Header Ads

Microsoft Moves to Lock Out Linux

Microsoft has announced plans for a security feature in Windows 8 that has the potential to prevent users from installing their own operating systems including Linux.

Early versions of Windows 8 do away with the established BIOS > bootloader > OS booting paradigm in favor of something called the Unified Extensible Firmware Interface (UEFI). This booting system has enabled Microsoft to demonstrate machines booting Windows 8 in a respectable-even-for-Linux eight seconds, but it's the security options built into UEFI that are the real difference.

UEFI includes a secure boot protocol designed to stop bootloader attacks, where rootkits or other malware are loaded into the operating system at boot time. Any code loaded at boot time has to be identified with a secure key, enabling UEFI to lock out unauthorized code. Original Equipment Manufacturers (OEMs) will have to implement this feature in order to get their products Windows 8-certified.

The implications of this for Linux users are obvious. As there is no central registry of keys, it will be up to the PC vendor to determine which code is and isn't signed, giving the manufacturers unprecedented control over what is installed on your machine.

Predictably, that's not how Microsoft program manager Tony Mangefeste sees it. In a blog post he said: "At the end of the day, the customer is in control of their PC. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against bootloader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision."

Quite apart from disingenuously branding Linux an "older" operating system. Mangefeste contradicts his "the customer is in control" sentiment later in the same blog: "Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot."

Matthew Garrett, a mobile Linux developer at Red Hat, hit the nail on the head with his response: "There's no indication that Microsoft will prevent vendors from providing firmware support for disabling this feature and running unsigned code. However, experience indicates that many firmware vendors and OEMs are interested in providing only the minimum of firmware functionality required for their market. It's almost certainly the case that some systems will ship with the option of disabling this. Equally, it's almost certainly the case that some systems won't.

"It's probably not worth panicking yet. But its worth being concerned."


  1. Its is unfortunate that Linux may become located in the crossfire--this much is true--but Microsoft is hardly making moves to prevent Linux from being used.
    Microsoft have clearly stated that this is not a move to lock out Linux.

    That title is inappropriate, if you ask me. It does not state the truth.

  2. Do you expect Microsoft to say "Yes we are trying to Kill Linux" ?

  3. Do you expect them to comment on the matter if they wanted to do it?

  4. What rumors, we are taking about facts here, they are gonna implement something which would hurt Linux and create a monopoly for Microsoft, what is the rumor here ?

  5. I was making a general case. Clearly, in our particular scenario here, it's not a rumor.
    However, this does not change the fact. If they wanted to lock out Linux, they could force manufacturers to disable the ability to disable safe boot, or to demand that they not allow installing certificates for Linux.

    You have no proof that is a move to lock out Linux. That's speculation.
    Microsoft is implementing nothing. They are taking advantage of existing technology to make the systems they sell safer.
    They do not tell OEMs what to do regarding anything else than Windows. They are free to not put Windows on it. They are free to give the ability to disable safe boot.

  6. LOL :P We are talking about a company which has been every now and then accused of unethical market practices and cutting the competition in order to maintain monopoly !

  7. We are also talking of a company that nowadays love to embrace open standards and try to standardize their own proprietary technology and protocols (eg, make it into an international standard).

  8. Open Standards and Microsoft, nice Joke !

    Anyways it's not me, it's the complete web which thinks so :) A simple Google Search would help !

  9. What the world thinks is not truth.

  10. This is what proved that Microsoft getting jealous with Linux. Hail Linux, Hail Linus.