Microsoft, Red Hat spar over secure boot-loading tech
A Red Hat developer is charging that Microsoft is using UEFI in Windows 8 to lock out Linux, which Microsoft denies
IDG News Service - Is Microsoft using a next-generation computing boot-loading technology to lock out the use of Linux and other OSEs on certain computers? While Microsoft has denied malicious intent, one Red Hat developer maintains that this may be the case.
Microsoft is mandating the use of the UEFI (Unified Extensible Firmware Interface) secure boot-loading capability with Windows 8 in such a way that "the end user is no longer in control of their PC," charged Red Hat developer Matthew Garrett in a blog entry posted Friday.
Microsoft has claimed that this charge is based on a misunderstanding of the company's intentions. "At the end of the day, the customer is in control of their PC," said Microsoft program manager Tony Mangefeste in another blog posting from Microsoft.
The controversy took root on Tuesday, when Garrett pointed out in a blog posting that Microsoft-certified computers running Windows 8 may not be able to be loaded with copies of other OSes, such as Linux. Users could not install Linux as a second OS, or replace Windows with a copy of Linux, Garrett argued.
Windows 8 will require its host computer to use the UEFI, the low-level interface between the computer firmware and the OS. Marketed as a replacement to BIOS, UEFI provides a secure boot protocol, which requires the OS to furnish a digital key in order to be loaded by the machine. UEFI then can block the operations of any programs or drivers unless they have been signed by this key, a move that should prevent malware from infecting machines by changing the boot-loading process.
With Windows 8, Microsoft will require hardware manufacturers (those wishing to display the Windows logo on their units) to ship their machines with secure boot enabled. Each machine would then require a digital key from Microsoft, the hardware manufacturer or, if it uses another OS, a secure key for that OS.
Users who customize their own versions of Linux, or use a generic OS that does not come with a key, may not be able to run these OSes on machines requiring this secure booting process, Garrett said. Nor would there be any guarantee that OEMs (original equipment manufacturers) even provide the ability for users to add their own keys, or give users the option to run other OSes without a key.
Garrett's blog post subsequently sparked debate in the trade press and Linux user communities.
Responding to the controversy on Thursday, Microsoft has denied that the intent was to shut out Linux. Although he did not mention Linux by name, Steven Sinofsky, president of the Windows and Windows Live Division, noted in a blog post that some of those commenting have used details of the new plan to "synthesize scenarios that are not the case."
- Who does NSS Labs "Recommend" for NGFW? In 2012, NSS Labs found that most available NGFW solutions "fell short in performance and security effectiveness." In 2013 NSS Labs noted "marked...
- CIOs Deliver Productivity Breakthroughs with Intelligent Digital Signage Retailers have long recognized the influence that digital signage provides over a shopper's point-of-purchase decision making process.
- 9 Essentials for a Complete Cloud-to-Cloud Backup Solution In 9 Essentials for a Complete Cloud-to-Cloud Backup Solution, we'll walk you through potential sources of data loss in the cloud and provide...
- Workload Change: The 70 Percent of Your Business DevOps Forgot Adding WLA early in the development process ensures that the benefits of DevOps accrue for all applications, including your batch services. This paper...
- Top 4 Digital Signage Fails Join RMG Networks for a look at four of the most common reasons digital signage fails in corporate businesses. Learn about strategies to...
- Protecting Critical SaaS Data Before It's Too Late In this webinar, you'll hear how to avoid SaaS data loss through best practices from a panel of experts. All Operating Systems White Papers | Webcasts