Protecting the pre-OS environment with UEFI


There have been some comments about how Microsoft implemented secure boot and unfortunately these seemed to synthesize scenarios that are not the case so we are going to use this post as a chance to further describe how UEFI enables secure boot and the options available to PC manufacturers. The most important thing to understand is that we are introducing capabilities that provide a no-compromise approach to security to customers that seek this out while at the same time full and complete control over the PC continues to be available. Tony Mangefeste on our Ecosystem team authored this post. –Steven

Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

The big picture – no compromises on security

The UEFI secure boot protocol is the foundation of an architecturally neutral approach to platform and firmware security. Based on the Public Key Infrastructure (PKI) process to validate firmware images before they are allowed to execute, secure boot helps reduce the risk of boot loader attacks. Microsoft relies on this protocol in Windows 8 to improve platform security for our customers.

 Diagram of Windows 8 platform integrity architecture: 1. Secure boot prevents running an unknown OS loader. 2. The kernel launches Early Launch Anti-Malware (ELAM) drivers first, and they enforce policy for 3rd-party drivers and apps. 3.  Measurements of the system start state were recorded in the TPM during boot. 4. To prove a client is healthy, the antimalware software can quote TPM measurements to a remote verifier.
Figure 1 – Platform integrity architecture

Microsoft is working with our partners to ensure that secured boot delivers a great security experience for our customers. Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.

For Windows customers, Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default, that firmware not allow programmatic control of secure boot (to prevent malware from disabling security policies in firmware), and that OEMs prevent unauthorized attempts at updating firmware that could compromise system integrity.

Most of these policies are not new to UEFI firmware, and most PCs today carry some form of firmware validation. Even the existing legacy support, such as BIOS password, is a form of secure boot that has been under OEM and end-user control for years. However, with secure boot & UEFI, the industry and Microsoft are raising the bar to create greater system integrity and health, and to provide customers with a strong level of protection against a growing class of threat.

What is UEFI?

UEFI (Unified Extensible Firmware Interface) is managed through the UEFI forum, a collection of chipset, hardware, system, firmware, and operating system vendors. The forum maintains specifications, test tools, and reference implementations that are used across many UEFI PCs. Microsoft is a board member of this forum, and the forum is open to any individual or company to join free of cost.

UEFI defines the next generation firmware interface for your personal computer. The Basic Input and Output System (BIOS) firmware, originally written in assembly and using software interrupts for I/O, has defined the PC ecosystem since its inception – but changes in the computing landscape have paved the way for a “modern firmware” definition to usher in the next generation of tablets and devices.

The intent of UEFI is to define a standard way for the operating system to communicate with the platform firmware during the boot process. Before UEFI, the primary mechanism to communicate with hardware during the boot process was software interrupts. Modern PCs are capable of performing faster, more efficient block I/O between hardware and software, and UEFI allows designs to utilize the full potential of their hardware.

UEFI allows for modular firmware design that enables hardware and system designers a greater flexibility in designing firmware for the more demanding modern computing environments. Whereas I/O was limited by software interrupts, UEFI promotes the concept of event-based, architecture-neutral coding standards.

What is secure boot?

UEFI has a firmware validation process, called secure boot, which is defined in Chapter 27 of the UEFI 2.3.1 specification. Secure boot defines how platform firmware manages security certificates, validation of firmware, and a definition of the interface (protocol) between firmware and the operating system.

Microsoft’s platform integrity architecture creates a root of trust with platform firmware using UEFI secure boot and certificates stored in firmware. A growing trend in the evolution of malware exploits is targeting the boot path as a preferred attack vector. This class of attack has been difficult to guard against, since antimalware products can be disabled by malicious software that prevents them from loading entirely. With Windows 8’s secured boot architecture and its establishment of a root of trust, the customer is protected from malicious code executing in the boot path by ensuring that only signed, certified “known good” code and boot loaders can execute before the operating system itself loads.

In most PCs today, the pre-operating system environment is vulnerable to attacks by redirecting the boot loader handoff to possible malicious loaders. These loaders would remain undetected to operating system security measures and antimalware software.

Existing boot processes: BIOS > Any OS loader code > OS Start
Figure 2 – Legacy BIOS boot path

Windows 8 addresses this vulnerability with UEFI secure boot, and using policy present in firmware along with certificates to ensure that only properly signed and authenticated components are allowed to execute.

Secured boot win Windows 8: Native UEFI 2.3.1 > Verified OS loader only > OS Start
Figure 3 – Secure boot path with UEFI

Secure boot is only a part of the Windows 8 Platform Integrity story. Along with UEFI, Microsoft’s strategy is a holistic approach to other available hardware to further enhance the security of the platform.

Background: how does it work?

Powering on a PC starts the process of executing code that configures the processor, memory, and hardware peripherals in preparation for the operating system to execute. This process is consistent across all platforms, regardless of underlying silicon architectures (x86, ARM, etc.).

Shortly after the system is powered on, and before handoff to the OS loader occurs, the firmware will check the signature of firmware code that exists on hardware peripherals such as network cards, storage devices, or video cards. This device code, called Option ROMs, will continue the process of configuration by ensuring that the peripheral is prepared for handoff to the operating system.

During this part of the boot process firmware will check for an embedded signature inside of the firmware module, much like an application, and if that signature matches against a database of signatures in firmware, then that module is allowed to execute. These signatures are stored in databases in firmware. These databases are the “Allowed” and “Disallowed” lists that determine if the booting process can continue.

Diagram showing Allowed list and Disallowed (Malware Hashes) lists controlled by KEK and platform key certificates
Figure 4 – Security databases for certificates

This figure represents the hierarchy of signatures and keys in a system with secure boot. The platform is secured through a platform key that the OEM installs in firmware during manufacturing. This is the process used today on most shipping systems, regardless of whether they are based on UEFI, or legacy BIOS. (Applications like firmware update utilities will use the platform key to protect the firmware image.) Other keys are used by secure boot to protect access to databases that store keys to allow or disallow execution of firmware.

The Allowed database contains keys that represent trusted firmware components and, more importantly, operating system loaders. Another database contains hashes of malware and firmware, and blocks execution of those malware components. The strength of these policies is based on signing firmware using Authenticode and Public Key Infrastructure (PKI). PKI is a well-established process for creating, managing, and revoking certificates that establish trust during information exchange. PKI is at the core of the security model for secure boot.

What is required for secure boot?

Secure boot requires firmware that meets or exceeds UEFI revision 2.3.1. The UEFI forum ratified the latest revision which updated the policies of Chapter 27 to improve upon the existing secure boot protocol to include time-authenticated variables, stronger keys for encryption, and clarification on how those certificates are stored.

The feature would be transparent to the consumer purchasing a PC. The benefit is that their system has an added measure of reliability from bootkit and rootkit attacks that target system vulnerabilities before the operating system itself even loads, as described above.

Who is in control?

At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.

A demonstration of this control is found in the Samsung tablet with Windows 8 Developer Preview that was offered to //BUILD/ participants. In the screenshot below you will notice that we designed the firmware to allow the customer to disable secure boot. However, doing so comes at your own risk. OEMs are free to choose how to enable this support and can further customize the parameters as described above in an effort to deliver unique value propositions to their customers. Windows merely did work to provide great OS support for a scenario we believe many will find valuable across consumers and enterprise customers.

Image of a console with options for TPM Configuration: Enable virtualization [enabled], CSM Support [Disabled], Attempt Secure Boot [Enabled], Display Rev. Info - Intel UEFI...
Figure 5 – Samsung PC secure boot setting

Tony Mangefeste
Ecosystem

Comments (186)

  1. Alberto says:

    Que bom

  2. Kevin says:

    Any OEM that won't let me turn this off or load my own certs won't get any business from me.

  3. Brent says:

    Well done.

  4. GoodWork says:

    Great to see the prompt and responsive Windows team keeping an eye on the blogosphere and current news. Keep working hard and pushing at Windows… Lets see Windows 8 in top quality before Ipad 3. Have your team work nights and weekends. :)

  5. @Steven, Do you have any plans to directly sell the Samsung PC to non //Build/ attendees like me.  I would not mind paying to get my hands on it.  Wouldnt it be actually beneficial to MS to do that?

  6. Jose Pedro says:

    There are a lot of news on how other operating systems which are partially or completely open source (especially the boot loader component) might not be able to boot in certified Windows 8 PCs due to the secure boot system, I'd like to make a few questions:

    Having in mind that any open source operating system or bootloader would probably have to provide publicly their keys, thus making it hard to have these validated, how could secure boot be made to be compatible with these, or these to be functional with secure boot?

    If such is not possible, will Windows 8 be usable on systems which have secure boot disabled for compatibility questions?

    Having seen Windows 8's nice metro boot loader for when there are multiple OSes, is it possible to incorporate other 3rd party OSes into this bootloader using any legit and easy way, both from a developer and user point of view?

  7. Trevor Sullivan says:

    Not surprising to see Microsoft take this stance — I knew they would do the right thing. Mostly just anti-Microsoft people screaming bloody murder …

    Thanks for the explanation, Steven — your posts, and the team designing this new technology are absolutely brilliant.

    Cheers,

    Trevor Sullivan

  8. B8Blog says:

    @Jose Pedro Of course Windows is usable without secure boot — just like the post stated :-)

    How secure boot works with any other operating systems is obviously a question for those OS products :-) We focus our boot loader on Windows and there are a number of alternatives for people who wish to have other sets of functionality.

  9. Dario D. says:

    I like the progress of this and other things.Looking good!

    But here's a bunch of "my ideas" regarding the Win8 Start Screen, and Metro, since I think those could be a worldwide disaster for computing (and Microsoft):

    http://www.alphaila.com/…/windows-8-concept-dariod

    (Quite important to consider and reconsider what some of Win8's features are ultimately going to MEAN for everyone.)

  10. B8Blog says:

    @Trevor Sullivan thank you!

    @kevin — exactly!  We enable the technology so you can have this choice.

    @DotNetGeekAtLive — sorry but we're all out.  As many have noted, the Samsung Series 7 will have many of the same characteristics (but not all), and also include Samsung support for the hardware and a retail system load of Windows 7.

  11. Nathan Ladwig says:

    @Steven, Can you elaborate on the boot requirements for ARM a bit? Will it require UEFI, will it be compatible with the built-on BIOS's, will it require ACPI, etc…?

    Basically, what I want to know, is there going to be any compatibility with existing devices, for the more technologically-inclined folk out there, or is it going to be strictly on new ARM devices?

  12. Nathan Ladwig says:

    Also, is the secure boot for the uefi an upstream check or what?

    Am I correct in saying that the uefi checks the windows loader that checks windows that then enters it's own kernel verification, or is there any back checking to make sure that a previous link in the chain wasn't broken?

    If I have a piece of malware that gets installed properly with a valid hash and whatnot, would Windows check it after it loaded the kernel, or would it be fully compromised at that point?

  13. Alan says:

    So how does this really help – Windows 8 is focussed on suspend/resume so any malware on the device is going to persist for a long time (basically until the box crashes)

  14. John says:

    Hahaha. Of course we knew that linux could dual boot with Windows. The linux fanbois just weren't getting enough attention with all of this recent positive Windows news. This is the year of the linux desktop, after all. Or wait… was that supposed to be next year?

  15. Curious says:

    What about expanding a bit on the metro apps locked to the appstore? Is that true? So developers will need to pay a fee just to write software and microsoft gets life or death on every software developer by approving or rejecting apps, and of course a generous cut on every single licenses sold? Will the appstore be *mandatory* or *optional*? Can software vendors sell metro apps directly to end-users like always, or do they need to ask and pray for microsoft's permisson? If this is true, don't expect many metro apps… it will flop like microsoft bob.

    Strictly requiring signed metro apps would be a bold enough step. Forcing everyone to your appstore like in the phone space and taking a 30% cut is not going to work.

    If it's true your should say it loud and clear right now, instead of playing bait-and-switch with free public dev previews and free tools not having any restriction yet.

  16. Bob says:

    How is malware prevented from just disabling secure boot?

  17. @Curious, it;'s already been stated that you can side load metro apps

  18. Curious says:

    @MrEs: where what this stated and who said it? Everything I've read on MSDN so far says otherwise. If WP7 is of any indication, you need to get approved as a developer ("get a developer license", whoch can be refused) just to execute your own app on your own computer or device. Then you have to submit every app and every tiny updates for microsoft approval and distribution to end-users is strictly through the appstore. Please state your source.

  19. Kitty says:

    Steven, Microsoft plans to have computers with the Microsoft brand?

  20. Drewfus says:

    "Microsoft is using the Windows Certification program to ensure that systems shipping with Windows 8 have secure boot enabled by default, that firmware not allow programmatic control of secure boot (to prevent malware from disabling security policies in firmware), and that OEMs prevent unauthorized attempts at updating firmware that could compromise system integrity."

    Excellent.

    @Steven Sinofsky: "How secure boot works with any other operating systems is obviously a question for those OS products :-)" Agreed. It is up to other OS vendors to get their acts together regarding secure boot, and if this causes conflicts with their licensing models, that's their problem. The onus is *not* on Microsoft to compromise system security to be 'fair' to the GPL, or whatever.

    Other than in the diagram, the post does not contain the string 'TPM'. You need a TPM chip on your UEFI motherboard to run secure boot. TPM chips are on a minority of motherboards, even UEFI motherboards. The post is somewhat misleading in not mentioning all this explicitly.

    This is otherwise a quality post, except for the section 'Background: how does it work?'. The relationship between hardware platforms (x86,x64,ARM), firmware types (BIOS, UEFI), TPM vs. non-TPM systems, platform and osloader keys, is not quite clearly explained. Could you possibly add a truth-table to the end of the document that indicates what systems support what features and what hard/firmware is required per case?

    "The feature would be transparent to the consumer purchasing a PC." When Internet Explorer connects to a secure website (using https), is that "transparent to the consumer [using the] PC"? Windows boot menu should indicate the PKI status of each boot entry to the consumer (new term for 'user'?). Why hide the feature completely?

  21. There seems to be some concern that it will no longer be possible to load alternate OSes on Windows 8 computers. Just to clarify, will it be possible to install other operating systems such as Linux onto pre-built Windows 8 computers?

  22. frymaster says:

    @mt325000

    the entire blog post was about clairying that :P

    pre-built win8 computers will only get the shiny sticker if they _SUPPORT_ the new security feature.  The new security feature will probably stop you installing many flavours of linux WHEN IT IS ENABLED.  Whether or not you can disable this new feature is up to the PC manufacturer, but "probably" is a likely answer

  23. I suspected as much, but Sinofsky didn't specifically state anything about installing alternate operating systems. Besides, many system builders, such as Dell, only include the most basic BIOS/UEFI features. What if every major OEM decides to not let users disable the UEFI security features?

  24. war59312 says:

    mt325000, assuming the OEM has the option to disable secure boot then of course that will be possible right now.

    If the OEM does NOT provide that option but provides the option to disable UEFI completely then you can also do that to install Linux.

    Other wise no you would NOT be able to install Linux, in its current forum. But major Linux Distros could of course get their own certs and have OEMs add them to the allow list.

  25. Mohit says:

    At times people want to rebuild their OS from scratch..do a clean install and start installing apps and then restore data.

    I wonder how a clean rebuild will put TPM to believe that this OS is legitimate

  26. Leo Davidson says:

    Thank you for clarifying this. The speculation about how it was going to work was getting a bit out of hand.

    Provided the OEMs don't do anything stupid, it sounds like all of this is sensible. Secure boot by default, but you can turn it off if you want to. Everyone should be happy with that.

  27. B8Blog says:

    @Leo Davidson  I think I have to agree with that.  

  28. Drewfus says:

    @Mohit: Good question. This should definitely be explained asap. What happens in the case of the retail SKUs? Can the consumer install the required certs into the UEFI-PKI, assuming they have a TPM?

  29. Nathan Ladwig says:

    @Steven, how 'bout some ARM lovin'? Or at least a note that you heard my message?

  30. xpclient says:

    As long as the Windows 8 boot loader is going to restart to boot into another OS thereby delaying its boot, I will be replacing the new boot loader anyways with one that doesn't delay loading of other OSes. Why is the Windows 8 boot shell (bootim.exe) not capable of booting at least older *Windows* OSes without rebooting?

  31. xpclient says:

    I notice that in Windows 8, the F8 experience has been reworked. You have to hit Shift-F8 instead. Moreover, some BIOSes have an issue where Shift is not sent to Windows this early.

    Also, F8 worked with the Vista/Windows 7 bootloader, but it didn't work reliably in cases where the boot delay was set to less than 1-2 seconds (at least not on the PCs I used). The official key to show the boot screen/F8 options was Space bar which worked reliably or all cases. (blogs.msdn.com/…/the-space-bar-is-the-new-f8-when-it-comes-to-vista-and-server-2008-boot-options.aspx). Now not only is pressing Shift+F8 together at just the right time before the OS begins to boot not easy but Space or Shift+Space no longer works. Can't it be a single keystroke that works reliably even if the boot delay is set to 0 seconds and doesn't change constantly?

  32. jtippet says:

    @Drewfus, @Mohit:  TPM is actually NOT required for secure boot.  There are two separate features: secure boot and measured boot.  The purpose of secure boot is to block unsigned code from the boot process unless there's an unforgable user action to allow it (e.g., flip a switch in the firmware settings).  While the OS won't technically require secure boot, most systems that are designed for Windows 8 will ship with this feature enabled.

    Measured boot takes things a step further: using a TPM, the feature provides a thumbprint of all code that executed during boot.  This thumbprint could be used to assure antivirus and other computers (e.g., a remote file share containing information confidential to your business) that the system has not been tampered with.

    Windows 8 will not require measured boot or a TPM.  While a TPM is useful for businesses, most consumer systems will probably continue to ship without a TPM (to reduce costs).  Measured boot isn't discussed in this article (except, confusingly, the first diagram), but you can learn more about it by watching this //BUILD video:  channel9.msdn.com/…/HW-457T .

  33. Jose says:

    My question is: what will happen with the Macs? All Intel-based Macs have EFI, but I don't know if Windows 8 will be able to be installed in a Mac without emulating a BIOS (Apple's Boot Camp).

  34. Drewfus says:

    @xpclient: The very notion of having to press some arbitary key or key combination "just at the right time" is itself, absurd, regardless of what the magic key(s) is. It is the standard keyboard design itself that needs an upgrade. Instead of the circa-1984 101/102 keyboard that everyone puts up with, a new keyboard standard should be pushed/encouraged by Microsoft that:

    1. Has a small key in top left or right corner labelled 'Boot Menu'. If the user holds this key down for ~2 seconds, a LED flashes 3 times indicating the EFI boot menu is activated on next boot. This works regardless of any OS being online. On reboot, the boot menu is presented to the user.

    2. A column of programmable keys down the left side of desktop keyboards and laptop keyboards > 15". Via a new tab in keyboard CPL, user can program these keys on a per user basis. This would be far more valuable than say, the multimedia keys that so many keyboards have that no one uses. The programmable keys could even have a dynamic mode – changing according to key press sequences. You could use it as a surrogate start menu in Metro, for example. I know this sort of thing is available on gaming keyboards, but not everyone wants to use one of those garish looking things.

    Altogether this would be useful, innovative and not-Apple.

    @post: "At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves."

    This sort of assumes that customers know what they are doing, and know what decisions can be made in various contexts. If the customer does not know about magic key sequences like Shift-F8, they have a different experience to someone who does.

  35. Chris says:

    This is a great read, but I can't almost guarantee this isn't going to stop a lot of the rumours. You need to speak in specifics. Show exactly what the case is for Linux, what scenarios if any can't you change the machine to boot to Linux.

  36. Drewfus says:

    @Jeffrey Tippet [MSFT]: Thanks for making that clear. IMO the post should be updated to include info about this secure boot – measured boot distinction, especially considering the subject matter has aroused some controversy. I will view the Channel9 video asap…

  37. Nick says:

    I notice that you're careful to avoid directly saying that customers will actually be able to manage UEFI certificates on non-developer hardware. For example:

    "Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates"

    So will customers be getting that access or won't they?

  38. iSaad says:

    if Microsoft put a feedback form in Windows 8, or build a specially feedback website for Windows (and support all languages).

  39. @Drewfus As you noted in Figure 1, we include the entire picture of how the Pre-OS environment is protected.  Secure boot, based on UEFI, is only one part.  It is correct to say that TPM isn't required for that, and our hope is that Windows 8 will demonstrate more compelling reasons for OEMs to adopt TPMs in the consumer space.  As more consumer scenarios come to the forefront in the ecosystem, and as those scenarios require more security from devices such as TPMs, you'll start to see that features like measured boot and attestation become more important.

    If you visit the Trusted Computing Group (TCG) website, they have a terrific white paper which details how measured boot and attestation works.  It's worth thinking about TPM's more than just an enterprise solution.  If you watch the security session from //BUILD/ on Ch.9 and review the materials from IDF, you'll see that we demonstrated how Windows 8 can create virtual smartcards using a TPM.  Making a leap from that to scenarios such as secure banking isn't hard to imagine.  And making sure that the platform is secure from the get-go is where secure boot make sense.

    That's why secure boot establishes the firmware as a root of trust.  That part may not require TPM, but as part of the whole picture TPM helps complete the security story for the consumer.  And of course, Microsoft always offers the options for customers who don't want to participate to opt-out of secure boot, and other security features at their discretion.  We feel most customers will benefit and enjoy the added security, however.

    Regarding keypresses, we're standardizing on two keys to get you into the different firmware setup options on PC's.  The <ESC> key will become the standard key on PC's with keyboards to launch firmware setup, and the <WIN> logo key will become the standard way to get into the Boot Manager settings (the old F8 method).  You'll see these become standard on newer Windows 8 Certified PCs.  (A bit off topic from the original post, but worth answering.  This detail can be found in the firmware presentation from //BUILD/ and IDF.)

    @Nick We accurately stated that such decisions are left to the OEM.  There may be good reasons why certain enterprises may not want PCs that can be configured in such a way, and there may be good reasons why an OEM or white box retailer may choose to allow that flexiblity for their customers.  It's all about choice and flexibility.

  40. UEFI Secure Boot offers me new opportunities to have a secure system. I don't want to miss that on my win8 system in the future and for those, who don't want to use that technologie, they can disable it.

  41. cjb110 says:

    How do the certificate databases get updated??  Would new OS's have to wait for the numerous mobo manufactures to update the BIOS's??

    I can see secure dual boot working for *current* OS's, but any new ones wouldn't be in the database.

    Also this will be open to non-OEM's too?  So I can get a compatible motherboard and turn all this on myself and Windows 8 will be just as secure as if I bought an OEM PC?

  42. lee says:

    hi, can i know when the win8 beta will come?

  43. @cjb110 UEFI provides the protocol and interfaces to update the databases.  Windows 8 supports these new protocols to update the databases in firmware.  The action taken to update such databases are also done securely through PKI.

    All Windows 8 Certificated systems or motherboards will have support for Secured boot.

  44. Ramesh says:

    you guys need to check out this concept video that suggests a few improvements for Windows 8. It's fantastic.

    http://www.youtube.com/watch

  45. First of all, hats off to you for responding so quickly to the mounting questions about the subject. You have might respect, and it is greatly appreciated.

    I guess the Windows 8 team cannot do much about the UEFI spec (which of course was nonetheless created with great input from Microsoft), but what you describe here is a lose-lose situation, unfortunately.

    Correct me please if I am wrong, but if secure boot is enabled, then legacy (non-signed) OSs can't boot, right? So then we have two possible scenarios:

    - Secure boot is enabled on motherboards by default. This will make most other OSs (especially Linux for reasons you are probably well aware of) unbootable unless you turn it off. Average users will be unlikely to even understand the problem, so average users will be incapable of installing other OSs on their system. Cue anti-trust accusations, etc. etc.

    - Secure boot is disabled on motherboards by default. Other OS install will be possible, but because the above issue, the average user will never benefit from the added security because the feature will likely be never turned on. That's not a very positive scenario either.

    (By the way, does the TPM spec. not state that the TPM module must always be enabled by hand by the end user? If so, the latter scenario is the only possible one.)

  46. Windows 8 suggestions says:

    I use both Windows and Linux, and have been doing so since many years. There are a lot of users out there like me. I still consider Windows a bit  smelly sometimes, but its ok since WIN 7.

    .3 things that would change my attitude against Windows 8 would be A) support other OS:es in Boot menu – ie dont destroy grub and stuff when installing windows. B) native support for att ext 2,3,4, filesystems!!! C) native UTF-8 in Windows.

    If these were there, Microsoft would be getting a lot more positive feedback out there from users like me.

  47. Ah, I should have read more of the comments. So the TPM is not needed for secure booting. My mistake.

  48. User says:

    This has got to be one of the most disgusting "features" I've heard of in over 20 years of computing.

    What problem is this trying to solve?

  49. Matt E. says:

    @pip25, To cure your first curiosity, Linux can be loaded even if the security is enabled but NOT ALL flavors of it (as Steven mentioned). Like Red Hat, Ubuntu, Fedora yada yada who have their product certified. Not some wannabeGeekJoe flavor which may tamper the low-level system settings and there is nobody responsible for it! And hey average joe don't use Linux anyway, and the actual geek knows how to sidestep some land mines ; – )

    @User, Welcome to the world of Computing. Now to cure your curiosity, in 20 years you might have heard of the cases in which an average (non-tech-savvy) User don't have any idea that what's the actual reason behind their system is compromised or attacked by virus and since so forth.. So this is a vast security problem which needs to be addressed at *all* levels starting from Boot loader till the death of the OS session. But if you are just another troll like few others here in the house, remember! there is no need for argument, coz a troll will always be a troll.

  50. @Matt E.

    So you don't think the GPL licensing which all (to the best of my knowledge) Linux distributions fall into specifically forbids withholding the keys required for such certification? Because so far, it looks like that if, let's say Red Hat wants to enable secure boot while satisfying the conditions of GPL, they must release the keys involved with the source code, which malware could then also employ. This would render the whole system just as vulnerable as it is now. (Perhaps a bit worse given the new false sense of security.)

  51. sdf says:

    unless microsoft mandates in the win8 certification program that this bios option is user-configurable it still stinks to high heaven – and even with the option of turning it off… how many normal users even know how to get into the bios?

    i wouldn't be surprised if microsoft would get into legal trouble with the EU over this.

  52. Stephen J Sweeney says:

    As far as I understand it, OEMs will *have to* allow users to disable, if they want to sell in the EU.

  53. Jim says:

    This is stupid.  First, it's a blatant attempt to make other operating systems difficult to install (impossible for newbs).  Second, it's completely unnecessary.  How many pieces of malware ever attack the BIOS or even the MBR???  

    We see what you're trying to do here.  Instead of anticompetitive behavior, why don't you try designing Win 8 so it doesn't look like a crappy phone?  Win 7 was just fine, why not leave it alone???

  54. Brian Kemp says:

    If all drivers are required to be signed, what happens when I swap out my OEM-provided nVidia card (that overheated/failed) for an AMD one and the AMD keys aren't in the UEFI keystore?

    Am I unable to boot?

  55. Mackenzie says:

    Note to self: never buy a piece of hardware that uses UEFI instead of good ol' Linux-compatible BIOS.  Either that, or become Amish. I'd rather not have a computer than have one running Windows.

  56. Jote says:

    I don't get this whole "Average users will be unlikely to even understand the problem, so average users will be incapable of installing other OSs on their system" problem.

    Average users are average (as the name implies). They hardly ever install other operating systems. If they choose to they will found out how to disable secure boot using Goo… pardon my French, Bing.

  57. Mackenzie says:

    @pip25:

    The GPL does not require public signing keys. Since you've obviously never looked at the way security of repositories full of GPL-licenses software works, let me give you a hint:  a GPG-signed list of hashes.  That's how we verify that a package matches what the archive maintainers have released.  This is asymmetric encryption. The public key is available, but the private key, in Ubuntu's case, is held solely by the build servers.  Pushing updates to the build servers is done by developers who sign with their own personal private keys. The build server then has the public keys for the developers (to verify their signatures) and the private key for the archive-wide signatures.  The user's systems have the public key for the archive-wide signatures.  As an Ubuntu Developer, I have no access to the private archive signing key. It is, of course, PRIVATE.

  58. Cesar says:

    The problem with saying Red Hat, Ubuntu, Fedora, and so on could have their product certified, is that all these distributions allow the user to compile his own kernel to replace the distribution-provided one (and I have done so on occasion). Therefore, the certification would be able to only go as far as the bootloader – which can load anything (even Windows, via chain-loading).

    This is unlike Microsoft Windows, where only Microsoft can build a new kernel.

  59. @Mackenzie

    Thank you, then I was apparently misinformed. That's certainly a relief. Now I will only hope that major distributions will be able to get themselves keys the various OEM manufacturers will accept in their products.

  60. Joe says:

    Please describe in detail which features of Windows 8 will get disabled if secure boot is turned off in order to allow a dual boot with another operating system.

  61. David F. Skoll says:

    NOTE TO HARDWARE VENDORS:

    I am in charge of buying hardware at my (small) company. We buy several tens of thousands of dollars of PC hardware per year… not a lot in the big scheme of things, but a lot for a small company.

    We will UNDER NO CIRCUMSTANCES purchase any hardware that does not allow us to install Linux. So those hardware vendors who want to be Windows 8 compliant, think very carefully. If you don't provide a way to disable bootloader verification or allow end-users to insert their own verification keys, you will not get our business.

    I encourage anyone else in this position to post here.

  62. Cesar says:

    Mathew Garret responds to this post: mjg59.dreamwidth.org/5850.html

  63. IGnatius T Foobar says:

    Microsoft can put all the spin they want on this, but the long and short of it is that they will take any opportunity they can to reinforce their monopoly.  The age of the PC is drawing to a close, and as this happens, Microsoft will attempt to tighten its grip even more.  We in the free world must push back as hard as possible to prevent this from happening.

  64. William says:

    If the major OEM's fail to allow users to disable secure boot, we will do two things:

    1) Launch a class action lawsuit against them and Microsoft

    and

    2) ask the US congress and the EU to reopen the ant trust proceedings.

    This isn't something you can just blame on the OEM's it will come back to you a thousand fold. I would suggest requiring OEM's to allow a disable for secure boot. That is the only way for you, Microsoft, to ensure that class action and anti trust activity will not come of this.

  65. I 100% agree with Jote, the average user really doesn't bother reïnstalling his pc with a new os. Let alone install Linux. And when they will attempt to reinstall windows they will indeed use google (the average user doesn't know what Bing is (if i tell my wife to use bing as a searchengine she looks @ me like a drunken sheep that just got a lecture from albert einstein)). And if this is some 'clever way' of Microsoft to reinforce their monopoly, i think it fails miserably. The average Linux, etc… user is clever enough to find/figure out how to disable this feature, so there is no "harm" done. Imho i think it's a very good feature and i'm happy to read it will be enabled by default.

  66. Martin says:

    But can Windows 8 boot if I disable secure boot?

  67. Steve says:

    Wow. Another layer of code to slow down our pc's. I wonder if this technology will be broken before the release of doze8 like the blue pill killed any idea of boot security in doze7…

  68. TGM says:

    But why does it have to come down to BIOS checking? You're telling me you guys have no way of making the BIOS area read-only when Windows boots, staying read-only for as long as the PC is on? Banning pretty-poor Windows-based BIOS update tools would just stop unusers from bricking their own PCs…

  69. TGM says:

    But why does it have to come down to BIOS checking? You're telling me you guys have no way of making the BIOS area read-only when Windows boots, staying read-only for as long as the PC is on? Banning pretty-poor Windows-based BIOS update tools would just stop unusers from bricking their own PCs…

  70. Jote says:

    @Martin

    to quote

    "Steven Sinofsky 22 Sep 2011 4:10 PM #

    @Jose Pedro Of course Windows is usable without secure boot — just like the post stated"

    @Weslee db

    Couldn't have put it better.

  71. What bothers me the most is that these 'blog sites' that are making a big deal out of the secure boot scenario are the same ones who try to attack Microsoft in regards to malware and viruses.  Here we are, with a wonderful solution to a growing problem that I have already encountered in my workplace and now the are complaining.

    Point is, people are going to complain before they will praise.  In my business environment, I will embrace this with open arms.  I think it is a wonderful step in security.

    On my personal machine that I hack around and play with, I will just make sure I have one that I can turn this off on.  It is no big deal… Well, I take that back.  It is a big deal, because it is a GREAT feature to keep computers safe in the workplace and at home.

  72. aywnheqk says:

    The big issues is that microsoft will say it's up to the OEM to have a option to enable/disable uefi security policy, at the same time microsoft is offering lower win8 license costs to those who don't offer the option of disable the uefi security policy. You can self see what is more important to an OEM, a slightly higher profit on each sold unit or the customers freedom.

    We will quite soon see viruses which will get around the uefi security policy. as nothing will be stronger than the weakest link, in this case the microsoft products itself.

  73. LinuxUser says:

    Just be warned – if there's any chance of locking out other OS's – you'll get DOJ'd again for Monopolizing. And 3 strikes in Europe is not clever.

  74. Azrael says:

    What about Linux? Will it block users wanting to install/boot Linux?

  75. Michael Roth says:

    You should mandate that users have the ability to disable secure boot and add keys, else you leave it up to manufacturers whether a user would ultimately be allowed to boot anything other than windows. If you're willing to leverage your market share to ease the install of your system, you should take the simple steps to ensure you don't make things necessary difficult for other vendors in the process.

  76. elias says:

    but, will the user be able to sign his own loaders? if the vendor signs windows 8 loader but don't let the user sign a linux loader, then this protection is available only for windows.

    i just hope that by setting some jumper, or configuring something at the firmware, the user itself will be able to sign *his* trusted loaders, and not just the loaders the vendor trust.

  77. Shoaib Nawaz says:

    Microsoft is focusing to dis-hard newbies towards linux. My colleague helped the one to switch to linux due to windows instability he faced, his feedback was "I can suicide but cannot return to windows again"

  78. Jim_Maryland says:

    I guess my biggest fear is that the decision to allow/disallow flipping the switch is left up to OEM, not the end users.  Past tactics by Microsoft (like most businesses) show that they'll act in their own best interest and not so much for the consumer.  While the OEM gets the decision, what sort of influence will Microsoft have in that decision?

    Will vendors prominently display (in reasonable terms) that they will or won't support the ability to disable this feature?  While true that most consumers won't be concerned about it, there are plenty of people that do try alternative operating systems.  When I next build a system, I'd like to make sure that it supports the user control over the setting.  I'm also the family member that has to go and repair the computers with friends and family members and there have been times where oddly/surprisingly some have asked what I know about Linux .

    The topic is a bit lower level on the boot process than I'm familiar with, but could there be another option to the secured boot process?  What if secured boot was enabled and simply reported if the selected boot loader was approved or not then reported in a standard method to the OS the result of that detection?  Operating systems could display a status message about "Secure Boot" or "Non-Certified Boot" depending on the UEFI configuration.

  79. Matt E. says:

    @pip25, from the developer's perspective I can tell the way Linux code is preserved and versioned in the secure repositories via GIT is done by using the pair of public and private keys. Otherwise those repositories would have compromised first. So the point is; there exists the private aspect when it comes to security. Moreover, Mackenzie elaborated it more explicitly.

    If there is anyone curious about Linux installation when security is enabled, I am pretty sure that the certified flavors (Ubuntu , fedora, RedHat and many more) would provide the certificate to pass through the UEFI level security. This is my optimistic guess. You can confirm it from Linux folks or ask Linus Torvalds if they are planning to implement this module. Also, for EU folks, you can wait the official words from the engineers of other OSes rather than rumoring something that is not confirmed yet as there are multiple stakeholders involve, OS manufacturers, OEMs and whole bunch of security conscious industry/people…

  80. John says:

    yeah right. The day microsoft gives customers any choice whatsoever is the day hell freezes over. I notice the nice screenshot of the samsung tablet did not have a menu which allows keys to be loaded on it, just a secure boot switch. So much for "choice". I cannot load my linux keys and boot my linux image in secure mode on that device. Only windows. Yeah, great "choice" microsoft.

  81. @Jim_Maryland says:

    Implementing security features is a good tactic. Linux CAN BE installed regardless to the matter UEFI security is enabled or disabled. Why you guys are worrying about nothing? Don't you see anything good in terms of development? TROLL TROLL all lame!

  82. Kellic says:

    @John "I notice the nice screenshot of the samsung tablet did not have a menu which allows keys to be loaded"

    Suggestion:  Know what you are talking about before you mouth off.  You obviously are a master of knowing all with a single screen shot of an OS that is a year out and hardware that isn't finalized or configured for mass use.  That is impressive.

  83. KenS says:

    Can the UEFI be infected by malware?

  84. Wacko says:

    According to netmarketshare.com, Linux usage is at 1.1% whereas Windows is >92%

    So, why on earth bothering about giving its support in first place?

  85. David Nelson says:

    Please – PLEASE – stop saying "no compromise". It's just embarrassing when you try to use meaningless market-speak when you're talking to technology professionals who know better.

    I'm begging you – stop embarrassing yourselves.

  86. David F. Skoll says:

    @ChrisCollinsTheRadioGuy: "Here we are, with a wonderful solution to a growing problem that I have already encountered in my workplace and now the are complaining."

    Let's be clear here: UEFI and secure boot do NOTHING to stop malware.  NOTHING AT ALL.

    If Windows has a flaw in it, malware will exploit it, secure-boot or no secure-boot.

  87. David F. Skoll says:

    To @Jim_Maryland: "Don't you see anything good in terms of development?"

    I do.  UEFI and Secure Boot are excellent features.  But only if they let me use MY OWN signing key.

    I do not trust Microsoft.

    I do not trust VMWare.

    I do not trust Oracle, HP, or any other vendor.

    I do not trust anyone else to determine what is safe for MY computer.  I trust only myself and I only want my computer to run software I approve, not what someone else does.

  88. Brendan says:

    Microsoft–do you REALLY think the OEMs are going to let end-users turn off secure boot? NO. They will lock it down, just like most OEMs who either hide the BIOS Setup entry prompts or put an administrative lock on the BIOS (or worse–make all but a handful of BIOS Setup options available). The only exception is DELL, who not only makes the BIOS Setup available, but also makes the setup options available!  OEMs are not engineering companies–they are sales companies. They will do everything they can make sure support calls are kept to a minimum (ever try calling Acer, Asus, or Samsung? It's a nightmare and they are very quick to say "you changed something–warranty void. Goodbye."

    I like what I see with Windows 8 so far, but this is a huge turn-off for me and might make me stay with Windows 7 or even switch to Mac.

  89. Nathan Ladwig says:

    @David F. Skoll, it'll work to stop exploits like blue pill ( en.wikipedia.org/…/Blue_Pill_(malware) ), which are becoming increasingly common.

    Something else it'll help stop is the bootloader attacks that were used to compromise the activation system in Vista/7, though since it can be disabled, will not be 100%.

  90. alex nick says:

    i have just lad my hands on the windows 8 developers preview build version ..it was superb ..i like each and every creative work you guys did in windows 8…its simply superb ….

    wish to see more in coming months…

  91. alex nick says:

    i have just lad my hands on the windows 8 developers preview build version ..it was superb ..i like each and every creative work you guys did in windows 8…its simply superb ….

    wish to see more in coming months…

  92. In the "Windows boot experience" video You show us what METRO UI good for!

    It's good for a pre-boot enviroment. It's perfect for an OS select screen. It's a perfect option to change the old 8bit screen.

    But that's all. To be a PC OS it's a shame!

    When You finish this screwed Win8 there will be one tablet manufacturer, and that will be Apple. Apple will win this meaningless fight for the tablet market [lot of manufacturers already start to quit]. And the hype will over. What are You going to do then with Your odd OS?

    On a 24" LCD who's going to watch those ugly tiles on a DESKTOP PC??!! With a MOUSE and KEYBOARD!

    MAKE A WIN8 TABLET EDITION AND MAKE ANOTHER ONE FOR DESKTOP WITHOUT METRO UI! You already good in selling a product in 10 different edition, so it's not going to cause a problem!

  93. In the "Windows boot experience" video You show us what METRO UI good for!

    It's good for a pre-boot enviroment. It's perfect for an OS select screen. It's a perfect option to change the old 8bit screen.

    But that's all. To be a PC OS it's a shame!

    When You finish this screwed Win8 there will be one tablet manufacturer, and that will be Apple. Apple will win this meaningless fight for the tablet market [lot of manufacturers already start to quit]. And the hype will over. What are You going to do then with Your odd OS?

    On a 24" LCD who's going to watch those ugly tiles on a DESKTOP PC??!! With a MOUSE and KEYBOARD!

    MAKE A WIN8 TABLET EDITION AND MAKE ANOTHER ONE FOR DESKTOP WITHOUT METRO UI! You already good in selling a product in 10 different edition, so it's not going to cause a problem!

  94. MichaelTaylor says:

    If that's true I'm glad.

    Though in the past these kind of denials usually mean their long game is precisely what they're denying.

    They denied plenty of other anti-competitive practices too, but the courts saw it differently.

  95. David F. Skoll says:

    @Nathan Ladwig: "Blue Pill" is esoteric compared to run-of-the-mill malware that arrives as a plain .EXE or .SCR.  Users are either tricked into installing it or don't know they're installing malware (thank you, Sony.)

    This malware doesn't need to touch the boot sector.  It doesn't even need to exploit Windows.  It just sits quietly listening for commands and sending spam or running a DDoS.

    This malware spreads because of a brain-dead decision 25+ years ago to conflate file naming with "executableness".  If Windows had a UNIX "x" bit instead of relying on filename extensions to mark executableness, the malware industry would be much smaller.

    The really effective way to slow down malware is to ditch Windows entirely.  Patching a basically flawed design this late in the game is pointless.

  96. David F. Skoll says:

    @Nathan Ladwig: "Blue Pill" is esoteric compared to run-of-the-mill malware that arrives as a plain .EXE or .SCR.  Users are either tricked into installing it or don't know they're installing malware (thank you, Sony.)

    This malware doesn't need to touch the boot sector.  It doesn't even need to exploit Windows.  It just sits quietly listening for commands and sending spam or running a DDoS.

    This malware spreads because of a brain-dead decision 25+ years ago to conflate file naming with "executableness".  If Windows had a UNIX "x" bit instead of relying on filename extensions to mark executableness, the malware industry would be much smaller.

    The really effective way to slow down malware is to ditch Windows entirely.  Patching a basically flawed design this late in the game is pointless.

  97. Emem says:

    In short this sounds like a proxy war tactic. MSFT has  the "OEMs" lock down future BIOS to boot just Windows OS.

    Oh you wanna run Linux on your machine..? Too bad your OEM does not allow that…!  Instead please keep staring at  that shiny Windows sticker on your machine.

    Profit!

    //FWIW, I and my org will not be buying hardware locked down to a MSFT OS. Get a clue, if you want my $$.

  98. David F. Skoll says:

    [Off-Topic]

    Could the msdn.com blog programmers *please* write blog software that detects and suppresses double-submissions?  Now that you have a plan to destroy non-MSFT operating systems, surely you have some time on your hands? :)

  99. David F. Skoll says:

    I am a loser and a folking troll. I'ts not my fault (That's what my mother told me). Please don't read my nonsense comments too much.

  100. Jote says:

    @Prettysure: would you be so kind and return on topic? As if Microsoft would suddenly listen to your all-caps and change Windows 8 philosophy and release strategy. Get real?

    @Brendan: you are complaining about "locking down" and threatening to switch to a Mac at the same time. Seriously? ;)

  101. lol says:

    @Brendan, back in the day you realized that Mac is for oblivious girls and gays and Linux for cheap junkies. An average customer like yourself (hopefully) love to stick with Microsoft while depicting their sanity. If you have a problem with the product under consideration, report it via the tool provided at connect website and make positive criticism here and/or on MSDN forums so your words are heard.

    @all, it’s a DEVELOPER's PREVIEW so if you are NOT a developer or concerned person then STFU. And if you are one, play a fair game and provide the feedback where it belongs!

  102. Common sense says:

    UEFI off topic, but W8 related:

    http://www.zdnet.com/…/14917

  103. mfq says:

    I think disabling Secure Boot functionality is a last resort solution and really shouldn't be required to boot other operating systems. The user should have control over the keys. How likely is it that some OEM gives its customers the possibility to upload public keys?

    Just like the existing trusted boot facilities which utilize a TPM it should work just fine with other operating systems. Sadly, I doubt that many vendors will give users those possibilities.

  104. Mikael says:

    What happens when a root sekret key is compromized?

  105. David F. Skoll says:

    The "I am a loser and a folking troll." fake comment is clearly the best that a pitiful little Microsoft fanboi (or was it an employee?) could muster.  How pathetic.

  106. David F. Skoll says:

    So what if I am really a big time fuffing looser… so what? I don't have respect and all that? R u kidding me? I am a lowlife cockroach how can I earn some respect? I was born during daporn. So what people, so whaaaat?

  107. justauser says:

    I don't think the problem of unsecure booting is driving this initiative.

    If the issue is unsecure booting, why not just provide a means to reflash the bios or tpm or uefi or pbecak or whatever the silly thing is?  So if I let the barrier down and boot up a linux, and gum up my uefi, I can restart with the cd/usb/smart card and reflash the corrupted uefi/bios/tpm/ etc?.  

    From now on, as long as I own the machine and the OS.  

    This would have the added advantage of dealing with the inevitable uefi hack.  Don't deny it, you know it will happen.  Always has.  

  108. Ivan says:

    So, in short, you've confirmed everything Garret was saying.

    The only way out of this fiasco is to mandate user-accessible control of UEFI checks in motherboard configuration.

  109. David F. Skoll says:

    That post was not sent by me either. I guess I hurt feelings of some Microsoft employee. I hate Microsoft and all its products more than before and I will not use *any* freaking product of Microsoft from now on. I will throw my Xbox and WP7 and burn my PC and buy MacMachine. And to all the Microsoft employee and fanbois. Fokyoutoo!

  110. David F. Skoll says:

    That post was not sent by me either. I guess I hurt feelings of some Microsoft employee. I hate Microsoft and all its products more than before and I will not use *any* freakin' product of Microsoft from now on. I will throw my Xbox and WP7 and burn my PC and buy MacMachine. And to all the Microsoft employee and fanbois. Fokyoutoo!

  111. Ian Hickson says:

    @David F. Skoll, are you a sociopath? Seriously?

  112. Stefan says:

    If Microsoft continue follow this idea i will report it to the European Union. I will report it as You and the hardware manufacturers have a "secret" deal closing for alternative OS:es and so on. I don't trust Microsoft !

  113. Jack says:

    I will sue them for not giving me free WINDOWS7!!!!! grrrrrrr!

  114. "Let us change together" :-) says:

    [QUOTE]UEFI off topic, but W8 related:[/QUOTE]

    Hes part right and in another not using a Touch combined UI such as Metro together with the old Windows Shell has some benefits in Efficiency and the Market for Desktop LCDs with Touch Included is growing we have to finally change from the old style Interfaces to Natural User Interfaces and also combine them Efficiently with Speech.

    This will also make it easier in a Demographic changing Society for Everyone to use Computers and to Participate and that is Bill Gates Vision and this is Windows Blackcomb (the biggest change in Windows History since Windows 95) :-)

    It will allow a Consistent Experience throughout Devices a perfectly Designed Ecosystem that will force Apple to heavily react :-)

    Though yes Skeptic about this Secure Boot is surely not wrong it is a big change and everyone has the right to participate in the IT world from this not only Microsoft so this will be a utterly important Development in the next Beta cycle to watch (also Specification wise) especially as Microsoft showed signs of coming nearer to Linux with this very nice Birthday Present don't you remember Steve ?

    http://www.youtube.com/watch

    So the Skeptics here should be taken clearly serious by Microsoft and it should be further Discussed how to start this new Windows Era without hurting anyone else, especially as this is no full blown answer to a Secure Consumer system it can still be infected it will only make the user aware that it actually is in a infected state in those regards Intels own advances to a Secure PC Platform are more serious and useful over the past years then this Secure Boot :(

  115. @TheLinuxFoundation says:

    No one gives crap about Linux in real world. Its usage is 1.1% even after what? 16-17 year?

  116. Will it be possible to buy Windows 8 hardware that comes without UEFI secure boot in its entirety? I prefer generic, unspecialized hardware.

  117. "Let us change together" :-) says:

    @TheLinuxFoundation

    23 Sep 2011 6:25 PM

    #

    No one gives crap about Linux in real world. Its usage is 1.1% even after what? 16-17 year?

    Sure but that doesn't give you the right with your Market Force to try to end its existence in the consumer world ?

    Also Linux can't die that easily as you might think because it's not only a OS alone :-)

  118. StatsPerson says:

    @"Let us change together" :-)

    Linux 1.1% vs Windows 92.8% after 17 years ???  Was it ever born?

  119. Linux accounts for more installations across ALL devices than Windows.

  120. StatsPerson says:

    @Iam Melab.. Yawn.. who cares? Btw, you are a troll. Just saying!

  121. Matt E. says:

    @I am Melab, thus far I am using win8 in my PentiumD machine with Fedora10 and win7. You don't have to buy UEFI board if you don't want. Microsoft as always supporting multiple boards and architectures and so is Linux) as opposed to the iCrap. Lot of people trolling about enabling security in UEFI would make the machine Windows-only. Well that's not the case at all. You can dual boot with UEFI and other OSes (like Linux or Windows.old) with or without the UEFI security enable, in case they pass the UEFI certification phase. (and most Linux flavors shall employe those certificates) Which is in fact for your security. But. if you still don't like it just get rid of it. You can disable it. Also, you always have option to get BIOS-based board.

  122. Its not just about the security thing, which I don't see Microsoft doing to lockdown PCs, considering the DoJ still has their eye on them. I just prefer generic hardware. I'd rather the secure boot portion be implemented in software.

    Additionally, does anyone know if the ARM versions of Windows 8 will come with the capability to disable secure boot?

    And no StatsPerson, I am not a troll. Just a curious person.

  123. StatsPerson says:

    @Matt E. keep it simple. If you don't like it don't use it. Confused people like Iam Melab 1) use Windows 2) given any reason, they tend to participate in trolling against it.

  124. B8Blog says:

    A note on comments and community standards.  These comments are well below the level of dialog we hoped to have on this blog.  If people cannot police themselves in their reactions to design discussions and to each other, then the mechanisms for comments will change.

    Respectfully,

    Steven

  125. @Steve, would you mind answering the questions I posted? (My apologies if this post comes off sounding rude.)

  126. Anonymous says:

    @Steven Sinofsky I think this blog should be members only now. Anyone trolling should be banned from Windows Live.

  127. Nathan Ladwig says:

    @Steven, yea, there've been numerous questions left unanswered here, care to shed some light on 'em?

  128. @Nathan Ladwig says:

    I am afraid this is not the good place to raise questions. As you might have observed, parsing 100+ comments and answering them is a cumbersome. To entertain your questions, windows-8 forums are designed and deployed (http://win8.ms/forums). Also, you can send your feedback using the feedback tool available on Connect website.

    Thanks you.

  129. @I am Melab says:

    Please raise your questions at http://win8.ms/forums.

  130. Drewfus says:

    @Tony Mangefeste: Thanks for the info! I'll get up to speed with this stuff at the weekend, and ask questions when i know more about the subject.

    Regarding key presses, standardizing on those keys is good in itself, but now we have the situation that there is another way of accessing boot menus, depending on firmware and OS on the system in question. And of course, the answer to the question "what operating system are your running?" is "don't know" or "i think it's X". So trial and error will be necessary on the phone. Rather than restating my point, please refer to the comments in the //build/ video by Emily Wilson @57.08 (yes i did watch it all :) )

    @cjb110: "How do the certificate databases get updated??" Windows Update

  131. @Drewfus says:

    Can you post the channel9 link for the video you mentioned? Thank you.

  132. Drewfus says:

    @Steven Sinofsky: "These comments are well below the level of dialog we hoped to have on this blog."

    My two bits worth: When people feel they can be more virtuous than the next guy, just by saying something vaguely pro-social, their behaviour will deteriorate in other respects, to keep things in balance. Quality affects at work.

  133. Drewfus says:

    Delivering a secure and fast boot experience with UEFI

    channel9.msdn.com/…/HW-457T

  134. jar says:

    perhaps ms is starting to cut pipes that made them money.

  135. @Steven Sinofsky

    I would suggest requiring a Live ID or OpenID to post. Not a big deal, but it could help with impersonations, for instance.

    About OEMs not including the disable option:

    I doubt that will be the case for a very simple reason: Doing so would mean that their computers would only run Win8. No Windows 7. No XP. Even if they don't care for OS alternatives like Linux, not everyone will want to upgrade to Winows 8 right away, and offering a motherboard which can run none of the previous Windows versions would be a very stupid decision generating unnecessary bad PR.

    I am more concerned about what Mathew Garret mentioned in his blog posts: The developers of other OSs will be simply unable to get their own keys added because they lack MSFT's resources, making every OS other than Win8 a second-class citizen on the PC, which STILL counts as an anti-competitive measure. The ability for users to add their keys via a secure, non-automated way through the UEFI would be the ideal solution.

  136. @pip25 says:

    Imvho, pushing the same kindda comment over and over ain't gonna make them revert their decision. Linux tend to make Windows secondary so does Windows. But till date they never came across eachother. It is just the matter of bootloader where we can see Windows and Linux listed together (or on the Novell's website if you really care about moonlight). Otherwise people from Linux world don't have any respect for other worlds and vice versa. This is a blatant truth. Now about this OEM decision thing. If you take a closer look at this matter and think twice, it's really the OEM choice. You may get into the debate that its actually the company guy pressuring them to do so. But it doesn't matter for the end user like joe. You can expect something like: (just visualize) on dell's website, there are two rows for latest set of laptops and tablets on the showcase page. One contains Windows-only ARM/Intel machines and the other one contain open-for-all machine (unlocked, without OS). Now, I am not gonna comment on what percent of win-only machines would be sold (which is obviously some higher percentage and ofcourse im not betting on your money!). Just think about the other machines, how many percentage would get Windows installed in them even the end user have the leeway to install the OS of their choice… (be realistic; perhaps 1.1 : 92.8)??

  137. Christopher Lees says:

    This does not address the real issue with Secure Boot, which is that bootloaders for virtual machines or other operating systems (including older versions of Windows) will not be able to run. Will OEMs include keys for all other possible legitimate bootloaders? Will they all really add a function to turn off Secure Boot, because we all know that OEMs don't always handle the BIOS very well?

    The other issue is that it's debatable whether this really adds a practical layer of security. Malware currently can be virtually irremovable even without touching the bootloader, just by embedding itself into Windows libraries. That's rootkit behaviour. Secure Boot will not prevent it. Who needs a modified bootloader when you can hide within the system's own DLLs and be almost undetectable, and certainly irremovable?

  138. @Christopher Lees says:

    UEFI based Windows8 would probably be tablets and next-gen touch PCs. For older desktops, BIOS is not refraining you to do dual boot. But imagine if you have an ARM, UEFI based tablet. Would you like to make it dual boot with other OSes? Wouldn't it be ugly to have 2 OS on tablet? A real PC running anything other than Windows is an ugly PC !!

  139. It's interesting that Microsoft have chosen to respond to the myriad of comments complaining that the Windows 8 boot loader (like the Win 7 boot leader before it) assumes that it has the right to overwrite any other boot loader that the user might have installed, without so much as a warning, or an accommodation to existing setups – with a post about UEFI Secure Boot.

    Let's be clear about something:

    UEFI Secure Boot is totally unrelated to the complaints about the Win 8 Boot Loader. @Steven_Sinofsky knows this, but has chosen to ignore the issue. I take exception to that.

    For example, if you have an existing dual-boot Win 7/Win XP machine, and install the Win 8 Preview, it will simply overwrite the existing boot loader. It will recognise the Win 7 installation, but will remove the Win XP install from the menu. That's totally unacceptable install behaviour. Note that this happens on Non-UEFI systems, so Microsoft can't use "UEFI Secure Boot" as an excuse for why the installer does this.

    If Microsoft simply accommodated users with dual-boot systems inside the Windows Boot loader, then users wouldn't have to install a GRUB loader between the BIOS and the Win Boot loader, would they? But that's never going to happen.

    I find this post disingenuous and unhelpful, frankly. It's irrelevant what a locked down OEM laptop single booting Win 8 is doing when complaints are being made about dual boot enterprise or "home professional" installation procedures.

  140. MetroIE says:

    Please for the love of Almighty, provide us with MetroIE on windows7… Like we have Metro Zune app for PC :-)

  141. 6205 says:

    I don't need dual boot compatibility with some lame linux crap = parody of the operating system.

    Windows is the only one really usable, reliable, secure and beautiful OS i will ever need !

    F*ck the linux crap. Yo pussies, go masturbating somewhere else about your FOSS sh*t !

  142. "Let us change together" :-) says:

    6205

    24 Sep 2011 4:18 AM

    #

    I don't need dual boot compatibility with some lame linux crap = parody of the operating system.

    Windows is the only one really usable, reliable, secure and beautiful OS i will ever need !

    F*ck the linux crap. Yo pussies, go masturbating somewhere else about your FOSS sh*t !

    If you aren't a troll im sad for you, though comments like yours only force this in the wrong direction as this is nothing that is only affecting linux it also affects you :-(

    If you meant that Sarcastic then it's a little over the top also ;-)

  143. Xero says:

    Please look into this bug report, and press "I can too" if you think its critical: connect.microsoft.com/…/v8-benchmark-and-ie10

    @Dev-Team, please improve the performance and incorporate swifter RegEx engine in IE10.

  144. Xero says:

    Please address the performance issues pertaining to the test suites cited in these bug reports:

    1. connect.microsoft.com/…/v8-benchmark-and-ie10

    2. connect.microsoft.com/…/a-dom-manipulation-test-ie-performance

  145. "Let us change together" :-) says:

    I see one of my posts seems to have got lost in Azures database, that shouldn't happen should it ;-)

  146. Keys will leak says:

    Microsoft should make sure that Windows-Certified systems have an ability to update certificate lists. All keys leak, and if Secure Boot boots system that uses a compromised certificate, it's worse than having no Secure Boot at all.

  147. "Let us change together" :-) says:

    Keys will leak

    24 Sep 2011 5:21 AM

    #

    Microsoft should make sure that Windows-Certified systems have an ability to update certificate lists. All keys leak, and if Secure Boot boots system that uses a compromised certificate, it's worse than having no Secure Boot at all.

    That's another thing as the OEMs themselves need to have Security Measures to avoid that this happens and  that their Employes that have todo with this Specific parts can't leak them to Criminal Groups they work together with for Profit Reasons, which would make this obsolete again, but im sure revoking is also part of the Specification in those cases but you first need to know that a key has leaked to react.

  148. iSaad says:

    i defend part A & part C of suggestions of "Windows 8 suggestions" :

    blogs.msdn.com/…/protecting-the-pre-os-environment-with-uefi.aspx

  149. Drewfus says:

    @Tony Mangefeste: What is the relationship between UEFI Secure Boot and the existing Kernel Mode Driver Signing policy? Where does one end and the other begin? What about the relationship between secure boot and GPT disks – is the GPT header and partition tables part of secure boot, or can they be independently compromised? Is the new Session 0 only hibernation mode in any way related to Secure Boot? That is, did MSFT have to modify the hibernation process to accomodate SB?

    @Keys will leak: More interesting than the conspiracy theories here about locking out other OSes, is how the SB hashes and certs will be updated and revoked. Joanna Rutkowska made some interesting comments on her Invisible Things blog about secure boot.

    theinvisiblethings.blogspot.com/…/anti-evil-maid.html

    Quote: "Secure boot is problematic to implement in practice, because there must be a way to tell which components are authorized for execution. This might be done using digital signatures and some kind of CA infrastructure, but this gets us into problems such as who should run the CA, what should be the policy for issuing certificates, etc."

    (While your there, scroll down and read "(Un)Trusting the Cloud". Very interesting also.)

    So if secure boot updating is going to occur via Windows Update, it would only be a little melodramatic to say that the security of the WU servers is going to be even more critical to the world economy than they are currently. In a sense, by implementing remotely updated secure firmware, security is moving (partially) from the client to Microsoft servers. "Cloud Security" (?)

  150. Linux4junkies says:

    @Saad Shamsaei, how about leave windows at once now and just start using linux? Also stop visiting and following up with windows development. Please don't embarrass yourself anymore.

  151. LOLOLOL

    some *** is whining about Linux!

    dude, don't use it.

    oh noez, there is actually competetion from OS X, Linux, and windows!

    becasue competition didn't bring about Chorme, or iOS 5 or anything good in the world, they were going to do those things right then and there…

    or Windows Phone 7. lol

    stop being a butthurt faggit.

    ngl, i'd LOVE to add you toa f ew facebook groups i'm in, you'd be a fuckin blast!:)

  152. anywho, what about Blu-Ray???

    will playback be builtin, inclduing resizing the video for <1080 screens?

    will the rendering be handled by DWM? seems that's only used for the desktop, and not general rendering..

    what about good ole DirectShow?????

    last i heard it was being dumped, fine please do, but are you going to include FLAC & ALAC codecs? (ALAC is really just an AC3 file in a  MP4 container anyway.)

    anything else i forgot to ask about?

  153. Monitor says:

    (Whistle) BumbleBritches57 is A Fuking troll PERIOD.

  154. David F. Skoll says:

    "These comments are well below the level of dialog we hoped to have on this blog"

    Yes, indeed.  You should call off the sad little losers who are fake-posting under my name.  Read my posts; it's pretty obvious which are really mine and which aren't.

    Anyway, back to the point, Steven: Do you or do you not agree that requiring a signed bootloader opens the door to abuse of monopoly?

  155. Jesse says:

    @David F. Skoll, AFAIK you were trolling against the company as a whole at some point in time?

  156. @BumbleBritches57 says:

    Dude, forget about these losers. You need to go back to facebook, your community, your people and most importantly where you belong! If you need to find anything within facebook, use the integrated Bing search in Facebook and enjoy the party. Adios.

  157. iSaad says:

    @Linux4junkies, Ok. i just defend part C of suggestions.

    Some Programs and all exe ebooks don't work when there are in a UTF-8 characters named folder, or file is named with UTF-8 characters (when run a explorer address that contain UTF-8 characters).

  158. Drewfus says:

    @David F. Skoll: The PC/AT architecture is 30 years old. Other than the move to ACPI in the late 90's, the basic PC architecture remains unchanged from the IBM AT, released 1984. Time for a fundamental update, don't you think – or perhaps you want this dinosaur to keep roaming the planet for another few decades?

    Re "the sad little losers who are fake-posting under my name" – you might like to read this:

    http://www.codinghorror.com/…/cutting-the-gordian-knot-of-web-identity.html

  159. Todd Garrison says:

    I really don't understand what the issue is. It is highly likely that vendors of major Linux distributions will get their stuff signed and have mechanisms for distributing keys. RedHat is no tiny little company with no market presence who needs government oversight to protect themselves from big bad Microsoft.  Furthermore many pieces of perfectly nice hardware will ship with the ability for the user to manage keys and even enable or disable secure boot depending on their needs.  Anyone who wants to install Linux (a small minority) will know enough when making purchase decisions to make this one of the buying criteria.

    Meanwhile, my grandmother who has trouble remembering how to send email some days will be protected when she plugs in the rootkit infested USB stick that she got from Evelyn at work and flips the power switch on her Win8 machine.

    I hate that Microsoft looking out for the average person can somehow be turned into a bad thing.

  160. David F. Skoll says:

    @Drewfus: "Time for a fundamental update, don't you think?"

    Sure.  But why *this* update?  Doesn't buy anything.

  161. Bahhh says:

    @Steven Sinovsky: "A note on comments and community standards.  These comments are well below the level of dialog we hoped to have on this blog.  If people cannot police themselves in their reactions to design discussions and to each other, then the mechanisms for comments will change."

    You better focus how to not make a worthless tablet OS from win7 like this DevPrev. How to not screw things just because of Apple. Cause this one is a joke!! This "start screen" Metro UI is worthless, meaningless, ugly, and a struggling with mouse.

    So go and fix what you screwed up!

  162. David F. Skoll says:

    @Jesse: "@David F. Skoll, AFAIK you were trolling against the company as a whole at some point in time?"

    Was I?  I was not trolling.  I'm merely pointing out that a company that in the past was convicted of criminal abuse of monopoly power is now pushing something that could be abused to lock out competitors.  Purely factual; no trolling there.

  163. Sinopsys says:

    @Steven Sinovsky: "A note on comments and community standards.  These comments are well below the level of dialog we hoped to have on this blog.  If people cannot police themselves in their reactions to design discussions and to each other, then the mechanisms for comments will change."

    You better focus how to not make a worthless tablet OS from win7 like this DevPrev. How to not screw things just because of Apple. Cause this one is a joke!! This "start screen" Metro UI is worthless, meaningless, ugly, and a struggling with mouse.

    So go and fix what you screwed up!

  164. Jonathan says:

    I would be really happy if IE10 for Windows 8 will put Sandboxing?

  165. Jonathan says:

    I would be really happy if IE10 for Windows 8 will put Sandboxing? Just like Chrome approach or even better

  166. Srinivasan S Saripalli says:

    This is regarding "Protecting the Pre-OS environment with UEFI for which I have presented the below queries. please do answer them

    The dashed square box communicates with the TPM but why doesnt TPM also communicate the contents present in the dashed square box.

    The state of the system which is recorded in the TPM during boot is communicated with the Anti-Malware Client but there is always a possibility that the Anit-Malware Client software might not always match the "Anti-Malware" that is launched by the kernel. Therefore, there is a strong possibility of error happening.

    Therefore, I felt that TPM should also instead communicate with "Boot Policy" and "UEFI Boot" and there should also be a "verification" to check that the Anti-Malware that is launched by the Kernel and that which is resident in Anti-Malware Client should be the same

  167. Jesse says:

    @David F. Skoll, then you better not buy win8 machine. Stick to Linux. Good Luck!

  168. David F. Skoll says:

    @Jesse: I have never bought Windows and never will.  I run a small company and no-one uses Windows.  We all use Linux at work.  I, my kids and my parents all use Linux at home, so I really don't care how Windows evolves.

    However, I don't want to be restricted in my choice of hardware, which is why I am worried by the whole secure boot thing.  It doesn't protect against any common malware (as mentioned by others, almost no malware today is boot-sector malware) so I'm not sure what attack scenario Microsoft is trying to prevent, other than prevention of booting of "unauthorized" software AKA competing operating systems.

  169. Drewfus says:

    @David F. Skoll: "But why *this* update?"

    Because unprotected firmware is a risk, and there is no security silver bullet, so you do what you can at reasonable cost. This assumes that the costs are well understood, of course.

    Another thing to consider is that these architectural changes may not only be of benefit to boot security. UEFI/TPM hardware with OS support might result in outcomes like globally adopted email encryption, radically more secure ecommerce, encrypted input streams (no more key loggers?), secure, automated software license management (app licenses and product keys in firmware), etc. Hopefully someone knowledgable on the general subject could comment?

    Another question: What happens to the secure boot hash and UEFI firmware updating process in the case of a power failure? How can the end-user restore or repair their systems when firmware corruption occurs? Is the lack of battery-backed power supplies on almost all desktops likely to be more of a problem with UEFI & SB than BIOS?

  170. David F. Skoll says:

    @Drewfus: "Because unprotected firmware is a risk,"

    Yes.  However, the risk of unprotected firmware is far, far less than the risk of running Windows.  So if you want to mitigate the risk to your computer, you start with the low-hanging fruit: That is, you fix the Windows security flaws or you replace Windows with a more secure system.

    "UEFI/TPM hardware with OS support might result in outcomes like globally adopted email encryption, radically more secure ecommerce, encrypted input streams (no more key loggers?), secure, automated software license management (app licenses and product keys in firmware), etc."

    I doubt it.  We know for sure that the Certificate Authority system is broken.  The PGP-style Web of Trust works well, but it's not very practical for unsophisticated users.  I really can't see how locking down which OS you are allowed to boot can help with any of these things.

  171. Jesse says:

    @David F. Skoll. You have kids? Lol I thought u r some stupid kid with no company. Coz usually that kind of abandoned and lonely people/junkies are addicted to Linux.. If you don't use anything belongs to Microsoft (which I highly doubt after seeing your keen presence on Channel9 and then here), why you are here? Ask yourself this question, stop embarrassing yourself any further and leave the house sir!

  172. David F. Skoll says:

    @Jesse: Ad-hominem attacks (sorry for using hard words… go look it up assuming you know how to use a dictionary) are the sign of a small mind.

    I'm here not because I use Windows (I do not) but because Microsoft is trying to make it harder for me, a non-customer, to use the OS of my choice.

  173. LinuxTrolls says:

    @ David F. Skoll Linux is for loners and trolls like yourself. You must have your own version called Troll Edition especially made for trolling Microsoft blogs. Get out of here, no one wants your hear your anti rants.

  174. Drewfus says:

    @David F. Skoll: I'm not here to defend Microsoft, as many of my earlier comments would suggest, but on the question of Windows general security, versus, lets see … Linux, could we make the following comparisons?…

    Windows Integrity Mechanism msdn.microsoft.com/…/bb625963.aspx versus what in Linux?

    Protected Mode apps (IE9/10 and Adobe Reader X) msdn.microsoft.com/…/bb250462(v=VS.85).aspx versus what in Linux?

    Secure Boot (in ~12 months) versus what in Linux?

    "I really can't see how locking down which OS you are allowed to boot can help with any of these things." Allowed to boot? What does that mean? Please refer to Figure 5 in this post. Secure Boot is a firmware *option*. There is no conspiracy.

  175. Drewfus says:

    @David F. Skoll: I'm not here to defend Microsoft, as many of my earlier comments would suggest, but on the question of Windows general security, versus, lets see … Linux, could we make the following comparisons?…

    Windows Integrity Mechanism msdn.microsoft.com/…/bb625963.aspx versus what in Linux?

    Protected Mode apps (IE9/10 and Adobe Reader X) msdn.microsoft.com/…/bb250462(v=VS.85).aspx versus what in Linux?

    Secure Boot (in ~12 months) versus what in Linux?

    "I really can't see how locking down which OS you are allowed to boot can help with any of these things." Allowed to boot? What does that mean? Please refer to Figure 5 in this post. Secure Boot is a firmware *option*. There is no conspiracy.

  176. David F. Skoll says:

    @LinuxTroll, @Drewfus pardon me, I am not a troll. My appeal to Microsoft is simply; let me install Linux on next generation machines (motherboards and architectures). Also, as it is obvious, I don't have much to spend over some decent OS, I urge Microsoft to send me a free copy of Windows 7 Ultimate and Xbox for my kids (coz Linux is nothing but a stinky junk). I will give Microsoft anything for that, literately anything that is humanly possible!

  177. David F. Skoll says:

    @Drewfus: "Secure Boot is a firmware *option*"

    Actually, it's not even an option yet because no shipping hardware implements it.  However, will it remain an option?  Will Microsoft FUD non-MS operating systems by saying "Oooh!!! You need to disable a critical security feature to use XXXXX!!!"?  No-one from Microsoft or any hardware manufacturer is giving a straight answer.

    "Secure Boot (in ~12 months) versus what in Linux?"

    See mjg59.dreamwidth.org/6054.html

    "Windows Integrity Mechanism versus what in Linux?"

    How about 10,000+ fewer Linux viruses than Windows viruses?  How about millions of zombie Windows PCs spewing out spam and running DDoS attacks vs. hardly any Linux ones?

    As usual, Microsoft misses the entire point of security.  It tries to bolt on security to a fundamentally broken system after the fact instead of designing it in from the beginning.

    Oh, and I have the source code to everything I run.  Will Microsoft let you audit their code? :)

  178. David F. Skoll says:

    I'm honestly surprised by the losers who fake posts under my name.  We're just talking about technology here; don't get so personal.  And yet some people feel the urge to write sophomoric posts and eschew technical discussion.

    Anyway, it's easy to tell which of my posts are real.  They're the grammatically correct and correctly-spelled ones.

  179. ER says:

    you do't decide for release Windows XP Sp4.

    Windows XP is Simple and Best choice for Pro Users.

    WINDOWS 7 is Good only for Chess Gaming or Parade for Nice Desktop or Areo .

  180. @David F. Skoll

    Successfully running malware on Windows is becoming increasingly difficult and, with the inclusion of AV software in Windows 8 that will become even more true. One of the core areas of vulnerability however is the boot sequence. There is malware in the wild that exploits this and proof-of-concept attacks which use Hypervisor technology to launch malware that would be OS independent and nearly impossible to detect from within an OS and equally difficult to get rid of.

    Protecting the boot sequence *before* such malware becomes prevalent will be better for everyone. Whilst they may not be under extensive Antitrust monitoring any more it's unlikely Microsoft would take the steps you suggest, since it wouldn't be long before they were back in court.

  181. David F. Skoll says:

    @AndyCadley: "Successfully running malware on Windows is becoming increasingly difficult"

    That is not my experience.  I work in a field related to computer security (anti-spam, specifically) and we still see lots of successful Windows malware.  (More and more, it's using social engineering that no amount of boot-time protection can prevent.)

  182. Jon says:

    As others have mentioned, please update this blog post or post a second article that covers exactly what the situation is for Linux users. As it stands, you claim to tackle the rumours but don't even mention "Linux" by name once in the entire article. Please answer the rumours head on instead of evading with deep overly-complex technical descriptions. If an OEM uses specific keys for windows only, WILL IT LOCK OUT LINUX/UNIX OS's? This is what people want to know– not the technical details. If this is true, you have a huge (potentially legal) problem on your hands.

  183. Mi says:

    @David F. Skoll Not true, you obviously have no experience with the latest version of Windows. I been running Windows 7 without virus protection software for over 2 years now. It's a lot harder to get viruses on Windows 7 than on older versions of Windows such as XP. All you need is common sense. The only protection I need is Malwarebytes, scanning every 2 months. It usually finds nothing.

  184. ote says:

    "Any OEM that won't let me turn this off or load my own certs won't get any business from me." Well said, the cynic in me thinks this has the major side-ploy to prevent people from running The Penguin (e.g. "Palladium II" or "Trusted" Computing II). I have switched to FOSS OS's about 6-7 years ago for better security and stability, no OEM giving me the choice to run them will not get my business.

  185. Nathan Ladwig says:

    Also, I fully agree that -if- the OEMs don't let you load another OS that they shouldn't be purchased from, but I've yet to see any proof that that's going to happen. All I'm seeing is a bunch of people getting essentially toyed with by Redhat's spokespeople to think that it's going to happen.

  186. B8Blog says:

    Comments temporarily unavailable.