Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Microsoft tightens Windows 10's Secure Boot screws: Where does that leave Linux?

Chris Hoffman | March 26, 2015
The news sounds ominous for open-source aficionados: Windows 10 PCs are going to be locked down even tighter than ever before.

In practice, this will probably end up harder than it looks, as one recent example drives home. The firmware-checking feature in Intel processors allows manufacturers to choose whether or not to lock CPUs down to run manufacturer-provided firmware alone. And every single hardware maker chose to lock it up tight until the free- and open-obsessed Purism recently realized that manufacturers could choose to disable the feature. There is no way to get your hands on a PC that doesn't require proprietary firmware beyond having a boutique manufacturer like Purism build it.

There's much more demand for Linux than free and open source processor firmware, so it probably won't be quite as hard to find Windows 10 PCs with the option to disable Secure Boot intact — but still. It's possible that standard laptops will be locked down tight, keeping Secure Boot enabled and not allowing you to install your own key. If you want fancy Secure Boot toggles, you may have to purchase a more expensive notebook like Dell's "Developer Edition" line of Linux laptops. Businesses that would like such a feature may need to choose expensive business laptops. Forget just grabbing any old PC off the shelf and trying to install Linux.

But perhaps Linux will be fine!

In this future, the worst-case scenario means you'll need to hunt down special PCs designed for Linux — ones that will likely be more expensive. Say goodbye to running Linux on all those PCs that came with Windows, just as you can't install Linux on an iPad today. Linux PCs will exist, but they'll be specialty, expensive bits of kit.

But is that bleak future really so possible? We're leaving out a big piece of the puzzle here. Modern versions of some Linux distributions, including Ubuntu and Fedora, will install just fine on a Windows PC that has Secure Boot enabled. Microsoft actually signs Canonical's Ubuntu boot loader and Fedora's boot loader with a Microsoft corporation key.

The rise of mandatory, locked Secure Boot could create a problem for smaller Linux distributions or custom Linux systems — but the Linux Foundation Secure Boot System is a generic loader signed by Microsoft that should allow any Linux system to boot on PCs with Secure Boot enabled.

So, perhaps this isn't a big problem. Perhaps so many of the kinks have been worked out that Microsoft can now start tightening the Secure Boot screws without locking out Linux at all. Perhaps everyone wins!

Want to stay up to date on Linux, BSD, Chrome OS, and the rest of the World Beyond Windows? Bookmark the World Beyond Windows column page or follow our RSS feed.


Previous Page  1  2  3  Next Page 

Sign up for CIO Asia eNewsletters.