At its WinHEC hardware conference in Shenzhen, China, Microsoft talked about the hardware requirements for Windows 10. The precise final specs are not available yet, so all this is somewhat subject to change, but right now, Microsoft says that the switch to allow Secure Boot to be turned off is now optional. Hardware can be Designed for Windows 10, and offer no way to opt out of the Secure Boot lock down.
I am so surprised. The next step, of course, is to ban the disable-secure-boot option altogether. Just like everyone who knows Microsoft predicted.
Hardware for Windows and hardware for the rest of us.
The PC is dead! Long live(d) the PC!
as in Secure Microsoft’s revenue stream Boot.
Anyone else get the feeling that all the lock down is just going to kill off the developer environment over time?
Not for the Windows ecosystem. For everything else though, tough luck.
Even within Windows ecosystem.
I’m working on Windows drivers development, and it’s a PITA to test each build on end user targets automatically.
can’t intel pretty much just tell them to buzz off or did intel give the OEMs the ability to control all of this?
You mean the Intel which is a “member” of the Wintel “cartel”?…
i don’t think so … intel has a big investment in linux … infect they are the 2nd biggest or 1st biggest contributors to the linux kernel… they r also leading in the development of x windows replacement wayland … so i don’t think intel will abandon linux
How sad, that so many children have forgot their history..
Kids Intel has been trying to lock down X86 since the days of the 486! They tried using the courts with 486, both with copyrights and patents, then tried to kill X86 not once but twice for platforms they would control (iAPX and Itantic) and who can forget palladium and Viiv?
If you wanna bet on anybody “saving” you? Bet on AMD, who has supported coreboot, pays some of the devs for the FOSS AMD drivers and has opened up their code (not to mention helped Khronos take a good chunk of Mantle for the new OpenGL) so if there is any FOSS friendly X86 company? It’d be AMD. Intel has dreamed of X86 chips soldered to the board and so locked down its disposable for more years than I can count.
Intel designed and developed the x86 instruction set, its their design, their instruction set …
http://www.zdnet.com/article/whos-writing-linux-today/
Intel’s stack is completely oss, from gpu to bluetooth its all oss and in the linux kernel. They are a hardware company software is what makes their hardware run and Linux controls the Server Market and pretty much the internet, Intel’s support of Linux has always been superb and will always be superb, AMDs commits probably don’t even register in the 1% category..
This however has nothing to do with Intel and everything to do with Microsoft, once again making sure everyone knows they are the evil empire…
In a way I kind of hope this does happen, I hope that they do lock down the firmware / bios completely and make windows completely dependant on it. OEMs could then sell non-windows laptops. It would be interesting to see just how many companies would demand non-windows laptops and how many linux laptops would start shining through.
The dell developer laptops are obviously selling enough for dell to expand the range and to keep supporting it.
Even the uk government is apparently now wholesale buying the dell developer laptops and handing out to staff — no windows pure Linux — In fact the UK Gov is moving most of its infrastructure over to Linux, its quite amazing.
Edited 2015-03-22 13:11 UTC
I, personally, hope it won’t happen. I don’t want to have to choose between a laptop that can run only non-Windows OSes and a laptop that can only run Windows; I run Windows as my main OS, but every now and then I have to/want to run Linux from a USB-drive.
Why would Intel do any of the sort?
Intel is as interested, if not more so, in shifting the PC ecosystem into this sort of platform. Since that allows them to offer a common platform from the cell phone, all the way up to the cloud infrastructure.
I assume most management in both, MS and Intel, are of the opinion that the reason why they have failed (relatively) in the mobile market is because their corporate culture mistook them into trying to scale the PC down to the Phone space. Whereas the leaders in the mobile device space (ARM, Google, and Apple), have done the opposite: they’re scaling the cell phone up to the desktop. And that’s where the money/volume is going, so…
Edited 2015-03-21 04:02 UTC
Yeah, but they wouldn’t.
Microsoft isn’t actually asking them to change anything; all this change does is make a previously mandatory part of the spec optional.
They previously had to give users the choice to disable secure-boot in order to have a “designed for windows” sticker. Now they can have the sticker without giving users the choice of operating system.
Edited 2015-03-22 03:56 UTC
… is this a problem?
If I understand correctly, secure boot just ensures what is booted is signed with a verifiable key. If you can add keys, you can add other signers, and still install other OSes.
I also suspect this may fall foul of competition laws. MS are still a desktop monopoly, and abusing that monopoly will (should) land them in hot water again.
That quote right there answers your question.
I think this is the right move for Microsoft; they’re trying to lock the platform, just like Sony did with the PS3 and PS4 (amongst others) and Apple did with most of their products.
However I’m afraid this will remove the competitive advantage Microsoft had, which is to be using an open platform, and might drive more people to use Apple products; or even fuel the need for another open platform.
Edited 2015-03-21 04:15 UTC
At this point in time Apple does not stop anyone from wiping OSX from their Mac and loading another OS. In fact they accept that people will want to run Windows and supports Bootcamp plus suppling windows drivers for their kit.
As long as they continue to do this then their kit will always be popular with developers.
Note that I said, ‘at this point in time’…
Apple makes hardware. All they care about is selling hardware, and as long as they provide a decent selling point for their hardware, people will buy it
Apple also use hardware in many of their newer systems (e.g. all their MacBooks now except the 13in non-Retina MacBook Pro) that other operating systems (certainly Linux, not sure about Windows) can’t use, e.g. Thunderbolt (and they often lack standard connectors, like Ethernet). So they do lock other OSs out or at least make them less useful. The smaller flash drives they use also make them much less attractive to dual-booters.
Linux is working on thunderbolt/displayport. It is more of a case of Linux has not adapted to use it yet. I think it needed some kernel adjustments that were upcoming to get full support working.
My MacBook Pro Retina works just fine with the Thunderbolt, DisplayPorts, etc. Now, I can’t just unplug one – that would crash the system, as one person said “it’s like taking something out of the PCI bus when you do” – but that’s about it. Still, Linux will probably overcome that at some point…
Apple gets its money by selling overpriced hardware not by selling an operating system like Microsoft does. If Microsoft would force you to buy very expensive hardware from them in order to be able to run Windows, they wouldn’t care so much about what OS you run on it.
I am altering the deal – pray I don’t alter it any further…
step 1: Microsoft makes the Windows 10 update available for everyone, including pirated copies
step 2: Microsoft locks the bootloader, not allowing alternate OSes
step 3: desktop Linux users complain but nobody cares since we are a insignificant minority, pirates stay silent since they can use the version from step 1, in effect nobody cares
step 4: PC becomes a closed platform, locked to Windows
step 5: profit. Microsoft has total control, they can do whatever they like: alternatives died, piracy became impossible.
Step 6: BeOS makes a BIG comeback in Haiku, and the Amiga is resurrected!
One can always dream and be hopeful.
let me guess, Amiga building their own hardware, to make sure their keys are preloaded in the firmware
WTF? Amiga is a computer that uses AmigaOS, it is not a company. What has secure keys got to do with it?
Ha, AmigaOS doesn’t even have a non-vulnerable version of SSL, getting any kind of secure keys would be a miracle.
How would Microsoft lock the bootloader if that is entirely out of their control? I think you have Microsoft confused with the hardware makers.
This whole thing is entirely nonsense. Microsoft just made it easier for OEM’s to get a “designed for Windows 10” sticker. That was needed because Windows 10 will also be running tablets that are now mostly coming with a locked bootloader.
And even having a locked bootloader doesn’t mean that you can’t run another OS. All it means is that such an OS need a key.
Except step 3 may be true, but step 3bis “Linux PC users complains and there are many many many” is a blocker.
There are many PCs outthere that are used as servers. A lot, and far enough for not letting PC running ONLY Windows on it.
Please correct me if I’m wrong but SecureBoot is a UEFI feature. So as long as the firmware offers Legacy Boot option (CSM)it should be able to boot any operating system that can boot in legacy mode (e.g. old OSes). I’m yet to see a mainboard that doesn’t offer legacy mode boot. This may be a problem for integrated devices (like laptops and mini-PCs) but I think the importance of this is somewhat overrated. I think that for the foreseeable future mainboards will continue to support Legacy boot. And that almost guarantees that they will also support UEFI boot without SecureBoot.
Having said that, you should, of course, vote with your wallet.
that’s the worry, in a few years the Legacy Boot option may be gone: Windows 7 is already EOL, 8 and 8.1 will be soon, hardware makers may see keeping it unnecessary.
Uhhhh…just FYI but Win 7 gets security updates (the only thing anybody cares about) until 2020, Windows 8 IIRC is 2023 and Win 8.1 is I think 2025. BTW they can’t back out of that as it was a major selling point to too many corps and even governments, the amount of lawsuits would bury them.
So yeah…really not worried.
Windows 8 doesn’t need “legacy boot” support, so many machines out there already lack the legacy CSM/BIOS (e.g. virtually all x86 hybrid/tablets).
Note that Windows 7 still requires a CSM even when booting in EFI mode (unlike Windows >= 8).
ever since the arrival of windows 8 i have almost left windows and use linux 70 – 80% of the time … if windows 10 would be a complete lock down then i ain’t gonna install it on my system …. and when i would buy a new computer it ain’t be a windows machine ….
Exactly! Microsoft could end up doing alternative OS’s and systems a unintended favour here, I won’t be installing it and will stick with 7 until it is dead. I haven’t spoken to anyone that is upgrading, only those that think the same as us. Albeit that is only a very small selection of people.
Not gonna happen because 1.- If you look at marketshare Linux has been dropping like a stone, its been on an arrow fall trajectory for nearly 4 years and ever since systemd its been falling even faster, 2.- Corporate customers will NEVER go for it (as they often have mission critical that require older versions of Windows) and no PC OEM is gonna want to lock themselves out of SMBs, SOHOs, and mid level corporate.
As for who this is for? Two words…tablets and laptops. Look at how Lenovo bakes a lowjack into their hardware that gives the ability to wipe and track the systems, even call the cops and let them know where the stolen units are. As of right now the ONLY thing they can do about the data is wipe, because the thief can always break into it with another OS liveCD. With something like this they could lock the system so it would be a brick until the owner got it back, then send a code and voila! All your data is back, secure and worry free.
I can see corps with sensitive data welcoming such a feature as it would give them complete control of any system they buy. Fred leaves his tablet full of corporate records in his car which gets broke into? No problem, one phone call and the thief not only can’t wipe it they can reset the password and between that and bitlocker there would be zero way to steal OR wipe the data short of just destroying the unit.
If you look at the way MSFT is integrating Outlook and OneDrive I bet this is what they are going for, with Outlook and OneDrive they’ll have a backup of crucial data handled automatically and secureboot will let the OEMs who have remote lowjacks (like Lenovo) protect the data in the field. I seriously doubt we’ll see this in consumer but i could see enterprises loving it.
Where do you get this from, do you have any sources to back this up ?
The dell developer edition laptops are not only still being supported but the range is being expanded, that doesnt sound like Linux market share is dropping at all.
http://netmarketshare.com/operating-system-market-share.aspx?qprid=…
Feel free to massage the data any way you want, won’t change the fact that Linux usage has gotten sooo low its now lumped in the “other” category alongside OSes like Haiku and ReactOS.
As for Dell? They are taking the same hardware they sell with Windows (its one of their XPS line IIRC) and charging you more for it by simply swapping the OS image. Dell has been contacted repeatedly to provide their figures but refuses….which frankly should tell you all you need to know, as if it was a success they would have been trumpeting those numbers.
And if you don’t believe systemd is doing serious damage to your figures? I have a bridge you may be interested in. I’ve talked with several large server admins I’ve been friends with for ages and ALL are going BSD because they found systemd shit all over their test servers and even the most basic debug tools aren’t there or just do not work with systemd. This is really not surprising as Poettering cares so little about consistency he wrote on his blog “can’t get systemd working on ARM…shipping anyway” so you really shouldn’t be surprised that its hurting your numbers pretty badly.
I predict within the next 24 months you’ll see Linux server numbers drop by a third, if not more, simply because of the mess that systemd does wrt large server deployments.
Not sure where you get that. Every time I look at a laptop from Dell, HP, whomever it’s always an up-charge to add Windows if they have a “No OS/FreeDOS” or “Linux” option available in addition to the Windows versions. In those cases, the cheapest Windows version adds at least $100 to the price.
And I’m comparing same hardware from same vendor.
Regarding the XPS line and Dell’s “Linux” laptop, well – it’s not one I would buy as its’ generally overpriced and under delivers given. Screen is too small – I’d rather have a 15″ may be a 17″ instead of the 13″ they put on the thing – and more connections (USB, etc). Their “n” line a while back was the same way. But that’s no different than Mac’s “Pro” line, especially the “Pro Retina” that they target developers with. For some reason they all think they can up-charge Developers for these poor excuses for a laptop just by saying “it’s targeted at Developers”.
I wonder what “large server admin friends” is really an euphemism for.
Edited 2015-03-23 18:21 UTC
Linux desktop market share has always been pretty tiny:
http://www.theregister.co.uk/2014/03/15/windows_desktop_and_laptop_…
If anything the desktop market share is holding steady at around 1.5 – 2% …
Apple in the meantime is chomping on windows market share, its now over 10%.
The XPS line with ubuntu is cheaper. Check the m3800 price with ubuntu, its about £100 cheaper…
systemd has done absolutely nothing to Linux server market share and will do nothing.. Rhel 6 / Centos 6 has support until at least 2020, no rush to migrate to rhel 7.
You are just slightly misinformed… Read multiple sources and don’t just rely on word of mouth, at best your sources provide anecdotal evidence at worst they provide you with misinformed information (if you worked in the industry you would realise just how inane this talk about systemd really is).. You need to realise RHEL is a billion dollar business for a reason, it provides commercial support, which company does the same for FreeBSD ? Even if there were mass migrations to FreeBSD, so what ? FreeBSD is Unix and works in pretty much the same way as Linux, for us on the Unix / Linux side its the same difference.
Firstly, I’m not sure why an OEM would choose to limit their customers’ choices when their competitors may not be doing so. That said, in reality, the right price or business deal will naturally convince them to do so.
Secondly, embedded systems are starting to appear everywhere now so there will always be some PC alternative somewhere for those of us that want to use other OSes – ARM boards, MIPS boards etc.
Finally, I don’t think Valve will take kindly to being locked out of the PC gaming sector.
Edited 2015-03-21 13:12 UTC
I must admit that I don’t see this as the coming of the apocalypse that it’s being made out to be, but I might be missing something.
All they’ve done is offered the option for the OEMs to remove the insecure boot, and if any do start to take that path then geeks and self-builders will flock to whichever OEM leaves it enabled. Probably even see them issuing updates to re-enable it at a later date
Or is the issue here that folks are concerned that non-technical users will lose their ability to exercise choice if they wished to? I can see that being a problem, but I couldn’t possibly say how much this would affect non-technical users.
Although I’m wondering if it does become a situation where Microsoft starts paying OEMs to remove the option, is a modified BIOS an possible workaround? If so, I can see home-industry suddenly booming around this, much like the DSDT patching that goes on in the Hackintosh world.
Edited 2015-03-21 13:25 UTC
Here´s why I am so concerned about these moves
Hopefully that means they still_ can put the “windows 10 ready” logo on their products.
But if not -and the fear is that this *will* be the upcoming move- then the ‘cost’ in lost sales to regular users for not being homologated could be seen as higher than the cost in lost sales to technical users. Thus, reducing availability and hurting the alt-oses ecosystem.
For starters that reduces the choices and raises the costs for technical users that wish to get a “multi OS” machine. Even more in markets where choices are already much lower than richer countries.
That means extra costs for the manufacturer, as the market shrinks the chances of that shrink too.
Well, non technical users will go for the safe path, and for most of them a “windows X ready” part/machine will sound safer.
If later on they decide to try some alternatives, they won´t be able to, and they surely won´t buy another machine just for the fun of it. That hurts alt-oses ecosystem.
The introduction of alternative OSes to non technical users is through a PC they already have.
Blocking that somehow blocks user´s exposition to alternatives so, again, less available hardware might mean less potential users leading to less interest for the manufacturers.
It´s a downward spiral…
UglyKidBill,
What a regression if it happens. I was hoping this was behind us and that the MS requirement to keep the owner in control over x86 boot would continue indefinitely.
You are right, the thing is most alt-os users didn’t start out that way. We started out by tinkering with the computers we had around us. For me that meant Linux floppies, today it would be live-cds and thumb drives, etc. If restricted boot media was the norm, I would not have been exposed to linux. And since I still needed Windows, the ability to dual boot was critical. I was able to this because it was a standard feature of the “wintel” computer that my parents bought.
The geek remains pathetically dependent on hardware built for the Windows eco-system.
Secure Boot closes an avenue of attack that is common to both Linux and Windows.
This is a good news in markets where the OEM system install is the norm and secure-by-default saves everyone a lot of grief.
Hi,
I wouldn’t assume its secure. It just requires code to be signed by Microsoft’s key. There are multiple pieces of code, all if which may or may not have vulnerabilities, that have been signed by Microsoft’s key already. Over time the number of “potentially exploitable but signed” pieces of code will grow. Sooner or later someone will release a boot loader or device driver or utility that has (e.g.) a buffer overflow that means an attacker can install the buggy executable and then exploit it on a victim’s system.
When this happens Microsoft’s key can not be revoked.
Basically, it’s not secure, it’s “all eggs in the same basket, for now and forever”.
Also, I wouldn’t like to assume that Microsoft is the only one with a copy of Microsoft’s key (e.g. can we assume that the NSA doesn’t have a copy and can’t sign whatever they like with their copy of Microsoft’s key?); and wouldn’t like to assume Microsoft’s key will never leak (some employee that has access to it decides they hate Microsoft and uploads it to “crackers.are.us” and the entire world is screwed).
To actually be secure, we need more diversity in the keys being used for signing. The way to maximise “key diversity” (and therefore maximise security) is self signing. Basically, the owner of the computer has their own key and uses it to sign device drivers, utilities and boot loader/s that they want to allow; where nobody else (including Microsoft) knows what each end user’s key is.
– Brendan
Microsoft is like GMO food = bad for humanity.
Yet there’s still people jumping up and down for joy that Windows 10 is coming. WHY!? Paid informants or ignorant fools IMO. I particularly despise that the Raspberry Pi will be able to run Windows 10. That’s like giving crack to a baby.
People follow what other people are doing. It’s a Psychological thing. You see someone running, you start running too. It only takes a few of them to create movements in society.
If you’re not a supporter of free and/or open source software now … when will you be? When it’s too late?
If Microsoft released Windows as open source … that’s a step in the right direction. But with their track record it would likely be a trap for another agenda.
I know I’m preaching to the choir here on osnews. But I still see some of you under the spell.
Eh, GMO food can be perfectly fine. Pretending that it’s always “bad for humanity” is unfounded dogmatism.
I’m less sure about MS.
Edited 2015-03-22 16:02 UTC
Oh really? Source? Who does it serve to modify Nature? Perhaps you should do some research.
If PC Makers/MS start locking out competing operating systems, I’d be very, very, very surprised if the Europeans put up with it. I can’t think it would take long before the Europeans sued MS, and their dog too.
Case in point:
http://www.zdnet.com/article/microsoft-windows-8-uefi-secure-boot-c…
Importantly:
“However, with UEFI, the European Union’s Competition Commissioner JoaquÃn Almunia said in January he had not found any evidence Microsoft’s “security requirements” would result in practices that violate the EU’s competition laws.
Noting that range of factual, legal and economic considerations must be considered, Almunia said that it appeared that OEMs can give end users the option to disable UEFI secure boot. ”
So, if the EUFI can’t be disabled, you can be sure MS gets sued. MS may have decided to toss the dice — to see if they could win such a case. Since the vast, vast majority of users never load competing OS’s, I’m not seeing what, exactly, MS gets out of it (if they win)? Is it really just about “security”. I find that hard to believe.
Edited 2015-03-21 19:07 UTC
Ten thousand times YES.
And while all the time it will need, Europeans will use tips and tricks.
Alternate HW like ARM since it is as easy (open) to install on it, as wintel platforms. Simply, the PC market will slow down again and again.
Then, be sure, we will see cracks and tricks to broke the nasty feature as we saw in the past in Europe for the console market.
The more you try to restrict the freedom of an European, the more powerful
and creative he/she becomes to find an alternative.
I _really_ don’t care ! 🙂
Call it evolution if you which… ;-P
UEFI is not secureboot. Secureboot is an optiona featurel of UEFI. I don’t think most sensible people have a problem with UEFI itself, as it has many significant advantages compared to legacy BIOS.
Im only bringing it up because at this point legacy BIOS really does need to go away. It sucks. Its awful in a multitude of ways. Windows now supports UEFI natively. OSX has for years. Linux and FreeBSD do as well. It isn’t rocket science to write a shim to support legacy BIOS Operating Systems on top of UEFI, bootcamp does it for Windows for example (which is probably the most difficult implementation possible).
I just don’t want this secureboot controversy to impede actual progress. Legacy BIOS needs to be relegated to the dustbin. I don’t want some bullshit fear over a tiny (and completely optional) component of UEFI confusing lawmakers into thinking the eventual removal of legacy BIOS is a bad thing – it simply isn’t. It has to go away at some point – its archaic and UEFI is simply better technology.
Edited 2015-03-21 21:23 UTC
I can’t agree more that UEFI is not the problem in and of itself and we should not be fighting modernization, only the artificial lock in.
I though that there was some discussion about users being able to self sign a secure boot a while back. It seems like even secure boot would not be evil if you had the final say of what is being booted securely. I am guessing that never happened, but I am actually not sure.
I certainly don’t like the hardware being immutably locked as old hardware could have had a second life out of an alternative os once it’s heyday is over with the OEM one. We are not renting hardware, we own it.
Edited 2015-03-21 22:18 UTC
galvanash,
I agree with your whole post until this point. Even if Secure Boot is optional within the UEFI specs, that doesn’t much matter if microsoft requires it. I also think it’s wrong to characterize it as a “bullshit fear”, it’s very real with major implications for the technology industry. If we’re not careful with how we approach hardware shipped with “features” to lock out owners today, that will have long term consequences.
Not speaking for the OP here, but generally I don’t think many people object to UEFI. There would be very little objection to secure boot too if the spec mandated that the owner was in control. That’s the source of all the SecureBoot controversy. Security features aren’t bad, the issue is when the owners are not the ones controlling the keys and these keys are used to control the owner. If we don’t insist on keeping computers under owner control today, we might end up in a future where we loose our right to boot alternative software on commodity hardware. This would be detrimental for alt-os.
Edited 2015-03-21 22:46 UTC
I agree. I’d just point out you quoted me but stopped before the qualifying word in my statement… I said “confusing lawmakers” – you know those guys prone to kneejerk reactions based on popular opinion that don’t research issues fully before calling for torches and pitchforks. If people start characterizing UEFI as the problem that is what they will hear…
Totally agree.
galvanash,
Ok. I guess our message to lawmakers needs to be crystal clear, but I have no faith that they’d listen to us anyways. Even if we got it on the radar, our politicians will just go with the whatever the corporations ask for to continue receiving campaign contributions. tit-for-tat
Yes because replacing the sub 1Mb BIOSes with a big bloated multi MB OS that is made by only a couple of corps, bloated as hell, and reuses code so much you could go after every modern system by only targeting 3 OEMs? Yeah that’s MUCH better.
I think the UEFI people are falling into the same trap that those that hate Flash did, they hate the problem sooo badly they are willing to cheer for a system that is worse just because its NOT the original problem. Just as HTML V5 is worse than Flash in every metric, CPU and RAM usage, no support for animation, demands a patented all to hell H.26x and supports DRM OOTB, so too does UEFI bring to the table a lot of the worst of BIOSes but because “its not BIOS” too many assume that means its great…it isn’t.
What we REALLY need is something like Coreboot, easy to replace, easy to customize for your situation, which would lower the attack vector (as you could remove features you do not use) while giving you more control. If you want to get rid of BIOS? Trumpet something that gives YOU more control of that critical point, not just a purty mini-OS like UEFI.
I was going to try and respond to your arguments thoughtfully, but after seeing this statement I’m forced to concede there would be no point. Enjoy your bubble, it is well built and seemingly impervious to actual facts or rational thought…
More reason to go with vendor like System76 and ZaReason!
I am going with System76 from now on! I have Sable Complete, and it is very nice hardware, and from now on I will use my money go with Vendors like System76.
All this talk about “new” MS you often hear is so annoying. Here you go. “New” MS bringing all the old kind of dung.
As if it’s not enough that the sickening Windows tax is still rampant amongst most OEMs like Lenovo, and now this. MS should be hit hard with the antitrust law for this idiocy.
Edited 2015-03-22 04:02 UTC
This whole uEFI thing is stupid and extremely pointless. Linux is not going to get locked out (thankfully). Microsoft has already signed a wedge for the Fedora team that will load whatever software you want. In fact, it coulud be used to propagate MBR and BIOS virii. Thats why Microsoft making such a big deal out of this is completely useless.
The mere fact that they had to go and beg MS to do it is just plain wrong. MS should not hold this power over anyone.
I agree with you there. But now that they have, anyone can pretty much load anything they want on the systems.
They can also revoke the key …
Not all companies will turn off the secure boot option — perhaps only the ones that currently use a warranty which is void if you install an OS other than Windows will do this. Anyone who wants to install Linux will just have to find a company that supports it (like Dell, for example).
PCs have always been open, and should remain this way.
It all went downhill with smartphones. Since they are not PCs, people did not object (as much) when they started locking the bootloaders and such. Now that devices are converging, things aren’t as clear as they used to be, and MS is taking advantage of that.
I own a lenovo tablet thing with an atom inside. I can’t install linux since it will not boot any media other than a win8 recovery stick. It specifically looks for winPE files. That is just VERY wrong imho.
Have you tried Wubi? It installs as just another Windows program so this should solve your problem. BTW I hate to say this but….its what you get for buying Lenovo, they are about as anti-consumer as you can get.
This is why I tell my customers to get Asus on the mobile and Asus or Asrock (which is now owned by Asus) on the desktop, hell of a lot more consumer friendly IMHO than Lenovo which seemed to have absorbed the worst aspects of IBM when they bought their PC division.
Booting an alternate OS via VHD/VHDX may render the optional secure boot switch obsolete for those desiring dual/multi booting systems.
There are likely limitations about this approach and the lack of information for non-Windows does not help. It is difficult to find clear instructions on how to do it for a non-Windows OS.
Anyways, my next home system is more likely to be an ARM/Android hybrid or tablet than a personal computer. Next, would be a higher-end X86-64 based Chromebook with demonstrated capability for supporting an alternate OS. It is very unlikely that I will be purchasing another Windows-based personal system for myself although I would likely have to keep using one at work.
Is there any such OS? As far as I know only some recent versions of Windows can be booted from a vhd/vhdx (native boot) and this requires ntfs and the Windows bootmanager (BCD, bootmgr).
I would love to have other OS-ses in a VHD but as far as I know that isn’t possible
Hi,
UEFI doesn’t understand VHD/VHDX.
For this to work at all you’d have to boot something that does understand VHD/VHDX first, and that “something” would have to be UEFI executable (either a form of boot loader or a disk driver) that’s been signed with an acceptable key (Microsoft’s key).
Microsoft might provide a utility that does this for their OS; but whatever they provide is not going to have massive gaping security holes that defeats the entire purpose of secure boot; and it will (e.g.) check if whatever it loads from VHD/VHDX is digitally signed.
Basically, it’s not useful as a work-around for alternative OSs.
But I don’t think that has anything to do with UEFI/Secureboot. I think everything works exactly the same for a BIOS/CSM and it is also not possible to “native boot” another OS that way….unfortunately
Hi,
In theory (I’m not sure if Microsoft implemented it this way or not); it would be possible for VHD/VHDX to be implemented as a UEFI device driver. In that case UEFI wouldn’t know the difference between VHD/VHDX and a real hard disk (and would try to mount a “UEFI system partition” on the virtual disk, and try to find a boot loader on that partition, and check the boot loader’s signature if secure boot is enabled; just like it would for a hard disk).
Of course it could also be implemented as a boot loader type of thing (where UEFI doesn’t know anything about it and it controls finding and starting the boot loader on the virtual disk itself).
– Brendan
I am sure that it is implemented as a bootmanager function because otherwise it would work differently between BIOS/CSM and UEFI. It would also mean that the UEFI needs to really understand NTFS so it could mount /disk1/part1/folder_with_diskimages/subfolder_with_differencingimages/ os1_diff2.vhdx
It would be great to have a UEFI that could load something like disk1/part1/folder_with_diskimages/subfolder_with_installationimages/w in10.iso
Things like this are normally handled through the boot manager and the BCD which are different between BIOS and UEFI but only slightly
So apparently it isn’t possible to native boot anything except recent Windows versions
some links:
http://www.linuxfoundation.org/publications/making-uefi-secure-boot…
http://www.howtogeek.com/175641/how-to-boot-and-install-linux-on-a-…
http://www.linuxjournal.com/content/growing-role-uefi-secure-boot-l…
http://www.zdnet.com/article/torvalds-clarifies-linuxs-windows-8-se…
http://www.zdnet.com/article/linux-mint-17-hands-on-with-uefi-secur…
http://en.altlinux.org/UEFI_SecureBoot_mini-HOWTO
It seems Microsoft is doing a lot more open source and even developing out in the open like CoreCLR… then they go and do this.
They need to make up their minds.
Or make up our minds to not use clr/c#.
Microsoft can do whatever they want but i am afraid its too late what microsoft will do since OEM motherboards and BIOS creators used UEFI is control by OPENgroup that made UEFI and secureboot is only just addon for adding keys but its not very used at all since those UEFI are made by Linux people and motherboards people they can’t go back and redesigned the BIOS since 2003..so MICROSOFT…how about NO !!!!
Steve Balmer thought that back in Vista days but he failed to do so..and the company have no choice to embraced LINUX or LOOSE MORE MONEY TO APPLE..and OpenGroup consortium will not waste their time argue what to change..UEFI is already have Built in Linux Kernel on BOOT..so UEFI can boot any OS even Yosemite OSX for Intel Platform without any tricks except CPU patch for newer models Haswell..and UEFI OS is fragmented by Motherboard Manufacture so everyone is different and CoreBOOT is more promising than Microsoft have nothing to show..
Edited 2015-03-23 17:41 UTC