Author's Opinion

The views in this column are those of the author and do not necessarily reflect the views of iTWire.

Have your say and comment below.

Thursday, 07 May 2015 17:43

Microsoft's new secure boot strategy will suit Linux firms Featured


Linux companies Red Hat, SUSE and Canonical will benefit from the decision by Microsoft to suggest that OEMs not provide a means of turning off secure boot on PCs running Windows 10.

Microsoft made its intentions known during its WinHEC conference in Shenzhen, China, in March, when it announced that in the case of hardware that was installed with Windows 10, it would be leaving the choice of having a means to turn off secure boot up to the vendor.

When secure boot was introduced by Microsoft, along with Windows 8, ostensibly as a means to improve security, it mandated that OEMs had to provide a means for turning it off on the x86 platform. It could not do otherwise as it has in the past been convicted of monopolistic trade practices.

Secure boot is a part of the specification for the Unified Extensible Firmware Interface (UEFI), the replacement for the motherboard firmware or BIOS.

When a machine running Windows 8 installed by a PC vendor boots, an exchange of cryptographic keys takes place so that there can be verification that the operating system attempting to boot is the same that was installed. There are further key exchanges before the machine becomes usable.

When Microsoft implemented secure boot for Windows 8, it assigned the task of handling the key-signing authority to VeriSign. But since it controls this authority, any operating system that one attempts to boot on hardware which comes installed with Windows 8, will also have to support secure boot.

Else, one has to get into the UEFI interface and turn off secure boot.

The three main Linux companies Red Hat, SUSE, and Canonical — the last-named being the parent firm of the Ubuntu distribution — have each devised ways (1, 2, 3) to support secure boot. While some other distributions also do so, using the same code as that used by these three, many do not.

Thus, if it was impossible to turn off secure boot on a PC and one wanted to install Linux on it, then the only option would be to use a distribution that supported secure boot.

While the commercial offerings from these three companies come at a cost, all three have free distributions too – Red Hat has its community distribution Fedora, SUSE has openSUSE and Ubuntu is free for download and use.

That may be one reason why they are reluctant to offer any comment on Microsoft's new strategy. The strategy underlines the fact that Microsoft's old extend-embrace-extinguish methodology is still very much part of the company, no matter that the new chief executive Satya Nadella has made plenty of nice noises since he took over from the aggressive Steve Ballmer.

All three companies were asked about their reactions to the new Microsoft strategy. Red Hat's response through a PR person, after being reminded, was "Unfortunately, there is no available spokesperson to provide a comment at the moment."

SUSE's initial response, through its PR person, was: "The SUSE guys have been travelling a fair bit, hence the delay in responding to you on this. Can I find out if you're still planning to write a story on this or if you've decided to put this on the backburner as it'll determine how much I need to pursue this with SUSE."

When I confirmed that I was not asking questions of them to pass the time of day, the PR person responded: "Will get back to you in the next two days max with some responses." That was on April 1, hence one is unsure whether it was said in jest or not.

Canonical, the parent company of Ubuntu, appeared to be somewhat disoriented about the query. While their PR person said they would "come back with a response when we can", the next response seemed a bit odd: "We can't comment on forthcoming updates but we'll be in touch later on in April to advise on the features of the next update."

Microsoft was as evasive as it is usually. Initially, it was "I've passed this onto the Microsoft team who will be in touch." After a reminder, there was a response, again, curiously, on April 1, "...apologies – I believe my colleague ....... was reaching out to you." Apparently, the latter individual's reach was not long enough.

Back in 2011, when it was known that Microsoft was planning to implement secure boot, the Linux companies and the so-called Linux community too, turned a blind eye and got agitated much later on. This time is no different.

And you can always trust Linux companies and the Linux Foundation to stay mum whenever Microsoft ups the ante. Whether this is due to a lack of a backbone or just apathy is difficult to tell.

Subscribe to ITWIRE UPDATE Newsletter here

Active Vs. Passive DWDM Solutions

An active approach to your growing optical transport network & connectivity needs.

Building dark fibre network infrastructure using WDM technology used to be considered a complex challenge that only carriers have the means to implement.

This has led many enterprises to build passive networks, which are inferior in quality and ultimately limit their future growth.

Why are passive solutions considered inferior? And what makes active solutions great?

Read more about these two solutions, and how PacketLight fits into all this.


WEBINAR INVITE 8th & 10th September: 5G Performing At The Edge

Don't miss the only 5G and edge performance-focused event in the industry!

Edge computing will play a critical part within digital transformation initiatives across every industry sector. It promises operational speed and efficiency, improved customer service, and reduced operational costs.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

But these technologies will only reach their full potential with assured delivery and performance – with a trust model in place.

With this in mind, we are pleased to announce a two-part digital event, sponsored by Accedian, on the 8th & 10th of September titled 5G: Performing at the Edge.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News