As you probably already know, Microsoft is implementing a new feature in Windows 8 called Secure Boot that prevents any kind of software that doesn’t have a security key to load when the computer is booting.
This is essentially supposed to prevent rootkits and other viruses from loading on start up, but a side-effect is that it also prevents other operating systems from loading.
Microsoft made a statement on their Building Windows 8 blog addressing these issues:
“Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows…
…Microsoft is working with our partners to ensure that secured boot delivers a great security experience for our customers.
Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot.
We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.
For Windows customers, Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default, that firmware not allow programmatic control of secure boot (to prevent malware from disabling security policies in firmware), and that OEMs prevent unauthorized attempts at updating firmware that could compromise system integrity.
Most of these policies are not new to UEFI firmware, and most PCs today carry some form of firmware validation. Even the existing legacy support, such as BIOS password, is a form of secure boot that has been under OEM and end-user control for years.
However, with secure boot & UEFI, the industry and Microsoft are raising the bar to create greater system integrity and health, and to provide customers with a strong level of protection against a growing class of threat.”
That excuse might work for now, but it still doesn’t change anything; unless the OEM provides the keys for an operating system other than Windows, people won’t be able to load their operating systems of choice.
And even if the OEM does provide a few keys, it won’t cover all of the operating systems other than Windows.
Also, if someone sues over this, Microsoft will most likely loose. Who remembers the Microsoft antitrust case back from the ’90s?
In the final ruling for US v Microsoft, it stated that, “Microsoft shall not restrict by agreement any OEM licensee from exercising any of the following options or alternatives: …Offering users the option of launching other Operating Systems from the Basic Input/Output System or a non-Microsoft boot-loader or similar program that launches prior to the start of the Windows Operating System Product.”
That sounds like a pretty big violation of the ruling to me. There’s a pretty easy solution to this though. Microsoft shouldn’t require that Windows Certified systems have Secure Boot enabled.
Overall, I think it should be the consumer’s choice whether to enable it, I mean, it’s our device right? Whatever the device is, we should be able to control it. It’s like Apple with Flash.
Although I don’t think Flash would run very well on any mobile device, consumers should have the right to choose whether or not to run it.