Various media outlets are today carrying an AAP report of a survey that purports to show increased support for the NBN. Had these outlets dug a bit deeper they might have found that the story was somewhat different.
Is Microsoft finally resigned to the fact that Windows can never again be the dominant operating system on our planet? Or is the behemoth planning to make one final attempt to control what you use?
Linux kernel developer Matthew Garrett has highlighted a rather alarming feature in Windows 8, the process of a secure boot, using which, theoretically, Microsoft could lock out other operating systems from running on hardware which comes with Windows 8 preloaded.
Windows 8 uses some of the specifications for the Unified Extensible Firmware Interface - that defines a software interface between an operating system and platform firmware - namely the secure boot protocol, to ensure exclusive booting rights on hadware.
The system firmware can contain one or more signed keys and any executable that is not signed by these keys cannot boot on said system. Another set of keys - called Pkek - allows for communication between the operating system and the firmware.
According to Garrett, an operating system with matching Pkek keys can add more keys to a whitelist - or a blacklist. In the latter case, any executable which has a key on the blacklist will not boot.
All these years millions of people have been buying hardware which comes preloaded with Windows - no grey-box vendor will sell a naked PC - and then loading GNU/Linux on it.
Of course, the hardier ones build their own machines from scratch.
As Garrett points out, there is no centralised authority to issue the UEFI keys. If an OEM vendor does it, then unless one can get the same vendor to sign one's code, the chances of booting it on that machine are precisely zero.
This will have an impact on both hardware and software - hardware that does not have the right key to communicate with the firmware cannot be added to the machine in question. The same goes for software.
The Windows 8 logo will only be allowed to be put on machines that offer a secure boot. This means that one cannot even install another version of Windows on that box.
If vendors decide to do so, the process of key-signing could be offered as an option that can be turned off, either by a jumper on the motherboard or else through an option in the BIOS.
But Garrett notes that firmware makers are generally not interested in offering anything other than the barebones features which they need for the market segment to which they cater. He adds that while it is not time for GNU/Linux users to panic, people should be concerned.
The Linux Weekly News website has linked to a video from Microsoft that explains the secure boot process in Windows 8 in detail.
David Frost
| SYDNEY, Feb. 22, 2012—Silver Peak Systems, the leader in data centre class wide area network (WAN) optimisation, today continues to revoluti…
How to Make Business Discovery Work for Your Business
Business Discovery takes its cues from consumer apps. Like Google, it encourages us- ers to hunt for and explore data without worrying about or even noticing the underly- ing technology. Their entire experience is working within an intuitive interface to get real-time, self-service results with only minimal training. ...more
Try an easy-to-use set of web-enabled
tools for business-class productivity services. Office 365 provides
anywhere-access to email, important documents, contacts, and calendars
on almost any device.
