An argument against the new secure boot feature in Windows 8

Donovan Colbert argues that settling for mandatory, walled gardens is giving away the liberty to use your hardware as you see fit.

In a recent post on ZDNet, Ed Bott defends Microsoft's decision to integrate Windows 8 more tightly with hardware platforms through locked-down boot loaders that are difficult to circumvent. Ed's argument is well researched and presented, but it fails to ask the most important question of all: What is gained by requiring ARM-based Windows 8 devices to support a "secure boot" locked boot loader? What does Microsoft gain from this policy and what are the gains for end users?

In his article, his private blog, and a follow-up discussion on Google+, Ed argues that this is all about security and a more reliable, stable end-user experience. I don't think that the improved security can really be argued. Apple has demonstrated that through their iOS model (and really, to a lesser extent, through OS X, which requires special hardware to run OS X — even if that hardware will readily run other IA86/64 architecture OS platforms).

There's no doubt that Apple's carefully curated, locked-down, and walled garden pays dividends on a more reliable user experience for the lowest common denominator of PC user. But the price of that security is huge, because it requires Apple users to place unconditional trust in the integrity and ethical stewardship of Apple. In addition, the carefully managed and restricted hardware ecosystem enables Apple to engage their end users in a cat-and-mouse game, where the most technical iOS users constantly try to jailbreak their iPads, iPhones, and iPod Touches — and Apple pushes out updates that I think goes beyond just trying to disable the jailbreak. In fact, it seems to me that Apple sheds no tears when an iOS update bricks jailbroken devices.

Here is my response to Ed's post on his Google+ stream:

I think there can be a balance. The problem with locked-down ecosystems is that they give too much control to the corporations behind the platforms. They're not transparent enough — and it is clear that disclosure is not a top priority for the organizations behind these kind of devices. You can lock down a system for consumer end use but still make it easily hacked and opened by more technical consumers.

Android has everything in place to make the default end-user experience more curated — all they would have to do is start policing their market better. At the same time, it's an easy thing to enable side-loading and to allow "development" apps to run. The TF201 by ASUS is a great example of a product where the device sells with a locked-down boot loader, but they've made the utility available so that you can disable the locks if you're inclined (at your own risk).

Settling for mandatory walled gardens is giving away the liberty to use your hardware as you see fit. I don't think we should let the convenience and safety of the lowest rung of technology users set the defaults for user access to hardware and platforms. This is kind of a variation on the classical theme of giving up liberty for security. I don't want the lowest common denominator setting the bar for the accessibility of my devices.

Someone said if there's a demand for open platforms, it will be met. But if it's a niche of technology users, the price for those platforms will be outrageously inflated. It goes without saying that open systems allow the technically adept to investigate and protect everyone else, as was the case with CarrierID. On a system that's locked down to the point where it's difficult for anyone to hack, those kind of secrets are less likely to see the light of day.

There's no reason why mainstream devices can't provide a carefully monitored and curated experience, while also maintaining accessibility and openness for those who are skilled and willing to take the risk. This emerging philosophy from Microsoft is one of the major deal breakers for me with WP7. I don't want to be restricted by Apple's walled garden, so why would I settle for Microsoft's?

My analysis is more about extending the philosophies of Windows Genuine Assurance in an attempt to finally put a dagger in the heart of the long-standing battle Microsoft has waged against platform piracy than about providing end users a better experience. It's the ultimate extension of Microsoft's desire to see users play by their rules and on their approved hardware.

In that regard, it probably will address a lot of the challenges Microsoft has faced with providing an "every PC" operating system. They'll be able to do away with their HCL, because if it runs on a hardware platform, it will be a HCL-approved device by default. Fortunately, Microsoft is not dominant in this playground. Ironically, Google Android is — the same Android platform that's maligned for being insecure and running on wildly fractured devices and OS versions. However, these are the same qualities that made Windows dominant through the 90s.

Ultimately, I don't think it will make a big difference what Microsoft does with Windows 8 running on ARM-based devices, if they decide to go this route. Instead, it will be another attempt by Microsoft to become viable in the personal digital media device market, but largely disregarded by consumers and technology professionals.

After all, we've already got a vendor with a huge head start, lots of experience, and a rich ecosystem delivering this model. What kind of value-add does Microsoft bring, when they're rapidly losing traction on their traditional model that used to provide an incentive to buy into their platform? I've been wrong before about things like this, but I just can't see where this approach offers a compelling reason for Android and iOS adopters to switch back — and I don't think there are enough Microsoft loyalists waiting for this platform to make it work.


Donovan Colbert has over 16 years of experience in the IT Industry. He's worked in help-desk, enterprise software support, systems administration and engineering, IT management, and is a regular contributor for TechRepublic. Currently, his profession...

Editor's Picks