Skip to main content

Linux groups plead case prior to Windows 8 launch


Red Hat, Canonical and the Linux Foundation have laid out a set of recommendations for hardware vendors in hopes of preserving the ability to install Linux on Windows 8 machines. Windows 8 machines should ship in a setup mode giving users more control right off the bat, the groups argue.
As we reported last month, Windows 8 computers that ship with UEFI secure booting enabled could make the task of replacing Windows with Linux or dual-booting the two operating systems more difficult. In order to get a “Designed for Windows 8” logo, PCs must ship with secure boot enabled, preventing the booting of operating systems that aren’t signed by a trusted Certificate Authority.
Hardware vendors can give users the option of disabling the secure boot feature—but they could also decline to do so, making it impossible to run a non-Windows operating system. In practice, it seems unlikely that dual-boot scenarios will be prevented entirely, but Linux vendors and the Linux Foundation are worried about how UEFI secure booting will be implemented.

Secure boot protects users, but may impede Linux

In a paper titled “UEFI Secure Boot Impact on Linux,” Red Hat and Canonical warn that “Microsoft’s recommended implementation of secure boot removes control of the system from the hardware owner, and may prevent open source operating systems from functioning.” Although Windows 8 isn’t expected to hit the market until later in 2012, the paper notes that hardware vendors could start shipping UEFI-enabled systems in Q1 2012 in preparation for Windows 8.
Red Hat and Canonical agree that UEFI secure boot brings security advantages in malware prevention by protecting against rootkits and in giving IT departments ability to dictate that only authorized OSes can be booted. But given the potential impact on the freedom to install Linux and other alternative operating systems, the open source vendors offer a few recommendations.
These include that “OEMs allow secure boot to be easily disabled and enabled through a firmware configuration interface,” that hardware vendors “provide a standardized mechanism for configuring keys in system firmware”; and that “hardware ship in setup mode,” giving the end user more control right up front.

How much control do users want?

This last recommendation could be problematic for hardware vendors attempting to give a clean out-of-the-box experience to users, the vast majority of whom simply want to use Windows and get the system up and running quickly.
Red Hat and Canonical argue that “If the process required to disable secure boot is difficult for non-technical users, then we risk restricting use of unsigned software to a small portion of the market.” One could also argue that Linux installations are already restricted to a small portion of the market, which tends to be technically savvy enough to work around the restrictions expected in UEFI-enabled systems. However, Red Hat and Canonical may be worried that future attempts to bring Linux desktops to the mainstream will be impeded.
In a separate paper titled “Making UEFI Secure Boot Work With Open Platforms,” the Linux Foundation makes a recommendation similar to the one offered by Red Hat and Canonical, saying “all platforms that enable UEFI secure boot should ship in setup mode where the owner has control over which platform key (PK) is installed. It should also be possible for the owner to return a system to setup mode in the future, if needed.”
The Linux Foundation further supports the establishment of an independent certificate authority to issue keys to third-party hardware and software vendors, presumably allowing Linux-based operating systems to be installed and still gain the security benefits of UEFI secure boot. (The Free Software Foundation has also weighed in with a petition directed at hardware vendors.)

Microsoft says there is no mandate

Microsoft, for its part, noted in a blog post last month that it does not “mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows,” but says UEFI secure boot addresses a pre-operating system environment that is vulnerable to attack.
“At the end of the day, the customer is in control of their PC,” Microsoft says. Without mentioning Linux by name, Microsoft said “For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.”
Indeed, as we noted last month, the Windows 8 developer system built by Samsung and distributed at Microsoft’s BUILD conference contains the option to disable secure boot. Since few computers ship with Linux pre-installed, Linux groups hope that same option will be available on all Windows 8 systems, and that it will be easily accessible even for users who aren’t Linux experts.
Labels:
Location: St Margaret St, Westminster, London SW1P 3, UK

Comments

Post a Comment

Popular posts from this blog

Wildlife conservation on ice: frozen zoos to save animals

  On the edge: Disease and habitat loss is decimating wild amphibian populations globally, with more than 200 species needing urgent intervention through captive breeding, says Dr. Simon Clulow. In a south-eastern suburb in Melbourne, there’s a zoo. It has no visitors, and there are no animals anywhere inside it. Rather, the Australian Frozen Zoo houses living cells and genetic material from Australian native and rare and exotic species. This place, and others like it, could be a big part of the future of conservation. Department of Biological Sciences’ Simon Clulow and his colleagues make the case for ‘biobanking’ in a recent piece in Conservation Letters. Clulow is keen to stress that this doesn’t mean getting rid of conventional zoos or captive breeding programs. “Captive breeding has had some wonderful successes, and there will always be a huge place for it,” he says. PhD student and lead author Lachlan Howell agrees. “It was captive breeding that brought the giant panda back from
Post a Comment
Read more

Insects are terrified of fish

ScienceDaily   — The mere presence of a predator causes enough stress to kill a dragonfly, even when the predator cannot actually get at its prey to eat it, say biologists at the University of Toronto. "How prey respond to the fear of being eaten is an important topic in ecology, and we've learned a great deal about how these responses affect predator and prey interactions," says Professor Locke Rowe, chair of the Department of Ecology and Evolutionary Biology (EEB) and co-principal investigator of a study conducted at U of T's Koffler Scientific Reserve. "As we learn more about how animals respond to stressful conditions -- whether it's the presence of predators or stresses from other natural or human-caused disruptions -- we increasingly find that stress brings a greater risk of death, presumably from things such as infections that normally wouldn't kill them," says Rowe. Shannon McCauley, a post-doctoral fellow, and EEB professo
Post a Comment
Read more

Nasa’s Mars perseverance “Kodiak” moment – Jezero Crater’s Lake is more complicated and intriguing than thought

The escarpment the science team refers to as “Scarp a” is seen in this image captured by Perseverance rover’s Mastcam-Z instrument on April 17, 2021. Credit: NASA/JPL-Caltech/ASU/MSSS Pictures from NASA’s latest six-wheeler on the Red Planet suggest the area’s history experienced significant flooding events. A new paper from the science team of NASA’s Perseverance Mars rover details how the hydrological cycle of the now-dry lake at Jezero Crater is more complicated and intriguing than originally thought. The findings are based on detailed imaging the rover provided of long, steep slopes called escarpments, or scarps in the delta, which formed from sediment accumulating at the mouth of an ancient river that long ago fed the crater’s lake. The images reveal that billions of years ago, when Mars had an atmosphere thick enough to support water flowing across its surface, Jezero’s fan-shaped river delta experienced late-stage flooding events that carried rocks and debris into it from the hi
Post a Comment
Read more