Home opinion-and-analysis Open Sauce Microsoft's new secure boot strategy will suit Linux firms
Microsoft's new secure boot strategy will suit Linux firms Featured

Linux companies Red Hat, SUSE and Canonical will benefit from the decision by Microsoft to suggest that OEMs not provide a means of turning off secure boot on PCs running Windows 10.

Microsoft made its intentions known during its WinHEC conference in Shenzhen, China, in March, when it announced that in the case of hardware that was installed with Windows 10, it would be leaving the choice of having a means to turn off secure boot up to the vendor.

When secure boot was introduced by Microsoft, along with Windows 8, ostensibly as a means to improve security, it mandated that OEMs had to provide a means for turning it off on the x86 platform. It could not do otherwise as it has in the past been convicted of monopolistic trade practices.

Secure boot is a part of the specification for the Unified Extensible Firmware Interface (UEFI), the replacement for the motherboard firmware or BIOS.

When a machine running Windows 8 installed by a PC vendor boots, an exchange of cryptographic keys takes place so that there can be verification that the operating system attempting to boot is the same that was installed. There are further key exchanges before the machine becomes usable.

When Microsoft implemented secure boot for Windows 8, it assigned the task of handling the key-signing authority to VeriSign. But since it controls this authority, any operating system that one attempts to boot on hardware which comes installed with Windows 8, will also have to support secure boot.

Else, one has to get into the UEFI interface and turn off secure boot.

The three main Linux companies Red Hat, SUSE, and Canonical — the last-named being the parent firm of the Ubuntu distribution — have each devised ways (1, 2, 3) to support secure boot. While some other distributions also do so, using the same code as that used by these three, many do not.

Thus, if it was impossible to turn off secure boot on a PC and one wanted to install Linux on it, then the only option would be to use a distribution that supported secure boot.

While the commercial offerings from these three companies come at a cost, all three have free distributions too – Red Hat has its community distribution Fedora, SUSE has openSUSE and Ubuntu is free for download and use.

That may be one reason why they are reluctant to offer any comment on Microsoft's new strategy. The strategy underlines the fact that Microsoft's old extend-embrace-extinguish methodology is still very much part of the company, no matter that the new chief executive Satya Nadella has made plenty of nice noises since he took over from the aggressive Steve Ballmer.

All three companies were asked about their reactions to the new Microsoft strategy. Red Hat's response through a PR person, after being reminded, was "Unfortunately, there is no available spokesperson to provide a comment at the moment."

SUSE's initial response, through its PR person, was: "The SUSE guys have been travelling a fair bit, hence the delay in responding to you on this. Can I find out if you're still planning to write a story on this or if you've decided to put this on the backburner as it'll determine how much I need to pursue this with SUSE."

When I confirmed that I was not asking questions of them to pass the time of day, the PR person responded: "Will get back to you in the next two days max with some responses." That was on April 1, hence one is unsure whether it was said in jest or not.

Canonical, the parent company of Ubuntu, appeared to be somewhat disoriented about the query. While their PR person said they would "come back with a response when we can", the next response seemed a bit odd: "We can't comment on forthcoming updates but we'll be in touch later on in April to advise on the features of the next update."

Microsoft was as evasive as it is usually. Initially, it was "I've passed this onto the Microsoft team who will be in touch." After a reminder, there was a response, again, curiously, on April 1, "...apologies – I believe my colleague ....... was reaching out to you." Apparently, the latter individual's reach was not long enough.

Back in 2011, when it was known that Microsoft was planning to implement secure boot, the Linux companies and the so-called Linux community too, turned a blind eye and got agitated much later on. This time is no different.

And you can always trust Linux companies and the Linux Foundation to stay mum whenever Microsoft ups the ante. Whether this is due to a lack of a backbone or just apathy is difficult to tell.


With 50+ Speakers, 300+ senior data and analytics executives, over 3 exciting days you will indulge in all things data and analytics before leaving with strategic takeaways that will catapult you ahead on your journey

· CDAO Sydney is designed to bring together senior executives in data and analytics from progressive organisations
· Improve operations and services
· Future proof your organisation in this rapidly changing technological landscape
· CDAO Sydney 2-4 April 2019
· Don’t miss out! Register Today!
· Want to find out more? Download the Agenda



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Popular News




Sponsored News