Home opinion-and-analysis Open Sauce 'Secure' boot: much to be scared about

Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

'Secure' boot: much to be scared about Featured

The Linux Foundation had prepared a sensible document on how secure boot could be managed without the danger of pushing some company or the other to the wall or infringing on anyone's rights. But did either of these companies' decision-makers even bother to read it? Could they have understood it if they had?

Now we have exactly the situation that Microsoft wants - every man for himself. There are numerous questions which remain unanswered but few of them are being asked in public.

Let's remember that on the x86 platform it will be possible to turn off secure boot. The reasons are simple - Microsoft, a convicted monopolist, does not want to attract the US government's attention again, even though it no longer has to operate under the consent decree of the US department of justice. And then, it has to leave a way open for those who want to install other versions of Windows, like 7 or XP, which do not support secure boot.

Anyone who thinks that outside pressure has made Microsoft rethink its original design for secure boot is deluding themselves. CEO Steve Ballmer, who has been dubbed the worst leader of a company in the US, has bet the company's future on a single technology, Windows 8, and he is a tough cookie.

Says Forno: "I would expect DOJ to get involved (or the EU) if such anti-competitive issues are raised - but as far as government 'clout' (goes)?? I think MS lost whatever major clout it had after the antitrust decision came down. The only influence MS has with the government these days, I think, is the sheer number of products installed throughout its bureaucracy.....and seeing how slow the USG is to change anything, I'd say MS has the upper hand in that situation."

On the ARM platform, where Microsoft is not the dominant player, the company has mandated to OEMs that any device that comes loaded with Windows 8 should not be able to deactivate secure boot.

One of the features of Windows 8 will be improved boot times. If one has an SSD, then boot times could be less than 10 seconds. Within this time, it will not be possible to hit a key - say F10 or Del - as one does now to enter the BIOS. Of course, the BIOS will no longer be there, one would enter the UEFI interface if that was possible.

Given this, Windows 8 will provide an interface after booting for those who want to tinker with the UEFI features. Let's assume that one uses this interface to turn off secure boot in order to install an operating system other than Windows 8. After that how does one turn it back on? Nobody knows.

There are numerous people who run multiple operating systems on the one machine because they have to test their code on different platforms. Or maybe they do it to play games. What happens when these people install virtualisation software? The machine won't boot.

What happens if a malware attack on Windows 8 makes changes to system files? The machine won't boot. This is not some outlandish scenario, Windows is still as vulnerable to malware that arrives via the web or by email.


Does your remote support strategy keep you and your CEO awake at night?

Today’s remote support solutions offer much more than just remote control for PCs. Their functional footprint is expanding to include support for more devices and richer analytics for trend analysis and supervisor dashboards.

It is imperative that service executives acquaint themselves with the new features and capabilities being introduced by leading remote support platforms and find ways to leverage the capabilities beyond technical support.

Field services, education services, professional services, and managed services are all increasing adoption of these tools to boost productivity and avoid on-site visits.

Which product is easiest to deploy, has the best maintenance mode capabilities, the best mobile access and custom reporting, dynamic thresholds setting, and enhanced discovery capabilities?

To find out all you need to know about using remote support to improve your bottom line, download this FREE Whitepaper.


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.