Microsoft has announced a change to the UEFI Secure Boot standard in Windows 10 that has the Linux faithful upset that it may eliminate dual-booting and exclude Linux from of their machines.
The change, announced at the revived WinHEC conference in China, seemed innocuous enough. Windows 10 will ship with support for the UEFI Secure Boot standard, just as it did in Windows 8, but this time, the off switch is now optional instead of mandatory.
The fear is that OEMs will simply turn on UEFI Secure Boot and not give people the option to turn it off. Doing so would preclude any non-Windows 10 OS from booting.
For those still running XP, UEFI is the replacement to the ancient BIOS firmware. While the rest of the PC had steadily advanced since the original IBM PC in 1981, the BIOS never changed. It was a tiny, 1MB firmware written in Assembly language. UEFI, which had its roots in Itanium, eventually replaced BIOS in recent years, providing a far more advanced firmware for PCs.
Secure Boot was one of those advances. It is meant to protect PCs from specific malware that are loaded before the OS boot process has begun or from OS that have been modified by malware. When Secure Boot is active, the UEFI checks the cryptographic signature of any program that it is told to load, including the OS bootloader.
So if it does not find an unmodified Windows 10 bootloader, it will not start the machine. When this was introduced with Windows 8, the Linux community complained that Secure Boot could be used as a way to shut out Linux on desktops. After all, Microsoft mandated that PCs with Secure Boot ship with it enabled.
Microsoft smoothed things over then by also mandating that all x86 systems ship with the ability to disable Secure Boot. It also partnered with VeriSign to create a method of signing third-party binaries for a $99 (€90) fee.
With Windows 10, the situation is changing. Ars Technica was the first to note that the option of enabling Secure Boot is now a must. This does not shut out Linux, but it does make things harder. Major Linux distributions will likely have the VeriSign signature and will not be affected. Also, this will be more of an issue with brand-name PCs — in other words, HP, Dell, and Lenovo.
But if you are a home builder like me, it is unlikely to a problem. Just hit the delete key on start-up, go into UEFI, and shut off Secure Boot —problem solved.
Andy Patrizio, IDG News Service
Subscribers 0
Fans 0
Followers 0
Followers