computing power.

Microsoft's "Windows Hardware Certification Requirements" for client and server systems is offered as a guide to hardware builders, but they are likely to construe the word "must" in it as similar to contractual language. Barring any clarification from Microsoft, it looks like future users of Windows 8 on ARM-based computers won't have an option to boot to Linux on their tablet or ultrabook computers.

Microsoft also published a December 2011-dated document called "Windows Hardware Certification Requirements" for devices. However, this 943-page document apparently does not discuss any secure boot requirements.

The Software Freedom Law Center offers interesting speculation about why the secure boot requirement is different between the two platforms (x86 and ARM). The group, which advocates for the use of software without any proprietary restrictions, suggested in a blog post that Microsoft would have angered Windows XP or Windows 7 users if it had blocked the use of those OSes on future x86 hardware, whereas there's no previous hardware support legacy to worry about with forthcoming Windows 8 on ARM systems.