A new security measure introduced with Windows 8 requiring so-called secure boot keys could make it more difficult for consumers to load other operating systems including Linux on OEM Microsoft-certified machines pre-loaded with the software.
Depending on whom you talk to, this is a massive violation of consumer freedom that might (or should) draw anti-trust scrutiny from authorities such as the EU — or it is a desirable defense against malware that just so happens to coincidentally inconvenience a small, if vocal, group of power users.
The issue was flagged this week by a blogger and Red Hat Linux developer, Matthew Garrett, who laid out the problem and suggested that the jury was still out on whether this constitutes bad behavior, but urged the software community to at least pay attention.
“It’s probably not worth panicking yet. But it is worth being concerned,” he wrote on Tuesday.
Microsoft has tried for years to lock down Windows to prevent unauthorized changes to its security keys that would allow untrusted software from working on a machine, for example, through its controversial work with the Trusted Computing Group and Next-Generation Secure Computing Base initiatives.
At issue in this week’s debate is the Unified Extensible Firmware Interface (UEFI) for secure boot, a protocol that requires users to provide a cryptographic key in order to install and run any software on a machine. This key is held by the manufacturer, which could prevent malicious software from infecting a computer; but it could at the same time prevent consumers who buy locked devices from voluntarily changing the manufacturer-installed OS or choosing to run untrusted software of any kind.
“Because there’s no central certification authority for UEFI signing keys,” Garrett said in another post on his blog after the debate gained steam. “Microsoft can require that hardware vendors include their keys. Their competition can’t. A system that ships with Microsoft’s signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft’s. No other vendor has the same position of power over the hardware vendors.”
Garrett accused the software giant of effectively forcing users to use Windows 8 on pre-installed boxes, which would leave them “no longer in control of their PC.” Machines operating with certified Windows 8 would be unable able to run other operating systems, such as Linux, install additional OS’s, or replace Windows all together and boot securely, Garrett said on Tuesday.
This would be a problem that would only affect those who want to run multiple operating systems on the Windows 8, including previous versions of Windows. For the vast majority of users that simply want to start Windows 8 securely, this change should have little affect.
Even still, din on the blogosphere about the changes climbed to such a volume that Microsoft’s Windows President Steven Sinofsky responded with a post on the Windows 8 developer’s blog on Thursday.
The impetus behind the secure boot change, according to Microsoft, is nothing more than security. Without the right certification key, malware will be unable to disable security policies in the firmware.
“There have been some comments about how Microsoft implemented secure boot,” he said, “and unfortunately these seemed to synthesize scenarios that are not the case.”
Tony Mangefeste of the Microsoft Ecosystem team added later in the post: “Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.”
However, Garrett contends this affects both hardware and software makers because unless their products are signed in with the key included in the system firmware, they’ll be useless. For example, if you install a new graphics card that has unsigned drivers or drivers with a key not in the firmware, the card won’t be supported in Windows 8.
Sinofsky somewhat implied this would be the case in the comments section when a reader asked if Windows 8 without secure boot.
“Of course,” he said, but then added, “How secure boot works with any other operating systems is obviously a question for those OS products,” complete with emoticon smiley face.
Reactions to the controversy among the Linux community were mixed, with some crying foul over what they perceive as a clear an unwarranted intrusion on their freedom to tinker. But others took a more measured stance.
“Remember Palladium? Then NGSCB and Trusted Computing? Microsoft has been trying to solve this ‘problem’ for many years,” wrote one anonymous poster on Garrett’s blog. “Through TPMs and Intel’s TXT, it is finally becoming a reality for them. That it makes loading Linux difficult is just a beneficial side effect for them.”
Depending on whom you talk to, this is a massive violation of consumer freedom that might (or should) draw anti-trust scrutiny from authorities such as the EU — or it is a desirable defense against malware that just so happens to coincidentally inconvenience a small, if vocal, group of power users.
The issue was flagged this week by a blogger and Red Hat Linux developer, Matthew Garrett, who laid out the problem and suggested that the jury was still out on whether this constitutes bad behavior, but urged the software community to at least pay attention.
“It’s probably not worth panicking yet. But it is worth being concerned,” he wrote on Tuesday.
Microsoft has tried for years to lock down Windows to prevent unauthorized changes to its security keys that would allow untrusted software from working on a machine, for example, through its controversial work with the Trusted Computing Group and Next-Generation Secure Computing Base initiatives.
At issue in this week’s debate is the Unified Extensible Firmware Interface (UEFI) for secure boot, a protocol that requires users to provide a cryptographic key in order to install and run any software on a machine. This key is held by the manufacturer, which could prevent malicious software from infecting a computer; but it could at the same time prevent consumers who buy locked devices from voluntarily changing the manufacturer-installed OS or choosing to run untrusted software of any kind.
“Because there’s no central certification authority for UEFI signing keys,” Garrett said in another post on his blog after the debate gained steam. “Microsoft can require that hardware vendors include their keys. Their competition can’t. A system that ships with Microsoft’s signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft’s. No other vendor has the same position of power over the hardware vendors.”
Garrett accused the software giant of effectively forcing users to use Windows 8 on pre-installed boxes, which would leave them “no longer in control of their PC.” Machines operating with certified Windows 8 would be unable able to run other operating systems, such as Linux, install additional OS’s, or replace Windows all together and boot securely, Garrett said on Tuesday.
This would be a problem that would only affect those who want to run multiple operating systems on the Windows 8, including previous versions of Windows. For the vast majority of users that simply want to start Windows 8 securely, this change should have little affect.
Even still, din on the blogosphere about the changes climbed to such a volume that Microsoft’s Windows President Steven Sinofsky responded with a post on the Windows 8 developer’s blog on Thursday.
“There have been some comments about how Microsoft implemented secure boot,” he said, “and unfortunately these seemed to synthesize scenarios that are not the case.”
Tony Mangefeste of the Microsoft Ecosystem team added later in the post: “Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.”
However, Garrett contends this affects both hardware and software makers because unless their products are signed in with the key included in the system firmware, they’ll be useless. For example, if you install a new graphics card that has unsigned drivers or drivers with a key not in the firmware, the card won’t be supported in Windows 8.
Sinofsky somewhat implied this would be the case in the comments section when a reader asked if Windows 8 without secure boot.
“Of course,” he said, but then added, “How secure boot works with any other operating systems is obviously a question for those OS products,” complete with emoticon smiley face.
Reactions to the controversy among the Linux community were mixed, with some crying foul over what they perceive as a clear an unwarranted intrusion on their freedom to tinker. But others took a more measured stance.
“Remember Palladium? Then NGSCB and Trusted Computing? Microsoft has been trying to solve this ‘problem’ for many years,” wrote one anonymous poster on Garrett’s blog. “Through TPMs and Intel’s TXT, it is finally becoming a reality for them. That it makes loading Linux difficult is just a beneficial side effect for them.”
If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:
Comments
Post a Comment
Do not insert clickable links or your comment will be deleted. Checkbox Send me notifications to be notified of new comments via email.