As most PC users know by now, Microsoft has given us a glimpse into what will one day be the Windows 8 operating system. Leaving aside the many changes in the new OS – it’s a major shift from what we’ve previously seen from Microsoft – there’s an extra feature included with Windows 8 that has some of us concerned.
The new feature in question is called Secure Boot. It’s designed to act as a security tool for PC users. However, there’s some concern as to whether this function will be enabled without a clear way of disabling it should someone wish to do so.
In other words, with Secure Boot enabled, you wouldn’t be able to install your favorite Linux distro on that machine.
Turning off Secure Boot
Over the past few days, some Linux enthusiasts on the Web have wondered: why can’t a user can’t simply turn it off?
This is difficult to answer since the final call is with the OEM and not with Microsoft. The problem with this is that we don’t know how each OEM using Secure Boot is going to handle the option to disable it. I think we’d like to believe that most OEM computer sellers are wise enough to make this a readily available option, but the reality is that it’s all speculation at this point.
Another issue is that most casual PC users aren’t going to be too enthused about having to do anything extraordinary just to get their computers ready to install Linux. Even with an off switch in computer BIOS, Secure Boot could still be a significant stumbling block for some.
And even if disabling Secure Boot in the BIOS is simple to do, the fact is that Linux newbies who aren’t aware that Secure Boot even exists will only find themselves frustrated when their distribution won’t install as expected.
Dangers of a Windows sticker
One of the future requirements of a PC OEM offering a Windows sticker on their new Windows 8 PCs will be making sure Secure Boot is enabled by default. Perhaps that’s not a big deal.
As I mentioned above, all one might have to do is turn this feature off. But what if some OEMs only allow Secure Boot to be disabled once per boot up?
I realize that this might seem unlikely, however if this security feature is to be taken seriously, there is a very real possibility that any disabling feature might be limited to a single boot up.
Do you think that I’m overreacting? Consider the possibility that some OEM providers might see the option to permanently disable the Secure Boot as a security risk. And because the Windows sticker clearly says the PC is made for Windows 8, the idea that an older version of Windows could be installed is not officially supported anyway.
These two things together could demonstrate that a “per boot failsafe” for Secure Boot might make sense. After all, the feature isn’t doing anyone any good if it’s disabled!
So the big question is: will we be able to bypass Secure Boot as easily as Microsoft is currently indicating? I think that it’s going to be a mixed set of circumstances, considering every OEM is bound to handle Secure Boot a little differently.
Then again, perhaps this will open new opportunities for smaller computer vendors?
Opportunities for Linux-only vendors
I must admit that to a small degree, I “almost” hope that Microsoft-friendly OEMs shoot themselves in the foot by only allowing per-boot disabling of the Secure Boot function.
This would open brand new opportunities for existing Linux-only PC vendors. Short of someone building their own computer out of purchased parts, these Linux-only vendors would then become the only logical choice for existing Linux enthusiasts.
The obvious downside to this is that owners of existing Windows 8 computers may not be able to try Linux themselves on their existing PCs. This may only be speculation at this point, but I believe this could be a likely possibility.
This development could put a real slow down on Windows 8 users’ move toward trying Linux for the first time. The problem is that I don’t know who the responsible party would be should this Secure Boot effort go badly.
Blaming OEMs or Microsoft
I hesitate to put the blame anywhere yet as Secure Boot isn’t even an issue yet. However, at the same time, it’s clear that Microsoft has devised something brilliant for themselves here.
We already know that Microsoft has tremendous pull with OEMs that depend on their partnership. In addition, OEMs will indeed offer up what they believe is going to yield the least amount of support calls possible.
This support idea adds weight to my Secure Boot disabled once per boot up theory. In the end, the OEMs aren’t being flooded with support calls because of problems stemming from forgetting to reactivate Secure Boot.
And Microsoft offers a real blow both to malware on their OS in addition to slowing down Linux adoption on affected PC hardware.
The only losers here are Linux enthusiasts looking to see greater adoption.
What can Linux users do?
I should point out that Red Hat, among others, will be challenging any OEMs trying to offer Secure Boot without a long-term disable function. Yet at the same time, I think we can take this as an opportunity to stop purchasing the cheapest computers possible.
Instead, how about if Linux users buy from smaller PC vendors? The reason being that the “big guys” will be among those OEMs looking to save as much money as possible. And let’s be honest, leaving out a decent disable feature for Secure Boot could be a small bit of savings per motherboard in each new computer.
For years, I’ve advocated the importance of not buying from the big-named PC vendors due to them offering a lousy product bundled with even worse customer service. Now imagine my surprise when the news of Secure Boot came out!
Clearly, we’re in for some nail-biting as we wait to see how the OEM PC sellers handle Secure Boot and customer choice.
Looking at the larger picture
I’d like to suggest to any naysayers the following consideration: Remember what a hassle it used to be to find non-Windows PCs? I don’t mean building your own, I’m talking about locating computers without Windows already installed.
This was a big deal in the early days of Linux on the desktop. Fast forward to now, this is what I see potentially happening all over again. The difference being that this time, existing computers might be “locked down” to where they accommodate Windows 8 installations only.
Think of it this way. What if this entire issue spreads beyond just PC OEMs? What happens when motherboard manufacturers also begin limiting users by not providing an off switch for Secure Boot? Do we wait around and hope that there will be a magic “off switch” for this new Microsoft feature once enough of us complain?
Sadly, though, our options are limited at this stage in Windows 8 development. The best we can do at this point is to watch related events closely, support articles that call this push to OEMs into question and hope that those OEMs that are reading about our concerns take notice.
Despite our numbers being less than the Windows-using masses, I’d like to think that OEMs aren’t too interested in losing Linux enthusiasts as customers altogether. We may not have incredible numbers, however, I think we might just surprise the industry with our wish to be heard.