Will Windows 8 Lock Linux Out of PCs?

by Sam Dean - Sep. 21, 2011Comments (1)

Will Microsoft's upcoming Windows 8 operating system be tuned to lock Linux installations off of PCs? There are some real questions arising about the issue. Microsoft is working on a methodology for ultra-fast booting of Windows 8 PC through a specification called Unified Extensible Firmware Interface (UEFI). That specification reportedly includes a secure booting routine that is expressly designed to obstruct rootkit malware infections, but some observers worry that it could also mean that any Windows 8 PC will not be able to run Linux. There are several reasons why this won't happen, though.

Network World has a good report on the UEFI boot spec, noting this possibility:

"Without a key, Linux will be unable to boot off the machine. It may be possible for Linux distro makers to somehow offer signed versions of Linux, but this too, is problematic as this would require a bootloader not covered by the GPL. It also doesn't help people who want to run their own custom-tweaked versions of Linux."

It's highly doubtful this will end up being a concern when the final version of Windows 8 comes to fruition. Microsoft has become increasingly aware that IT administrators are interested in heterogenous environments where many people want to use multiple operating systems. We've also noted that Windows 8 is taking some of its cues from Linux. It's not in Microsoft's best interest to box out alternative operating systems.

Also, in the early debate over the Windows 8 boot spec, there has been little discussion of how virtualization could allow PCs to run Microsoft's new OS and Linux in tandem. I have two machines that have virtualized instances of Windows and Ubuntu, a convenient setup that allows me to use a larger universe of applications than I would have available through only one OS. 

Technically, UEFI could be implemented in such a way as to box Linux out, and the Linux community is already debating that possibility, as seen here. Don't hold your breath waiting for this scenario, though.

Coby Randquist uses OStatic to support Open Source, ask and answer questions and stay informed. What about you?


Solution: Create a non-free, open source signed bootable CD whose only function is to insert new keys into the UEFI. That one CD can be signed, and each machine owner can generate their own private key (easily automated) and as part of the install process, the software is signed with the key specific to that person, no keys public to leak, and yet everyone has the keys needed to modify the hardware and hopefully this can comply with GPL3.

Install goes like this:

1: Run special key maker CD, which inserts the key into the chip and puts it on a flash drive.

2: Run the installer which grabs the key from the flash drive and signs the install.

3: Pull out the USB drive so that malware can't grab it.

When you want to tweak the boot loader, or install something that needs to be signed, you plug in the flash drive just during that install's signing process. Physical security to reduce the window of opportunity for malware to get your key.

1 Votes
Share Your Comments

If you are a member, to have your comment attributed to you. If you are not yet a member, Join OStatic and help the Open Source community by sharing your thoughts, answering user questions and providing reviews and alternatives for projects.

Promote Open Source Knowledge by sharing your thoughts, listing Alternatives and Answering Questions!