A war of words over a default security feature on Windows 8 machines has arisen over the past week, with some accusing Microsoft of using it to lock out competition.
Red Hat researcher Matthew Garrett said the secure boot feature, known as the Unified Extensible Firmware Interface (UEFI), was being used by Microsoft to let only OS loaders with digital signatures run on machines pre-loaded with Windows 8.
This would make it very hard for other operating systems, in particular generic versions of Linux, to run on such computers, Garrett claimed.
If Microsoft were serious about giving the end user control, they'd be mandating that systems ship without any keys installed.
UEFI was designed to ensure greater security at the firmware level, yet Garrett believes Microsoft is misusing the feature for its own gain.
"As things stand, Windows 8 certified systems will make it either more difficult or impossible to install alternative operating systems," he wrote in a blog post.
Garrett claimed Windows 8 certification required hardware ship with UEFI switched on. He said Windows 8 certification did not require a feature allowing the user to disable UEFI.
"Why is this a problem? Because there's no central certification authority for UEFI signing keys. Microsoft can require that hardware vendors include their keys. Their competition can't," Garrett said.
"A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's."
Microsoft: We aren't locking you out
Garrett's comments came after Microsoft responded to his initial claims that Windows 8's UEFI feature was being used to "lock-out" competition.
Microsoft said secure boot did not block other operating system loaders, but is simply "a policy that allows firmware to validate authenticity of components."
The Redmond giant said it did not want to stop PC makers from allowing users to decide what went on machines.
"Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot," said Microsoft's Tony Mangefeste, in a blog post.
"We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems."
Microsoft was convinced users would be able to run other operating systems with the security feature in place, saying the flexibility had already been shown off on a Samsung tablet with Windows 8 Developer Preview.
"For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision," Mangefeste added.
Garrett remained unconvinced, saying it remained the case that a computer with only manufacturer and Microsoft keys would not be able boot a generic copy of Linux.
"If Microsoft were serious about giving the end user control, they'd be mandating that systems ship without any keys installed," he added.
"The user would then have the ability to make an informed and conscious decision to limit the flexibility of their system and install the keys."
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Tiny11 review: Windows 11 with only 2GB of RAMReview A version of Windows 11 for older machines that don't meet the full requirements
-
Red Hat Enterprise Linux becomes foundational operating system for Cohesity Data CloudNews New strategic partnership between Red Hat and Cohesity aims to drive innovation in the data security and management space
-
Ubuntu shifts to four-week update cycleNews Critical fixes will also come every two weeks, mitigating the issues involved with releasing prompt patches on the old three-week cadence
-
AlmaLinux follows Oracle in ditching RHEL compatibilityNews Application binary compatibility is now the aim with 1:1 now dropped
-
How big is the Windows 10 cliff-edge?ITPro Network With some comparing the upcoming Windows 10 end of life to Windows XP, we ask members of the ITPro Network for their insight
-
Everything you need to know about the latest Windows 11 updates - from bug fixes to brand-new featuresNews Two new cumulative updates are on the way and will be installed automatically on Windows 10 and Windows 11 machines
-
How to download a Windows 11 ISO file and perform a clean installTutorial Use a Windows 11 ISO to install the operating system afresh
-
We could all benefit from better Windows and macOS accessibility featuresOpinion Today’s accessibility features can help you work through a nasty injury, but there’s still plenty of room for improvement
