Microsoft blocks Linux from Windows 8 ARM hardware
Windows 8 will be locked down on ARM hardware, to the point that third-party operating systems simply won't install.
Microsoft's plans for the UEFI Secure Boot got some attention late last year when it was pointed out that by mandating the use of Secure Boot - which requires any boot-time code to be digitally signed with a unique key - the company appeared to be looking to lock third-party operating systems, such as GNU/Linux, out of PCs entirely.
Microsoft was quick to hit back at such claims, stating categorically that OEMs would provide buyers with the ability to disable the UEFI Secure Boot mode for use with non-signed operating systems. Sadly, it appears that the company missed one vital point from its statement: the fact that ARM-based systems are excluded.
According to the company's latest certification requirements document for Windows 8, while non-ARM systems - traditional desktops and laptops, in other words - will allow a 'custom' mode to be selected that prevents UEFI Secure Boot from blocking third-party unsigned code, the ARM build - for tablets and low-power laptops - must have this feature removed if manufacturers want to be able to put the Windows logo on their products.
'On an ARM system, it is forbidden to enable Custom Mode. Only Standard Mode may be enable [sic],' Microsoft's official certification guidelines state, buried on page 116 of a particularly lengthy PDF. 'Disabling Secure [Boot] MUST NOT be possible on ARM systems.'
Microsoft's apparent volte-face on the Secure Boot issue has been met with anger by open-source and free market enthusiasts. 'Unless Microsoft changes its policy, these may be the first PCs ever produced that can never run anything but Windows,' Aaron Williamson of the Software Freedom Law Center explains. 'It is clear now that opportunism, not philosophy, is guiding Microsoft's Secure Boot policy.'
Thus far, Microsoft has not responded to a request for comment on the matter. But with the likes of Qualcomm already promising a range of ARM-based tablets and laptops, a locked-down future could be just around the corner for computing.
Are you disappointed in Microsoft's decision to block open source operating systems, or is the company free to demand whatever concessions it feels like as part of its hardware certification programme? Share your thoughts over in the forums.
Previous Article
64 Comments
Discuss in the forums ReplyHTC and Sony already provide bootloader unlock tools for those who choose to load custom ROMs on their phones. My Galaxy S is completely unlocked, and has been better off as a result.
When? That realm has only ever applied to Linux/Unix ¬.¬
MS: We need to embrace ARM or risk loosing new markets.
Intel: Fine, as long as you protect our existing market!
Relative to Apple :P And for those who Game :)
I believe they might have been referring to how Windows has always come pre-installed on hardware that you can do anything you want with and install any program from any source you want
Yes.
For the same reason you moan about Apple's closed garden: it's your hardware; you paid for it, you own it (as opposed to the software on it, of which you only own the right to use it within defined parameters), you want to use it as you see fit.
Thinking about this I would say one of the big reasons for MS to do this would be to stop effective 'jailbreaking' of devices with a hacked version of their OS, no? Since no unauthorised bootloader can run, no hacked os can be installed, meaning no unsigned software will run, locking in revnue for MS. I would say the blocking of installation of a 3rd party open source OS on ARM devices must be an unfortunate/fortunate coincidence. Bravo Bill, well played!
Of course, enthusiasts will bemoan the restriction, myself included, but as Snips said, it's only the minority. M$ won't care, the manufacturers that side with them won't care and the majority of people who buy W8 phones won't care.
I however, do care. Getting a bit tired of people like Sony, M$ and Apple telling us what we can and can't do with something we've paid hard earned money for. This is nothing short of a hardware EULA. If I buy a phone and decide I want to use it as a toaster, who the hell are they to stop me?
MS needs to realize that they can't just get into any category they want. To me, the main reason they're doing this is because Linux already has a massive head-start in the ARM department. You can run a very functional linux setup using arm. Also, android, a linux based OS, should be able to be installed on ARM computers while, AFAIK, windows phone OSes cannot. MS is just a bunch of sore loosers.
Steveo, I don't see how this protects intel's current market.
Surely that should be possible?
Or does "digitally signed with a unique key" really mean "digitally signed by Microsoft with a unique key from Microsoft"
For others talking about smartphones: this is about ARM-based tablets and laptops running Windows 8, not ARM-based smartphones running Windows Phone; two very different things.
Why does it make more of a news story when MS do it using an open standard (Secure boot) than when Apple do it?
actually, you can. people have got android and linux working on iphone before. and besides, it's expected at this point that apple makes such a restriction, but not MS. also, people who care about installing a different OS on a device would rather pay less for an android compatible device which generally would have better hardware.
even back when apple used PPC for their macs, they didn't prohibit you from installing another os on the hardware. BeOS was a major competitor to mac because it worked on PPC. the problem here is MS is telling companies to make the hardware incompatible with other OSes, which is something that not even apple will do.
the crappy thing is an OS cannot be restricted to a specific manufacturer of hardware, however, hardware is allowed to be restricted to a specific OS.
That's easy to say until you realise that Raspberry Pi is hilariously slow. Good for learning to program, not good for using.
Actually, that's not entirely correct. Apple's Operating System (i.e. OS X) EULA states that you may only install it on Apple hardware.. That's an OS being restricted to a specific manufacturer of hardware - their own.
no, the EULA states it must be an apple BRANDED computer. apple doesn't really manufacture anything electronic, and they don't design much of the electronics either. it is unlawful for them to say you must use a specific motherboard with a specific cpu manufacturer and so on in order to run OSX.
because of this, apple can't sue you for using hackintosh, as long as you actually owned the retail version of OSX, if the computer is apple branded (and yes, stickers count as branding), and as long as you don't distribute the computer with OSX on it. it's still a contract violation, but apple can't sue you over it. they can, however, sue you if you pirated OSX and/or distribute non-apple branded computers with OSX on it.
So must be a security point off view (and to secure your warrenties) personaly i don't care as im not likely to own a ARM based laptop/tablet may as well get a Andord one
Lets face it this really is pointed towards the new Arm/Win 8 tablets coming. I cant see Arm PC's being that popular and the manufacturers wont bother with Win 8 cert as well as I have said it wont be a massive market outside tablets and phones.
Intel has the desktop market cornered for the now, AMD looks weak for the now and Arm. Sorry I cant see them muscling in all that much.
That brings us back to tablets and phones, I cant say I can think of anyone manufactured tablet or phone that comes with no OS at all. So your going to buy a model depending on the OS installed, so no Win 8 in, no need for a hardware cert.
Also I believe that in the deep dark corners of HP HQ, WebOS was port or made to work on an iPad. The result was part of the reason WebOS and the Touchpad together were seen as a flop.
Over here locking down phones and tablets is common practice.
Most people don't and will not notice.
I also wouldn't count on many computers having that option. Just one more thing to mess with, and considering they are now skipping HD, caps and numlock indicators on low end laptops now, I don't have a lot of hope of a bios switch or getting most companies to cough up a code to unlock it. A few will, and someone will hack it, but I wouldn't count on it from manufacturers.
^This. :(
If you are of the "don't know/don't care" crowd then thats fine, but you don't get to bitch later when Microsoft decides to shut down services you were using ::cough:: zune ::cough:: and leave you in the dark. Them's the breaks in any walled garden.
Just like with Apple, most people wont care they can't install a dual boot OS since most wont even know how to or understand why they need to.
The enthusiast market is as per the above not too happy about it but lets just wait for Win8 to decide on whether we want a droid or linux boot option. Just like netbooks when they first came out, maybe tablets will finally take off once Microsoft joins the party.
I think tablets have been doing just fine without Microsoft --which is why every manufacturer is so keen to join the party, and Microsoft has actually revamped the GUI of their flagship OS for it.
It depends on the market. Here in Portugal, Android tablets were a best seller this Christmas, specially those that had a low price compared to the iPad.
It used to be, until Android Gingerbread, which I think has the edge over iOS when it comes to tablets (on the small screen, iOS won out --until Windows Mobile 7 which I think is like garlic bread: taste it, and you realise it's the future). And the latest Asus tablets look pretty good.
I'm really liking what Microsoft is doing with the Win8 Metro interface --if it can keep CPU requirements and battery life reasonable! I have a Motion Computing LE1600 tablet with a Centrino and XP and although it is a beautifully made piece of kit, it has a 3 hour battery life and playing a Youtube video causes it to overheat. No, no, no, no, no...
WM7 to me is just awful. I've tried it and it just feels like it was designed by a child. I use my Phone for srs business and all the colours and squares look like they'd be more at home on CBBC than on my screen. The whole Metro interface in my opinion is just a massive step in the wrong direction, I think consumers will see this and W8 will be Vista v2.
I also use mine for business and I have everything at my control and it looks a lot more class than most droid phones and dare I say the all conquering iPhone
in what category? phones, tablets? android is starting to beat them there. desktop operating systems? microsoft wins there. arm support? linux beats apple and MS there, combined - and that, to me, is what spawned this issue in the first place. linux's ARM support is immense and competitive. the second windows 8 for ARM doesn't do something that windows was able to do since XP, there are going to be pissed-off and confused customers. since many of these people would be forced to find an alternative to the program they are used to, they might as well switch to an OS that has been complete on ARM for a while.
I'm sure motherboard manufacturers could come up with a way round this, but would MS alter Win8 to recognise that hardware and black list it?
Apart from the fact that I kind of like the whole slightly retro-ish feel (:p) of WP7 I think that the pretty icons that iOS and Android sport are hardly more corporate-looking. The WP7 interface is highly functional on a small screen and won't tax more basic hardware --which is what you need on mobile devices. It scales up well to a tablet. Now they getting away from the primary colours a bit I think it will be functional, minimalistic, clean. And versatile. A bit like Apple used to be before it drove over the skeuomorphic cliff.
You mixed up what looks childish (iPhone) and what does not (Windows Phone 7).
I *am* rather interested to see what changes they make to Win8 once it goes to beta.. at present it seems to be a fabulous OS for tablets/phones, but I wouldn't plan on migrating my main desktop PC to it just yet...
The problem here is that manufacturers would need to include the extra keys on the MB or you wont be able to boot into your OS of choice and lets be honest most manufacturers wont bother including multiple keys.
The bigger problem however is that each distro would require a unique key and it would remove the option of custom kernels for tinkerers/developers and those specific needs/wants as they would never have access to the key.
Of course you could argue why not have a public key that all linux users could default to but that defeats the purpose of a using signed kernel in the first place!
I hope the EU gets its act together and goes after Microsoft for being abusing its position again as the dominant player in the OS market as this action can't really be justified in logical way.
Oh and for those of you who don't care please remember that competition drives innovation and improvement so even if you don't personally use or like linux/BSD/etc. you benefit from its existence.
In x64 Windows Vista/7, your drivers need to be signed, or they won't get loaded, and if your app depends on that driver, it won't run. Which is a issue for free apps, because the driver signing key costs a lot.
With Windows 8 and secure boot, it gets even worse. Not only your driver will have to be signed, but Windows 8 will have to pass your driver signature through the UEFI secure boot chain as a valid signature to even allow your driver to load. Depending on how it will work in the final products, it could easily disable alternate drivers. What i mean ?
1) UEFI contains the key for Microsoft - all Microsoft signed stuff will work.
2) UEFI contains the key for specific Windows 8 OEM version - only that OEM version will work, you won't be able to use retail copies either - this could easily happen on Windows 8 ARM tablets.
The next step is loading the drivers, and this is where you can again hit a issue :
1) UEFI contains the key for Microsoft/Windows 8, and then Windows passes through all signatures you allowed in the OS back to the UEFI secure boot, and this way you will achieve same level of driver usage as with current Windows 7, with a bit of additional security until someone figures out how to cheat their way inside the allowed signatures list.
2) UEFI contains the key for OS and for all allowed drivers - this could easily lead to issues like USB sound card not working, because it is not in the hardcoded key list.
In the end, secure boot doesn't bring too much security if you want it work without issues; and it makes too much problems if you want it to achieve real security.
Considering how the interface works at present, it already is Vista 2.
Seriously, that start menu does not work on a laptop or desktop.
the current version is nowhere near a finished version, it isn't even a beta version yet, it is a preview, many of the fucntions will change between the current preview and the beta, and thenbetween the beta and rtm
Please look beyond! do you think the companies will stop there? they will increase their blockings and force you to pay more and more once and again giving you less in return every time. Would you be happy if tomorrow we tell you that ballots are technically modified to only accept republican votes now on? that any other votes are unable to be processed... it is the same. This is freaking ridiculous and just makes me hate MS, not because of the Open source, but because this is plain evil. period.
As I said... "at present".
If it was released right now, it would be the next Vista.
after that you need to pay 900 eu a month to keep screwing with it