Microsoft Responds to Linux Lock-Out Claims

by Sam Dean - Sep. 23, 2011Comments (17)

Yesterday, in the post "Will Windows 8 Lock Linux Out of PCs?," I discussed a Microsoft methodology for ultra-fast booting of Windows 8 PC through a specification called Unified Extensible Firmware Interface (UEFI). There have been a number of reports on how Microsoft might implement UEFI in such a way as to disallow Linux on PCs running Windows 8. I noted that it was unlikely that Microsoft would behave in such a two-fisted way toward Linux, and a new post from Microsoft responding to the brouhaha implies that's that true.

In a very extensive, graphics-laden post, Microsoft's Tony Mangefeste writes:

"Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems."

UEFI does appear to make it technically possible for a hardware manufacturer to deliver a Windows 8 machine that won't boot an alternative operating system, but that's not the goal of UEFI, and Microsoft's position is that it won't make such decisions on behalf of hardware makers or customers. Here's the bottom line:

"At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves...For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision."

As noted yesterday, the UEFI brouhaha is a tempest in a teapot. Microsoft cannot benefit from schemes that box out Linux or other operating systems, and virtualization and customization options will allow Windows 8 users to use multiple operating systems. 

Handrus Nogueira uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?


Sorry it is not a storm in tea cup. Virtualization still does not give you good access to video card.

Also moving a business to Linux desktops duel booting or any other way of running windows along side has been found counter productive. Linux desktops threaten to take 80 percent of the business computers away from Microsoft for good.

Also this is not as secure as it first seams. What happens if Microsoft certificate gets stolen?

Yes the UEFI needs a method for extra signing keys to be uploaded and default installed to be disabled just to deal with future secuirty threats.

0 Votes

I agree, it's not a tempest in a tea pot. This is an end run by a monopolist to try to further their monopoly by requiring secure boot for windows 8 certification. If by 'end user' Microsoft means hardware manufacturers then they are right, but already some manufacturers have stated that there will be no option to disable it. Read the link below for more information.

0 Votes

I'm sorry, when Microsoft says "just trust us", I put my hand on my wallet and walk away quickly.

They have time and again made no secret that they consider Linux the major threat to their business model. To expect them not to use a tool like UEFI against Linux is at best naive.

0 Votes

I think consumers should be worried about UEFI and certificates. Before you know it hardware makers will attempt to make the same arguments as cell phone makers when it came to Jail breaking devices.

Again if you read the statements Microsoft is putting the decision on the OEM (They are the customer)

0 Votes

Or, put another way, "you can run Linux as long as it's in a virtual machine on Windows".

No thanks.

"Enthusiasts who want to run older operating systems".

Patronising much?

Does this mean that Windows 8 is a completely new OS, or is it another hack of an older WinOS with a new Desktop?

Speaking as a happy Linux user, I'm fairly sure that most distros are much more "up to date" (as if that was all that mattered).

They are also far more secure. Which is much closer to what matters.

0 Votes

@oiaohm - 80%??? Dreaming big, aren't we. Most businesses will likely choose the path that will save them time and money. Switching to a new OS from Windows, is expensive. Especially since all their software was written for Windows and would need to be reprogrammed for Linux. Also workers would need retraining. Given that each fiscal year has a new budget, most companies want to stay within that budget rather than investing in a change.

Drivers for linux have been a hit or miss. My netbook has a touch screen that worked on linux, but now it does not. On the other hand, I noticed that Flash runs better on Linux than on Windows on the same computer. But it's a deal breaker when I can't use all the devices equipped on the PC. And I'm not about to buy a new PC just to use Linux. Neither will corporations.

Also, since the majority of software is open source on Linux, it is often lacking in features. Features for the disabled are lacking. Linux has virtually no Voice Recognition. Open Office does most the major things that MS Office does, but it's lacking in others that makes MS Office so powerful. GIMP is no where near Photoshop.

There's this conundrum that keeps Linux from becoming mainstream which includes the lack of commercial software support. Obviously if the commercial software were available on Linux, it would make it easier for professionals and corporations to adopt it. Likewise, if corporations were to adopt Linux, it'd be more likely that Linux versions of commercial software would become available. But no one is willing to take the initiative. Thus, Linux remains a contender that can barely compete on any level against the financially backed commercial contenders.

Unless something changes, you are not going to see any more adoption of Linux than what you have already seen. Business won't go that direction.

0 Votes

This matter. If this manages to get through competition regulators (which it shouldn't if they where doing their job) with any luck UEFI will be broken wide open quickly. It's a bad security move to align the interest of so many hackers against a system. Where are the EFF? They should be leading the charge against this.

0 Votes

The issue isn't just about Linux or other alternate operating system being able to boot, it's about hardware lock-in as well, particularly video cards. Is it so hard to believe that one company may offer an OEM cold hard cash to make it difficult for the end user to switch to a competitor's product? If the only way to turn off the secure boot is to pull an unmarked jumper buried somewhere on the motherboard, how many people will be capable of doing so?

By requiring secure boot, Microsoft may be trying to protect itself from software piracy and root-kit malware, at a potentially high cost to everyone else. It's not about harming Linux users. We already build our own computers. It's about the unintended consequences to the rest of the market.

0 Votes

As, I understand it. The secure boot would make it necessary to have a key installed in the firmware and a matching key in the software. Tell me how a normal user can install keys for say a linux os? Oems would have to install the keys in the firmware for every linux distro and old windows os's thqt anyone might want to install. I doubt any oem will be willing to do this. Therefore, Windows 8 will in fact be the only OS running on these new computers!

0 Votes

This matter. If this manages to get through competition regulators (which it shouldn't if they where doing their job) with any luck UEFI will be broken wide open quickly. It's a bad security move to align the interest of so many hackers against a system. Where are the EFF? They should be leading the charge against this.

0 Votes

Matt Garrett at RH seems to agree with most posters here that its NOT a tempest in a teapot.

Whenever I hear MS tell me not to worry, I START to worry.

Decades of conditioning are responsible for that.

0 Votes

When it comes to interactions between OEM's and Microsoft, ignoring Microsoft's strong-arm tactics (still in full swing today) is beyond naive. With this latest move, Microsoft appears to be playing the passive-aggressive card to the hilt, allowing OEM's to do their dirty work simply through inaction. OEM's only have to get Windows working with UEFI. Anything else (like an interface for user control or alternative OS certificates) is overhead "maybe we'll get to it someday" work. The Microsoft "explanation" is so full of doublespeak and weasel words, it makes the hair on the back of my neck stand up. The author obviously missed their calling in politics.

I'm not even focused solely on Microsoft with this gambit. I'm sure Apple, Sony, and other empires drool at the prospect of furthering their plantation view of ownership where consumers pay for something and assume most management responsibilities and risk, but can only do what their benevolent masters permit. Look no further than the legal battles being fought over users having any degree of ownership/control of smart phones and entertainment devices or media they have purchased.

Personal computers are a last bastion of "I bought it, I'll tinker with it however I like" freedom in the IT arena, and that freedom is under attack on multiple fronts. Given the contempt for individual liberty that many corporations demonstrate again and again, I strongly advocate a policy of trust but verify. Whether it is hidden root kits, unauthorized monitoring, "sell your soul" EULAs / licensing, or "this is for your own good" control, history is on my side. Like an abusive spouse, each time they are caught and threatened with sanctions, they appear deeply remorseful and promise it will never happen again. But it will. Anyone who tells you otherwise is selling something.

Don't get me wrong. Conceptually, I think something like UEFI is an idea whose time has come, and I have no problem with Microsoft having reasonable input on a standard like this. I love the idea of boot process with a configurable security layer between the critical step of passing control from the hardware/firmware boot sequence to the kernel.

Are memories really that short? Have people already forgotten the huge steaming pile of open xml "standard" Microsoft strong-armed through an approval process (by gaming the approval committees)? Whenever a standard is released with one or two large corporations in the driver's seat, it should be treated as radioactive waste and buried until a true open standard can be forged.

It's definitely time to bury this one. Deep.

0 Votes

I would not worry too much about this.

I don't think Google would stand by and watch OEMs shut out other operating systems. Also, if by buying one product you are required to buy another, is this not a form of "tying" which is illegal under the Sherman Antitrust Act? I am not a lawyer but any OEM that tries to shut out other OSs while partnering with Microsoft is asking for a visit from the DOJ.

0 Votes

If it's true then Microsoft will guarantee that I'll never have Windows 8 on any machine that I own!

0 Votes

Of course it's a calculated move by a convicted monopolist. "Oh, that's the hardware manufacturer's decision," Microsoft executives say publicly. Of course, what's said *privately* to those same HW manufacturers is, "if you want the kickbacks, you do as we say. If you don't do as we say, no kickbacks." A monopoly (i. e. Microsoft) is in a particularly powerful position to actually enforce this, and sooner or later, Microsoft executives will pull that trigger. Next thing you know, you have half the "Tier 1" PC manufacturers locking UEFI down to run only Windows 8.

No, thanks. I will build my own. Whatever gets used in my corporation is one thing, since that's the corporation's computer, but my own PC will have no such nonsense.


0 Votes

It's pure control and monopolise strategy that will boot out anybody else in the IT world. Microsoft is a beast that need to be restraint.

0 Votes

@Timmy - while I agree with a lot of what you say... Sorry for going off-topic, but I can't imagine that you've used The Gimp very much if you think it can't touch Photoshop...

While it did take me a while to warm to the Gimp initially, as I was so used to all the Photoshop keyboard shortcuts etc - I was very resistant to change after having been a HUGE Photoshop fan for well over 10 years... but these days, whenever I'm working in Photoshop, I actually start wishing I was using the Gimp and I start to miss many of the features it seems to have over Photoshop ;)

My initial reason for attempting to switch from Photoshop to the Gimp was due to work requirements that were mostly out of my control - however, even now that my situation has changed and I no longer have the restriction (of not being able to run Photoshop)... even with the ability to go back to Photoshop now... I myself am surprised that I no longer want to ;)

0 Votes
Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.

Promote Open Source Knowledge by sharing your thoughts, listing Alternatives and Answering Questions!