Things got heated up quite a bit in the past two days as Microsoft started to reveal information about boot security in Windows 8. The main concern raised by Matthew Garrett and others was that secure boot could prevent the installation and use of third party operating systems like Linux on an OEM system running Windows 8.
Please note that this is only a issue for UEFI systems, if you plan to upgrade an existing system with BIOS you won't be affected by it.
The UEFI secure boot protocol is the foundation of an architecturally neutral approach to platform and firmware security. Based on the Public Key Infrastructure (PKI) process to validate firmware images before they are allowed to execute, secure boot helps reduce the risk of boot loader attacks. Microsoft relies on this protocol in Windows 8 to improve platform security for our customers.
Microsoft today responded to those claims in another article on the Building Windows 8 blog. OEM systems shipping with Windows 8 will have secure boot enabled by default to only load verified operating system loaders during boot time. This prevents malware from switching the boot loader, but also other operating systems that are not signed from being loaded.
While Secure Boot is enabled by default, it is up to the OEM to add controls to UEFI to allow the user to disable the feature. The Samsung tablet that Microsoft gave away on the BUILD conference for instance came with an option to disable Secure Boot on the device.
Microsoft employee Tony Mangefeste notes that "OEMs are free to choose how to enable this support", which means that OEM could make the decision to not implement the override in the UEFI configuration. This would then mean that customers would not be able to boot third party operating systems from the OEM machine.
The only option that consumers have at this point is to find out about this in advance before making a purchase. I for one would never buy a system that prevents me from loading a third party OS.
Your options to install Windows 8 are:
What's your take on Secure Boot? I personally think that it improves security, and do not think that it is an issue as long as all OEMs add the means to disable the feature. Let me know in the comments.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.