Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 07 May 2015 17:43

Microsoft's new secure boot strategy will suit Linux firms Featured


Linux companies Red Hat, SUSE and Canonical will benefit from the decision by Microsoft to suggest that OEMs not provide a means of turning off secure boot on PCs running Windows 10.

Microsoft made its intentions known during its WinHEC conference in Shenzhen, China, in March, when it announced that in the case of hardware that was installed with Windows 10, it would be leaving the choice of having a means to turn off secure boot up to the vendor.

When secure boot was introduced by Microsoft, along with Windows 8, ostensibly as a means to improve security, it mandated that OEMs had to provide a means for turning it off on the x86 platform. It could not do otherwise as it has in the past been convicted of monopolistic trade practices.

Secure boot is a part of the specification for the Unified Extensible Firmware Interface (UEFI), the replacement for the motherboard firmware or BIOS.

When a machine running Windows 8 installed by a PC vendor boots, an exchange of cryptographic keys takes place so that there can be verification that the operating system attempting to boot is the same that was installed. There are further key exchanges before the machine becomes usable.

When Microsoft implemented secure boot for Windows 8, it assigned the task of handling the key-signing authority to VeriSign. But since it controls this authority, any operating system that one attempts to boot on hardware which comes installed with Windows 8, will also have to support secure boot.

Else, one has to get into the UEFI interface and turn off secure boot.

The three main Linux companies Red Hat, SUSE, and Canonical — the last-named being the parent firm of the Ubuntu distribution — have each devised ways (1, 2, 3) to support secure boot. While some other distributions also do so, using the same code as that used by these three, many do not.

Thus, if it was impossible to turn off secure boot on a PC and one wanted to install Linux on it, then the only option would be to use a distribution that supported secure boot.

While the commercial offerings from these three companies come at a cost, all three have free distributions too – Red Hat has its community distribution Fedora, SUSE has openSUSE and Ubuntu is free for download and use.

That may be one reason why they are reluctant to offer any comment on Microsoft's new strategy. The strategy underlines the fact that Microsoft's old extend-embrace-extinguish methodology is still very much part of the company, no matter that the new chief executive Satya Nadella has made plenty of nice noises since he took over from the aggressive Steve Ballmer.

All three companies were asked about their reactions to the new Microsoft strategy. Red Hat's response through a PR person, after being reminded, was "Unfortunately, there is no available spokesperson to provide a comment at the moment."

SUSE's initial response, through its PR person, was: "The SUSE guys have been travelling a fair bit, hence the delay in responding to you on this. Can I find out if you're still planning to write a story on this or if you've decided to put this on the backburner as it'll determine how much I need to pursue this with SUSE."

When I confirmed that I was not asking questions of them to pass the time of day, the PR person responded: "Will get back to you in the next two days max with some responses." That was on April 1, hence one is unsure whether it was said in jest or not.

Canonical, the parent company of Ubuntu, appeared to be somewhat disoriented about the query. While their PR person said they would "come back with a response when we can", the next response seemed a bit odd: "We can't comment on forthcoming updates but we'll be in touch later on in April to advise on the features of the next update."

Microsoft was as evasive as it is usually. Initially, it was "I've passed this onto the Microsoft team who will be in touch." After a reminder, there was a response, again, curiously, on April 1, "...apologies – I believe my colleague ....... was reaching out to you." Apparently, the latter individual's reach was not long enough.

Back in 2011, when it was known that Microsoft was planning to implement secure boot, the Linux companies and the so-called Linux community too, turned a blind eye and got agitated much later on. This time is no different.

And you can always trust Linux companies and the Linux Foundation to stay mum whenever Microsoft ups the ante. Whether this is due to a lack of a backbone or just apathy is difficult to tell.



Recently iTWire remodelled and relaunched how we approach "Sponsored Content" and this is now referred to as "Promotional News and Content”.

This repositioning of our promotional stories has come about due to customer focus groups and their feedback from PR firms, bloggers and advertising firms.

Your Promotional story will be prominently displayed on the Home Page.

We will also provide you with a second post that will be displayed on every page on the right hand side for at least 6 weeks and also it will appear for 4 weeks in the newsletter every day that goes to 75,000 readers twice daily.




Denodo, the leader in data virtualisation, has announced a debate-style three-part Experts Roundtable Series, with the first event to be hosted in the APAC region.

The round table will feature high-level executives and thought leaders from some of the region’s most influential organisations.

They will debate the latest trends in cloud adoption and technologies altering the data management industry.

The debate will centre on the recently-published Denodo 2020 Global Cloud Survey.

To discover more and register for the event, please click the button below.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Webinars & Events