Linux kernel developer Matthew Garrett has highlighted a rather alarming feature in Windows 8, the process of a secure boot, using which, theoretically, Microsoft could lock out other operating systems from running on hardware which comes with Windows 8 preloaded.
Windows 8 uses some of the specifications for the Unified Extensible Firmware Interface - that defines a software interface between an operating system and platform firmware - namely the secure boot protocol, to ensure exclusive booting rights on harbdware.
The system firmware can contain one or more signed keys and any executable that is not signed by these keys cannot boot on said system. Another set of keys - called Pkek - allows for communication between the operating system and the firmware.
According to Garrett, an operating system with matching Pkek keys can add more keys to a whitelist - or a blacklist. In the latter case, any executable which has a key on the blacklist will not boot.
All these years millions of people have been buying hardware which comes preloaded with Windows - no grey-box vendor will sell a naked PC - and then loading GNU/Linux on it.
Of course, the hardier ones build their own machines from scratch.
As Garrett points out, there is no centralised authority to issue the UEFI keys. If an OEM vendor does it, then unless one can get the same vendor to sign one's code, the chances of booting it on that machine are precisely zero.
This will have an impact on both hardware and software - hardware that does not have the right key to communicate with the firmware cannot be added to the machine in question. The same goes for software.
The Windows 8 logo will only be allowed to be put on machines that offer a secure boot. This means that one cannot even install another version of Windows on that box.
If vendors decide to do so, the process of key-signing could be offered as an option that can be turned off, either by a jumper on the motherboard or else through an option in the BIOS.
But Garrett notes that firmware makers are generally not interested in offering anything other than the barebones features which they need for the market segment to which they cater. He adds that while it is not time for GNU/Linux users to panic, people should be concerned.