Windows 8 optimize

Microsoft back to dirty pool with UEFI Secure Boot

With the UEFI Secure Boot it seems MS is back to some of their old, dirtier practices. This time around it involves the ARM platform. Does Windows 8 want to be the only player on tablets and phones?

It's not new news. The upcoming release of Windows 8 will have yet another (probably in-vain) attempt at helping users enjoy a secure computing environment. This time around they are approaching it from the boot perspective and locking down that boot process. I don't pretend to fully understand this decision or process, but I see it as Microsoft's return to their old scare tactics and dirty pool.

Why do I say that? ARM. Why ARM? Because with this new "security solution", Microsoft is locking down ARM devices that ship with Windows 8. Any product with ARM technology inside, that ships with Windows 8, will be required to use UEFI Secure Boot enabled. This means those devices will NOT be allowed to boot any other operating system.

This is a bit different than the state of other architecture. Intel and AMD hardware that ships with UEFI Secure Boot can have that system disabled -- meaning other platforms CAN be installed. But who's to say MS won't backpedal on this decision.

Here's the reason why I'm concerned about this:

Microsoft has little to no foothold in the world of ARM. We're talking handsets and tablets. Both of those bits of technology rest securely in the hands of Apple and Android. But we know how Microsoft feels about competition. They want (and understandably so) to get their hands into that pie.

But why would they do so, knowing their schemes and tactics will be nothing more than a throw-back to the late '90s and early '00s? All of a sudden MS is attempting to strong arm ARM and obfuscate their true desires. When MS comes out with a blatantly false statement like:

"Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves."

And then revokes user choice on certain hardware, you know something is up. And now that manufacturers are starting to announce the use of ARM chips (such as Qualcomm using Snapdragon processors in Windows 8 tablets and Ultra-book laptops) it's clear, should MS follow through with this edict, more and more hardware will be rendered Windows 8-only.

I know there are people out there already saying "Big deal!", or "This only matters to a select few users." But the truth of the matter is, this is Microsoft doing what it does best -- the dirty business of lying. And Microsoft only just started to shed the suit of Antitrust, to start looking as if it could play fair on the court of public opinion. I guess MS figured it was time to let the bully back in the game.

Naturally, in honor of full disclosure, I don't even pretend to understand law. Nor am I anywhere near an expert on the UEFI Secure Boot. But I've seen this time of behavior from MS over and over through the years and every time it winds up with them in court for one thing or another. Or their attempt at securing their Windows environment will fail and it'll be back to the drawing board yet again -- and yet again their failed attempt will come at the cost of valuable work time and company resources.

Color me conspiracy, but this just smacks of MS once again pulling out all the stops to keep other platforms off hardware they have every right to enjoy. Microsoft is back at dirty pool. But then, did they ever really leave the game?

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

44 comments
davepolit
davepolit

Apple is just as bad as Microsoft. To my surprise, all versions as of Snow Leopard refuse to recognize any WIN XP installation media - you have to have WIN 7. You have to install the older version Leopard if you want the system to accept XP. So the EFI-Chip is obviously rewritable Firmware. When you install Leopard, it tells EFI to accept XP, when you install Snow Leopard it changes EFI and tells it to only accept WIN7. I've tried it out several times just to make sure. So the monopolist Apple is working hand in hand with the other monopolist Microsoft to squeeze the rest of humanity. Same applies to 6 brand new Lenovo U400. You cannot install Ubuntu on them (installation process stops just shortly before completion). Again tried this out with all sorts of different versions of Ubuntu. Fedora can be installed, but only imperfectly: if you try to play a DVD, it asks for permission to download extra software. Afterwards it says it can't find its own repositories. A technician from Lenovo I spoke to yesterday recognized my plight. When I further complained about the cutting edges of U400 (the side of my right hand was extremely soar and very red after about 1/2 hour of use, because the aluminium rest is absolutely 90° and not rounded) the technician explained to me this was due to Apple patent on rounded aluminium edges. Welcome to the new world of llimited freedom.

Cabo Wabo Addict
Cabo Wabo Addict

it is not like MS is saying that ALL ARM devices have to run Win 8. You will still have a choice. if you don't want Win 8 on your ARM device, then don't buy an ARM device with Win 8 pre-installed. I see this as a move to secure the ARM based machines from rootkits. Arm based devices and Androids in particular have a dismal history from a security standpoint. Many businesses are contemplating banning them from corporate networks until some sort of AV packages are available. McAfee told us that one is in the works right now. Again, if you don't like MS products, exercise your free choice. No one is twisting anyone's ARM here (pun intended).

filker0
filker0

There are a number of contributors to this thread who have said, in effect, "so what, someone will jail break the device and unlock UEFI on those ARM devices, chill out!" The DMCA makes this kind of jail breaking illegal in the United States. The EFF has managed to establish an exemption for unlocking of smart phones, but that exemption does not extend (at least yet) to other computing devices. If MS is successful in forcing this, I would not put it past them to use their legal muscle to intimidate, harass, and otherwise supress anyone trying to undo it. If key provisions of the PIPA or SOPA legislation find their way into law, this gets even worse, as they will have an easy way to block access to this information, no matter where it comes from. These proposed laws criminalize even providing links to such information (that is, instructions or tools to circumvent DRM (Digital Rights Management) systems, proprietary encryption schemes, etc.)

filker0
filker0

I have not read every comment on this thread, so someone may have already corrected this misconception that a lot of the posts I've read so far evidence: Apple locks down their software so it will only run on their hardware. With the MacIntosh line, they don't care what OS you run on their hardwaer, on the iPhone, iPad, etc., they won't support anything other than iOS, and only allow approved software in the iOS environment, but there are no hardware countermeasures that I know of that they use to prevent someone from running a different, non-Apple OS on the HW they manufacture. It might void the warantee, they won't support it, but the HW doesn't prevent it. Microsoft wants hardware to enforce a Windows only policy. They want their SW to be the sole environment available on the platform, and they use stuff like this to attempt to make HW manufacturers enforce it so they can claim they're not continuing their anti-competetive practices. These are two [b]very[/b] different practices. I believe that Apple's is far less evil than Microsoft's.

l.kobiernicki
l.kobiernicki

Time & again, one sees good hardware, ruined by crippleware - bad software's rotten coding, which seeks to corner the market, to prevent better developers getting their hands on it, to show what it can really do. A general concensus exists, scaling down the proper functionality of software, to reproduce in the the technical field, the entire spectrum of business ethics: undeclared warfare. Journalists are paid to rubbish alternatives, herding the unknowing, down the authorized channels .. Which don't do the job properly. Burning a DVD on M$ Win can take 2 hours, because M$ Win can't keep track of all its files properly. On Linux, it takes c. 20 mins. The differential is 300%-600%. Coding in M$ OSS misaddresses the hardware. What a dismal performance .. M$ has corrupted others, such as Apple, which used to be less monopolistic, and more design-centred - in a word, creatively-focussed. One bad apple, ruins the whole barrel. then one has to throw the whole lot out, & start again. Which is exactly what Linux has achieved. Technical people discussing what the software does, or ought to do, instead of the commercial rabble ..

AnsuGisalas
AnsuGisalas

Anti-trust is NOT a word for a practice which seeks to unlawfully profit from a cartel or monopoly. Anti-trust is from "Anti-trust legislation", legislation made to combat the unlawful use of cartel power (cartels used to be called "trusts"). So something can't be considered anti-trust unless it's designed to fight cartels... And one can't be wearing an anti-trust suit.... an anti-trust suit would first and foremost be a lawsuit based antitrust legislation. Sorry for clearing that up :p

aroc
aroc

Considering that Apple has the currently dominant tablet OS with the iPad, and that it is an ARM device, and that there are far more x86's running MacOS X than Linux (as I understand the survey numbers), why would this not be more of a ploy against keeping iOS off the new Win8 ARM tablets?? Just a thought...

Bobby Dean
Bobby Dean

Sorry, but if this means that these products will be locked down then I won't buy them ... I like freedom and the ability to do whatever I choose with the hardware I paid good hard earned money for ... If it's about security then give me the choice to implement it or not, I'm not a dumb-ass and am quite capable of making decisions for myself thanks ... But as an example of bad MS moves, when MS went from WinPhone6.5 to WinPone7 I changed to Android because they locked WinPhone7 down ...

shumkh
shumkh

That's from a fortune-cookie! This article has not made clear the "evil" of locking down the boot process. In fact, I am quite sure that some malware, and the nastier ones at that, "worm" their way in through the "boot" process (through to the login prompt), which is why they are harder to catch and remove. Unless I am dense or something, the article doesn't say that one can only boot Microsoft Windows 8 on these ARM hardware. If someone loves iOS, android, or linux so much, why would they even care about installing Windows 8 on their hardware? Or all this rave is just about "tweaking" their gadgets to look smart or cool? If security is my top concern, I would rather have a "locked down" boot and a separate piece of hardware for each flavour of OS I fancy than a "muti-boot" monster, or clumsily hacked hardware, that is vulnerable to malware. Moreover, when there is enough momentum for the need, let those innovative enterpreneurs write some OS-emulator software, like SoftPC for the Apple die-hards, or whatever. Could someone please enlighten me?

realvarezm
realvarezm

Sometimes ask myself who refers to certain ways of work as goog and bad practice. And all leads to the same conclusion...money. Provided by giants like M$, apple just to mention some. All this because later when they deliver the first tablet with locked UEFI will say that is done as a good pratice in the new architecture of mobile devices and that is just BUL#@HIT you cannot be disloyal to your users, if they dont want to go on using M$ OS let them choose for Christ! This is what will be M$ demise at leats in the personal computer segment of the IT world. Constant improvement and understanding the way IT is evolving is the key avoid this dark procedures and keeps products like google, Linux and Oracle at the top of their game. Not bad practices disguised like "good practice"

rick
rick

Locking the boot loader is an effort to defeat rootkits. There is nothing nefarious here.

alzie
alzie

When M$ changed from Windows Product Activation to Windows "Genuine Advantage", that euphemism totally pissed me off as the height of bull shit! What advantage is that?! Add to that all of their other strong arm anti competitive practices. I hate dictatorships. I love democracies. Viva Open Source / choice!

gradkiss
gradkiss

Hey...there is always the junk users like me that find 69 dollar servers at geeks are a good thing...when you use ubuntu or even apachie. Besides...there's coreboot...slowly adding the opensource bios to the computers we use. Not everyone wants to use their computer to make monetary transactions online.Some people invent using them...exampled by plasma active 2 running on tablets. Everyone have a wonderful day...and be free.

Slayer_
Slayer_

Can they not just give MS the virtual middle finger and not develop these special ARM processors?

oldbaritone
oldbaritone

Certainly this will create a secondary market to jailbreak/hack the UEFI process to allow another OS to be booted. OTOH for those who love the corporate Kool-Aid and sing the Microsoft song, ignorance is bliss and they won't even notice.

jpgeek5704
jpgeek5704

I suspect as in the iPhone jailbreaks anything MS does will be hacked to allow those of us who want to hack our devices to do so. Give us hackers something to do. :-) For the rest of the population having a more secure, stable environment is probably a good thing.

microbins
microbins

@Decomplexificat Agreed that Apple lock iPhone & iPad down, but many (read most) other platforms are not locked down. On the tablet front Asus have agreed to unlock the boot on the Transformer series, HTC are (providing) unlocking for thier tablets, the Kindle Fire is unlocked and the HP Touchpad is unlocked. All the above - with notable exception of Apple products - are relatively easily to change the boot ROM. I guess Microsoft have 'a right' to go this way but as usual this will just make thier products less desirable - but if that is whet they want then so be it.

lord_beavis
lord_beavis

What exactly did that poll in the middle of the article have to do with the price of wheat in China? Judging from the high number of 'yes' votes the MS Fanboi's are out in force today. Linux has more documentation than one could shake a stick at. You just have to know how to read and not be lead by the hand (like with MS).

Decomplexificat
Decomplexificat

I don't see how this is any different than Apple locking the iPhone and iPad down so they can only boot iOS. It seems they are allowing PCs to boot anything they want but if an OEM provider wants to sell a tablet with Windows 8, they must be configured to only run Windows 8. If this is evil, then almost every other tablet maker is evil as well. I could be wrong but I don't think you can boot anything but the native OS on iPad, Nook, Kindle Fire, and many of the other tablets. If you can, it probably requires a hack. Is this any different than MS? I am not sure but I suspect not.

Deadly Ernest
Deadly Ernest

do it on hardware they make - that's a totally different situation.

Slayer_
Slayer_

Because those laws are only in the US, so MS will lock down American hardware, but anywhere else (especially Europe it seems) will not allow this. Americans will be forced to import European computer hardware.

spdragoo
spdragoo

Not even on my old XP computer would it take more than 15-30 minutes to "burn" the disc. Transcode the photos & video files into a DVD format, yeah, that takes time; but my newer PC takes a lot less time to do it because a) it has way more RAM and b) it has a much faster multi-core processor. But that's generating the files, not burning the file onto a disc. In fact, on my old XP PC, I was able to cut my burning time for a full disc down from 30 minutes to 15 minutes (apparently faster than your Linux PC)... simply by moving the external burner's drive from a USB 1.1 port to a USB 2.0 port. Burn time is still the same with my new PC for the external drive (the internal drive burns much faster, but it's using the SATA III connection instead). So maybe your problem wasn't OS-related, but [b]hardware[/b]-related.

CFWhitman
CFWhitman

The answer to the question is obvious. Apple doesn't support installing iOS on anything but the devices they sell, so Microsoft doesn't need to take any measures to prevent its installation on Windows 8 OEM devices.

CFWhitman
CFWhitman

I know the 'Microsoft rootkits your hardware permanently so nobody else can' reasoning. I prefer to be the administrator on my own hardware. Thank you. I don't want Microsoft (or anyone else) to be. It's funny how they allow UEFI custom mode and UEFI disabling on x86 class machines, but not on ARM ones. You can have a secure machine without giving up your right to be the administrator. There is no practical way to eliminate PEBKAC issues, and I don't want to have to pay for the efforts of Microsoft or anyone else to do so. Remember the saying that, 'If you create a system that any idiot can use, then only idiots will want to use it.'

spdragoo
spdragoo

I replaced hard drives twice on my XP computer, but [b]never[/b] had any problems with Microsoft's servers thinking that [b]my[/b] PC had anything but a "genuine" copy of it. My brother-in-law had restored his old XP PC more times than I can count... but while he [b]once[/b] had to call them up & confirm that he was restoring onto his original PC (which with his copy of XP happens after you've used the product key more than 5 times), he also [b]never[/b] had any problems with his copy being identified as "not genuine". Most of the people I've ever seen complain about having issues with that "Genuine Advantage" locking them out of additional updates... didn't have "genuine" copies of Windows to begin with. Which is kind of like a purse snatcher complaining that the "Prada" shoulder bag he stole isn't a "real" Prada bag, so he wasn't able to fence it for as much as he'd hoped.

cliff
cliff

Aye. MS ceased innovating a long time ago. Their continued success is owed to their strong-arm tactics. Perhaps my perception is distorted, but it appears to me that this business model they've adopted has not done well for them. The strangle-hold they had on the computing world is no more, and I see their grip loosening more and more with each passing year. It's time they embraced competition and started innovating before they find themselves in the virtual back seat of the techno bus.

Neon Samurai
Neon Samurai

Someone suggested that not bending to Microsoft's demands with ARM/UEFI systems would result in not getting MS business for intel/amd hardware or not getting the "you did what we told you" price cut for the OEMs next bulk buy. (MS isn't the only company to play the price cutting game; just look at teh number of schools that get bonuses for only selling coke or pepsi rather than allowing both competitive products)

Decomplexificat
Decomplexificat

I didn't realize that many tablets were unlocked. That being the case, I agree that it could make MS less desirable. Although I don't know why we don't see the same level of aggravation with Apple from the IT community. (I own nothing but Apple products and am happy to bash MS... I just think they are getting bashed a little to harsh considering they have 0% marketshare while Apple dominates.) I think many manufacturers think of tables like smart phones. They consider them consumer devices which shouldn't be tampered with by the user. On the other hand, the tech community is looking at them like a new breed of PC that should be open to modifications. Now that I think about it, I can't see a compelling reason why anyone would lock down the hardware. MS get's it's money when the device is sold. How do they lose if someone loads Linux on it? It is hard for me to see this as malicious though. They have been doing nothing but lose marketshare for years. I don't expect it to change with Windows 8.

rduncan
rduncan

SYNOPSIS Linux Documentation -l -s -v DESCRIPTION Linux has more documentation than one could shake a stick at. You just have to know how to read and not be lead by the hand (like with MS). OPTIONS -l start reading the Linux documentation -s invoke WTF mode -v display the version SEE ALSO snooty_linux_admins_overview(8) , more_about_irksome_commands(50) , less_is_more_BS(20) AUTHOR Sum Guy 1/5/1989 *note all of the above is depreciated

TechRepublicDoug
TechRepublicDoug

Not to become a target for flaming, but the difficulty with documentation has to do more with "Do you know what you're talking about?" When a product is coming out, the document writers are writing, as they understand (what they are being told), what it's supposed to be, what it is supposed to do. Everyone is competent and honest. However, once products meet the great unwashed (i.e., the customer to which it was intended), they use it ways unthought of, abuse it ways unheard of. I often tell my customer base they teach me more about (mumble) because I would never have thought of breaking it like that. Not just Linux, but when you're constantly breaking new ground, inventing, reinventing (recursively), you have neither time or understanding to document a moving target. As to Linux has more documentation than one could shake a stick at, don't confuse quantity with quality.

YetAnotherBob
YetAnotherBob

An iPhone or iPad can be changed in the OS it runs. That is what 'rooting' is all about. You can do it on a full Mac too. Apple will even help you do it. It's very different than Microsoft. It shouldn't be, but it is.

jhorton
jhorton

This is all the way around the world from Apple. Apple can lock down the iPhone and iPad all the want to because they engineer and manufacture them. MS does not manufacture hardware for this OS; what they are doing is a strong-arm tactic against hardware OEMs and the customer. If MS wants to make its own tablet (or whatever) that runs only Windows 8 and market it as such, I am all for them locking it down. However, until that time, I much prefer them to leave the bullying aside.

CFWhitman
CFWhitman

You're right that Microsoft is only doing essentially the same thing that a bunch of other companies are doing with ARM devices. That doesn't make it a good thing. Openly accessible hardware was one of the best things about the x86 architecture. It's gotten to a point where people simply won't accept anything less on x86 (or amd64) hardware. They've come to expect it to be openly accessible and standardized. However, various hardware makers are trying to create a different atmosphere with ARM devices. I think that there is a good chance that eventually a standard, accessible group of devices will arrive, but that has not yet happened. That's because everyone is still trying to grab the biggest slice of pie. There's no entrenched player that other companies are willing to join together to try and fight. It's a bit like the computer market back when we had all kinds of competing systems and hardware architectures (remember the TI 99/4A, the VIC 20, the TRS-80, the Timex/Sinclair 1000, the Apple II, etc.?). It's a bit different as well of course. One difference is that at this point, these companies should know better, and so should we. Of course, there have been a few devices, like the Nook Color, for example, which weren't locked down and you could load anything you wanted on. This seems more or less accidental, and there is certainly no standard.

mylestonnies
mylestonnies

Apple makes the hardware (indirectly). They create the device right from hardware design through to OS and UI. Microsoft only creates the OS. They are a software company except for Xbox and a failed Zune. I believe that this also relates to market share. MS has a potentially huge impact if they become the dominant tablet OS (this is still remains to be seen). If Microsoft made the tablet (hardware) I would be more okay with the UEFI Secure Boot. But they don't and I do not think they should dictate that level of control to the OEM (IMHO). The reason - b/c if they become the the dominant tablet OS, it puts them in a position where they could influence the OEM not to provide alternative operating systems on their devices.

davepolit
davepolit

Europe doesn't produce any computers!

aroc
aroc

Hackers don't much care about support, but only whether it can be done. And Apple will not be in control of the Win8 tablets. MS would not want it done in any way that could show up "their" design by a fast-rising competitor's software. Apple is much more in that competitive category than is Linux (unfortunately).

CFWhitman
CFWhitman

I don't want to have to contact Microsoft every time I install the operating system (even if it's just registering over the Internet). If I want to move my installation from one PC to another every week, that's my business, as long as I only use the license on one PC at a time. Also, in my work I have to install Windows often. Many of the machines that it gets installed on don't have Internet access by default. It would be extremely painful to have to contact Microsoft every time we built or rebuilt another machine. Fortunately, with Windows XP we had a way around this by using a volume license edition of the operating system. Unfortunately, so far with Windows 7, we have to use the OEM copy of the operating system to avoid this issue. That means that we have to deal with the crapware that comes on the PC to begin with. We only have to clean up the operating system once and then make images of that install for others of the same model. We would much prefer, however, to begin with a clean install in the first place that didn't require activation.

Neon Samurai
Neon Samurai

We don't see the same level of agitation over Apple because the topic has been done to death; Apple is a hardware vendor who happens to write the embedded OS for it's hardware products. They do the complete package. Apple's hardware being locked down to Apple's embedded software also does not affect the wider general purpose harware market. Microsoft is a software vendor who makes demands of third party hardware manufacturers to include arbitrary limitations (there is no reason other OS can't run on ARM and indeed already run very well on the processor platform). Microsoft also has a very real ability to harm the market by having general purpose hardware limited to a single software OS brand. If MIcrosoft make's it's own hardware and an embedded OS for it then all the power too them.

blarman
blarman

... that those writing the documentation assume everyone who will be reading it knows as much about the product as they do. I want documentation that assumes I have never touched their product before and can walk me through a task without assuming I am a lifelong administrator of said product. ALL the major manufacturers (Microsoft, Oracle, etc.) make this mistake. The thing that they fail to realize is that they can cut down on the number of support calls they receive if they only create decent documentation in the first place. Now I agree that this has to be tempered with the quantity of requests, but, seriously, it can be done a lot better than it is.

rduncan
rduncan

is a term for *nix based systems and doesn't apply to the PC platform which is an independent platform that you have full power over when you buy it. i.e you own the hardware independently of the software, hardware has an interactive BIOS- this has nothing to do with Microsoft. I think the 'secure boot' is a dirty trick but why single out Microsoft unless you have some neurosis about a particular vendor - oh wait- you do! I think this new form of 'lock in' will turn out to be easily bypassed & quite illegal. the game is Monopoly no checkers - what's not to understand?

lord_beavis
lord_beavis

Someone with something relevant to say. If MS wants to make their own hardware, I say let them have at it. I still can't believe that they get away with strong arming the current hardware vendors. I applauded Dell for offering Linux on their computers and then MS had that planted Ubuntu hater in Wisconsin that put a negative light (thanks to the Liberal media) on Linux.

rpollard
rpollard

Well said. They have hardware sales at stake and want high quality therefore want to control the "openness" of their platform. I've had it with low quality PCs that fall apart in and out of warranty because they are trying to cut corners just to survive. MS had the world or at least the fanboys convinced, that they wanted freedom of choice after people got upset at the possibility that they may not have any choices of their OS if they buy a locked Win8 PC. They saw the uproar that caused and backed down without admitting they were planning on locking PCs up. I have no doubt they will do it if they can get away with it. But the way to succeed in locking up PCs UEFI crap in place and make it very difficult to get around without appearing like they are purposely trying to lock out other OSes. Without admitting the real reason they will come up with some half baked crap about making your PC more secure and therefore since they know what's best for us and we don't, they get away with it. This is sort of like the government does things. They slip things in without asking permission and then tell half truths and divert attention long enough to let it take hold. Then there's nothing you can do but gripe about it and move on.

Deadly Ernest
Deadly Ernest

that make computers. Mind you, if you want to limit things to companies that make all their components in their country, I don't think the USA make any computers either

TechRepublicDoug
TechRepublicDoug

I didn't know the hated liberal media had taken a stand on the BIOS vs UEFI controversy. And if Dell can be turned back by one MS plant of a Ubuntu hater, it should be turned back, IMHO.