Microsoft, Red Hat spar over secure boot-loading tech

A Red Hat developer is charging that Microsoft is using UEFI in Windows 8 to lock out Linux, which Microsoft denies

Is Microsoft using a next-generation computing boot-loading technology to lock out the use of Linux and other OSEs on certain computers? While Microsoft has denied malicious intent, one Red Hat developer maintains that this may be the case.

Microsoft is mandating the use of the UEFI (Unified Extensible Firmware Interface) secure boot-loading capability with Windows 8 in such a way that "the end user is no longer in control of their PC," charged Red Hat developer Matthew Garrett in a blog entry posted Friday.

Microsoft has claimed that this charge is based on a misunderstanding of the company's intentions. "At the end of the day, the customer is in control of their PC," said Microsoft program manager Tony Mangefeste in another blog posting from Microsoft.

The controversy took root on Tuesday, when Garrett pointed out in a blog posting that Microsoft-certified computers running Windows 8 may not be able to be loaded with copies of other OSes, such as Linux. Users could not install Linux as a second OS, or replace Windows with a copy of Linux, Garrett argued.

Windows 8 will require its host computer to use the UEFI, the low-level interface between the computer firmware and the OS. Marketed as a replacement to BIOS, UEFI provides a secure boot protocol, which requires the OS to furnish a digital key in order to be loaded by the machine. UEFI then can block the operations of any programs or drivers unless they have been signed by this key, a move that should prevent malware from infecting machines by changing the boot-loading process.

With Windows 8, Microsoft will require hardware manufacturers (those wishing to display the Windows logo on their units) to ship their machines with secure boot enabled. Each machine would then require a digital key from Microsoft, the hardware manufacturer or, if it uses another OS, a secure key for that OS.

Users who customize their own versions of Linux, or use a generic OS that does not come with a key, may not be able to run these OSes on machines requiring this secure booting process, Garrett said. Nor would there be any guarantee that OEMs (original equipment manufacturers) even provide the ability for users to add their own keys, or give users the option to run other OSes without a key.

Garrett's blog post subsequently sparked debate in the trade press and Linux user communities.

Responding to the controversy on Thursday, Microsoft has denied that the intent was to shut out Linux. Although he did not mention Linux by name, Steven Sinofsky, president of the Windows and Windows Live Division, noted in a blog post that some of those commenting have used details of the new plan to "synthesize scenarios that are not the case."

The rest of the posting, authored by Mangefeste, noted that Microsoft is concerned only that Windows 8 be protected in a secure boot loader, and that OEMs are free to build in the option of disabling secure boot for running OSes without keys. Other OS providers are responsible for providing their own keys.

"For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision," Mangefeste wrote. "However, [disabling secure boot] comes at your own risk," he added.

"Microsoft's rebuttal is entirely factually accurate. But it's also misleading," Garrett responded in a follow-up blog item, posted Friday. Under the licensing agreement, the equipment manufacturer is under no obligation to provide users with the ability to disable the secure boot capability. Beyond the use of third-party OSes, this approach might also hamper the ability of users to upgrade components such as graphics cards, because there is no requirement to provide the user with the capability of installing additional keys.

"The truth is that UEFI secure boot is a valuable and worthwhile feature that Microsoft are misusing to gain tighter control over the market," Garrett charged.

Joab Jackson covers enterprise software and general technology breaking news for The IDG News Service. Follow Joab on Twitter at @Joab_Jackson. Joab's e-mail address is Joab_Jackson@idg.com

Tags LinuxWindows 8MicrosoftWindowssoftwareWindows desktopnon-Windowsoperating systemsRed Hat

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Joab Jackson

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?