How else would they protect their interests these days,  Being able to re-purpose a computer, or just wipe Windows OS completely from the computer to start with, has always been refreshing to me. Look out, those days may be at an end. Linux is not owned by anyone entity or corporation, and has free market reign, allowing consumers a choice, albeit one that is rarely known, so rarely do people even know of it’s existence. However, Android is built from the Linux kernel, and is quickly becoming the king in mobile devices, supplanting the iPhone.

Stopping dual boot or changing the OS by users would stop the market penetration by Linux. Maybe the knowledgeable Linux crowd might build their own computers but this is beyond the capacity of probably 99% of computer users. Market penetration by a competing OS would be stopped cold which is what MS wants. They want to stop the downward slide of Windows. Yes, Linux has a very small share of the OS market, but what about some new and different OS that is developed in the future. This would stop them from even starting. It’s not just about Linux.

Windows 8 PCs will boot super fast in part because of the next-generation booting specification known as Unified Extensible Firmware Interface (UEFI). The latest UEFI, released April 8, includes a secure boot protocol which will be required for Windows 8 clients. Secure UEFI is intended to thwart rootkit infections by requiring keys before allowing executables or drivers to be loaded onto the device. Problem is, such keys can also be used to keep the PC’s owner from wiping out the current OS and installing another option such as Linux, says Matthew Garrett, a mobile Linux developer at Red Hat, in a blog post [1].

‘If a vendor key is installed on a machine, the only way to get code signed with that key is to get the vendor to perform the signing. A machine may have several keys installed, but if you are unable to get any of them to sign your binary then it won’t be installable. … Microsoft requires [2] that machines conforming to the Windows 8 logo program and running a client version of Windows 8 ship with secure boot enabled.’

Microsoft’s requirement of secure UEFI is verified by a presentation [2] at the BUILD conference given by Arie van der Hoeven, Principal Lead Program Manager of Microsoft. Slide 11 of the presentation states:

• Current issues with boot
  • Growing class of malware targets the boot path
  • Often the only fix is to reinstall the operating system
• UEFI and secure boot harden the boot process
  • All firmware and software in the boot process must be signed by a trusted Certificate Authority (CA)
  • Required for Windows 8 client [emphasis mine]
  • Does not require a Trusted Platform Module (TPM)
  • Reduces the likelihood of bootkits, rootkits and ransomware

Secure boot uses a PKI scheme so that UEFI 2.3.1 firmware will only run digitally signed EFI bootloaders and device drivers. A recent article in The H [3] notes that it can be “designed to accept a software key management service (KMS), a network-accessible key server or a hardware security module (HSM).” The hardware module would likely be a Trusted Platform Module (TPM 1.2), though as van der Hoeven points out, TPM isn’t required.

The Linux community has been on alert about secure UEFI for a couple of months, according to an article in June from LWN.net: [4]

‘The basic idea behind secure boot is to sign executables using a public-key cryptography scheme (RSA with 2048-bit keys with SHA-1 or SHA-256 as the hash). The public part of a ‘platform key’ (PK) can be stored in the firmware for use as a root key. Additional ‘key exchange keys’ (KEKs) can also have their public portion stored in the firmware in what is called the ‘signature database’. That database contains public keys that can be used to verify different components that might be used by UEFI (e.g. drivers) as well as bootloaders, and operating systems that get loaded from external sources (disks, USB devices, network, and so on). The signature database will also contain ‘forbidden’ signatures which correspond to a revocation list of previously valid keys. The signature database is meant to contain the current list of authorized and forbidden keys as determined by the UEFI organization.’

The fear expressed by the Linux community in June was that proprietary operating system vendors could demand an implementation of Secure UEFI where device makers do not or cannot share private keys with the buyers/users of the device. Without that, only the entities in the signature database will be able to authenticate drivers and OSes for the hardware.

There are two ways Microsoft could go with its required secure UEFI, says Garrett. Windows can be signed with a Microsoft key and the public part of that key can be included with all systems. Or, each OEM could have its own private key and therefore be the one to sign its own pre-installed version of Windows.

Without a key, Linux will be unable to boot off the machine. It may be possible for Linux distro makers to somehow offer signed versions of Linux, but this too, is problematic as this would require a bootloader not covered by the GPL. It also doesn’t help people who want to run their own custom-tweaked versions of Linux.

Enterprise users should be sure to voice their concerns with their hardware supplier (Dell, IBM, HP, Toshiba and so on). Let them know that just because the technology exists to take choice away from you, doesn’t mean they should use it.