Home opinion-and-analysis Open Sauce 'Secure' boot: much to be scared about

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

'Secure' boot: much to be scared about Featured

The Linux Foundation had prepared a sensible document on how secure boot could be managed without the danger of pushing some company or the other to the wall or infringing on anyone's rights. But did either of these companies' decision-makers even bother to read it? Could they have understood it if they had?

Now we have exactly the situation that Microsoft wants - every man for himself. There are numerous questions which remain unanswered but few of them are being asked in public.

Let's remember that on the x86 platform it will be possible to turn off secure boot. The reasons are simple - Microsoft, a convicted monopolist, does not want to attract the US government's attention again, even though it no longer has to operate under the consent decree of the US department of justice. And then, it has to leave a way open for those who want to install other versions of Windows, like 7 or XP, which do not support secure boot.

Anyone who thinks that outside pressure has made Microsoft rethink its original design for secure boot is deluding themselves. CEO Steve Ballmer, who has been dubbed the worst leader of a company in the US, has bet the company's future on a single technology, Windows 8, and he is a tough cookie.

Says Forno: "I would expect DOJ to get involved (or the EU) if such anti-competitive issues are raised - but as far as government 'clout' (goes)?? I think MS lost whatever major clout it had after the antitrust decision came down. The only influence MS has with the government these days, I think, is the sheer number of products installed throughout its bureaucracy.....and seeing how slow the USG is to change anything, I'd say MS has the upper hand in that situation."

On the ARM platform, where Microsoft is not the dominant player, the company has mandated to OEMs that any device that comes loaded with Windows 8 should not be able to deactivate secure boot.

One of the features of Windows 8 will be improved boot times. If one has an SSD, then boot times could be less than 10 seconds. Within this time, it will not be possible to hit a key - say F10 or Del - as one does now to enter the BIOS. Of course, the BIOS will no longer be there, one would enter the UEFI interface if that was possible.

Given this, Windows 8 will provide an interface after booting for those who want to tinker with the UEFI features. Let's assume that one uses this interface to turn off secure boot in order to install an operating system other than Windows 8. After that how does one turn it back on? Nobody knows.

There are numerous people who run multiple operating systems on the one machine because they have to test their code on different platforms. Or maybe they do it to play games. What happens when these people install virtualisation software? The machine won't boot.

What happens if a malware attack on Windows 8 makes changes to system files? The machine won't boot. This is not some outlandish scenario, Windows is still as vulnerable to malware that arrives via the web or by email.

WEBINAR 7th May 11am - WOW 802.11

Learn how Ruckus Redefines High-Speed, High Capacity Wi-Fi with Industry’s First 802.11ac Wave 2 Access Point

THIS IS ONE NOT TO MISS SO REGISTER NOW

DON'T MISS OUT - REGISTER NOW!

FREE - SYDNEY & MELBOURNE BUSINESS INTELLIGENCE EVENTS

The Holy Grail of the Business Intelligence (BI) industry – pervasive deployments and widespread end-user adoption – has remained an illusive dream for years. Until now!

REGISTER & SECURE YOU PLACE / BRING A FRIEND

Melbourne - venue Captain Melville’s CBD 2:30 – 6:00pm, Tuesday 28th April

Sydney - venue Redoak CBD 2:30 – 6:00pm, Thursday 30th April

DON'T MISS OUT - MELBOURNE REGISTER NOW!

DON'T MISS OUT - SYDNEY REGISTER NOW!

FREE WHITEPAPER - RISKS OF MOVING DATABASES TO VMWARE

VMware changed the rules about the server resources required to keep a database responding

It's now more difficult for DBAs to see interaction between the database and server resources

This whitepaper highlights the key differences between performance management between physical and virtual servers, and maps out the five most common trouble spots when moving production databases to VMware

1. Innacurate metrics
2. Dynamic resource allocation
3. No control over Host Resources
4. Limited DBA visibility
5. Mutual ignorance

Don't move your database to VMware before learning about these potential risks, download this FREE Whitepaper now!

DOWNLOAD!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.

Connect