In association with heise online

23 September 2011, 12:42

Microsoft responds to secure boot accusations - Update

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Windows logo

Recent suggestions that Microsoft is attempting to lock out Linux through the use of secure boot in Windows 8 have been refuted by Steven Sinofsky, president of the company's Windows and Windows Live division. In a Building Windows 8 blog posting introduced by Sinofsky, he diplomatically refers to "some comments about how Microsoft implemented secure boot" and how "unfortunately these seemed to synthesize scenarios that are not the case".

The posting continues with an explanation, from Microsoft program manager Tony Mangefeste, of the mechanisms used and the purposes of those mechanisms as they are used in Windows 8. "Most customers will have their systems protected against boot loader attacks", says Mangefeste but "For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision". He points out that the Samsung tablet distributed at the //BUILD/ conference with Windows 8's Developer Preview allows for secure boot to be easily disabled. "At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves".

Other issues, such as the interaction of the Linux bootloader GRUB2, signing keys and the GPL3's requirement for publication of those signing keys, are, of course, outside Microsoft's control. They will need to be addressed by the Linux community, though, as Microsoft pushes for OEMs to use the secure boot technology in future Windows 8 PCs.

Update – Matthew Garrett, developer at Red Hat, whose postings originally raised the issue, has responded saying "Microsoft's rebuttal is entirely factually accurate. But it's also misleading." He notes that there is no central certification authority for UEFI signing keys and that Microsoft could use its market dominance in PCs to see systems only shipped with signing keys for Microsoft software because "Microsoft's influence here is greater than even Intel's". Garret suggests that if Microsoft were "serious about giving the end user control" they would mandate that systems ship without any keys and give the user "the ability to make an informed and conscious decision to limit the flexibility of their system".

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit