Before a computer boots Windows, OS X, Linux, or any other operating system it loads system-level firmware. For the past few decades most PCs have used something called BIOS to recognize your hardware and load the appropriate operating system. But there’s a new kid in town called UEFI, (which is what Macs have been using for the past few years). It’s faster, more flexible, and offers more advanced security features — and Microsoft wants Windows 8 computers to use UEFI instead of BIOS.
In fact, in order to qualify for the Windows Certification program, a computer will have to use UEFI 2.3.1 or newer and have “secure boot” enabled by default. This feature is designed to prevent malware from infecting your bootloader by preventing unuathorized code from running when you first boot your computer.
That sounds like a good thing — and for most people it will be. Unfortunately since secure boot looks for signed code, you could have problems trying to run Linux, older versions of Windows, or other operating systems on a system with secure boot enabled. If the feature is turned on you may not be able to replace Windows 8 with the operating system of your choice or create a dual boot setup.
Earlier this week Red Hat Linux developer Matthew Garrett raised this point, and the issue gained a bit of traction in the blogosphere. The original post wasn’t particularly alarming, since there was no suggestion that Microsoft was trying to kill Linux. But it certainly raised some cause for concern. Now Microsoft’s Steven Sinofsky has weighed in to clarify the company’s stance on the matter.
In a nutshell it comes down to this: In order to slap a Windows logo on a Windows 8 PC, hardware makers will have to ensure that secure boot is turned on by default. But there’s absolutely nothing preventing PC makers from giving customers the option to turn off that setting.
Of course, there’s also nothing requiring them to do so. That was kind of Garrett’s point in the first place. It’s not that the HPs, Acers, Dells, and Lenovos of the world are likely to ship computers that intentionally prevent users from installing Linux alongside Windows 8. It’s just that this is something most customers won’t bother to do… and so it’s possible that some companies won’t bother to make sure the UEFI included with their prebuilt computer systems include an option to disable secure boot.
In other words, we won’t really know if there’s a problem for Linux users until Windows 8 computers start to ship — or you can just build a computer yourself using components that are known to work with the operating system you choose to use.
We could also eventually see various Linux distributions take steps to enable support for UEFI secure boot features, but this is a tricky process since secure boot requires signed code — and that’s something that may conflict with the GPL (General Public License) used by most open source Linux-based operating systems.