Windows 8 OEM Won’t Allow Other OS’s to Boot

By on October 22, 2011 6:03:52 AM from JoeUser Forums JoeUser Forums

DrJBHL

Join Date 04/2002
+2123

Claiming security as the reason, MS’s new OS W8 won’t allow “Dual Boot”. OK, no tragedy, right?

OEM systems shipping with Windows 8 will have secure boot enabled by default to only load verified operating system loaders during boot time. This prevents malware from switching the boot loader, but also other operating systems that are not signed from being loaded. According to the gHacks article I read (among others), this is only a issue for UEFI systems, if you plan to upgrade an existing system with BIOS you won’t be affected by it.

This is the foot in the door. How long will older Bios systems be around, especially when unknowing consumers get the spiel about how much more secure the UEFI systems are?

UEFI is touted as a more secure replacement for the older BIOS firmware interface, present in all IBM PC-compatible personal computers, which is vulnerable to bootkit malware.

While Windows 8 certification requires that hardware ship with UEFI boot enabled, it does not require users to be able to disable the feature (which can be done) and that it does not require that the PCs ship with any keys other than that of Windows. The main problem that the Free Software Foundation (FSF) sees is that Microsoft defines consumers as the hardware manufacturers and not the little guy at the store who actually buys the computer. MS sells OS’s, not computers.  MS is giving the manufacturers the power to decide how to implement the feature. That’s where the problems will come in:

  • Windows 8 certification requires that hardware ship with UEFI secure boot enabled.
  • Windows 8 certification does not require that the user be able to disable UEFI secure boot, and we've already been informed by hardware vendors that some hardware will not have this option.
  • Windows 8 certification does not require that the system ship with any keys other than Microsoft's.
  • A system that ships with UEFI secure boot enabled and only includes Microsoft's signing keys will only securely boot Microsoft operating systems. – M. Garrett, Red Hat

 

This will mean that you are no longer in control of your PC and might well not be able to switch graphics cards, nor hard drives, printers, sound or network cards:  All hardware that would otherwise be compatible with the PC won’t function because of missing signing keys in the OS.

That will be the purveyance of the computer manufacturer and any deal it may have made with MS (and anyone else). Proprietary hardware might see a heyday never before imagined. The opposite for software like OS’s, and perhaps browsers. No one should have the power to determine that for you:

“The UEFI secure boot protocol is part of recent UEFI specification releases. It permits one or more signing keys to be installed into a system firmware. Once enabled, secure boot prevents executables or drivers from being loaded unless they're signed by one of these keys. Another set of keys (Pkek) permits communication between an OS and the firmware. An OS with a Pkek matching that installed in the firmware may add additional keys to the whitelist. Alternatively, it may add keys to a blacklist. Binaries signed with a blacklisted key will not load.

There is no centralised signing authority for these UEFI keys. If a vendor key is installed on a machine, the only way to get code signed with that key is to get the vendor to perform the signing. A machine may have several keys installed, but if you are unable to get any of them to sign your binary then it won't be installable.” – M. Garrett, Red Hat

The biggest problem that will create (besides from a lack of competition) is that the consumer would have to do hours of research as to what hardware and software he or she could use with his or her system, which keys his/her machine has enabled for what. That’s ridiculous. How many people understand Pkek keys and couldn’t change them even if they did. It’s also way too limiting. Arguably, this is in restraint of free trade.

The Free Software Foundation wants people to urge computer manufacturers to enable the keys to allow software such as those for other OS’s and other software to be enabled. I agree, and anticipate you do as well.

What about Stardock’s software? Will you be able to install it? Will it be allowed to work on boot?

“Those who would sacrifice freedom for security soon have neither”, said Ben Franklin so long ago. How right he was. In so many ways.

By the way: Does anyone seriously think the hackers won’t find holes in the UEFI? I promise you they will. Then what will we have?

No security and no freedom.

I recommend you follow Martin Brinkmann's gHack.net website. It is a source of excellent reviews and commentaries.

Source:

http://www.ghacks.net/2011/09/23/windows-8-boot-security-and-third-party-operating-systems/

http://mjg59.dreamwidth.org/5552.html

http://mjg59.dreamwidth.org/5850.html

122 Replies
Search this post
Subscription Options


Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 6:16:00 AM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

Like I've been saying for years--the goal is for you to lease your computer, operating system and software so that you can only use it when your "provider" determines you should--complete control of "what you want"...for you...and all at a charge for every step and piece.

You no longer have to think...Big Brother will think for you and free you citizen!

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 7:01:57 AM from GalCiv II Forums GalCiv II Forums

Just one more reason to stay with Win7. Not that the Win 8 UI wasn't going to be reason enough....

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 7:18:10 AM from Elemental Forums Elemental Forums

Well, I think that means a lot of people will not upgrade to Windows 8.  I was already unlikely to upgrade Windows 7 anytime soon, this makes it certain that I won't be upgrading my Windows OS for a long time.  And I bet MS likes the fact that you wouldn't be able to install any Linux OSs on a Windows 8 OEM system either.

Best regards,
Steven.

Reason for Karma (Optional)
Successfully updated karma reason!
Sign Up or Login and this ad disappears!
There are many great features available to you once you register. Sign Up for a free account and browse the forums without ads.
October 22, 2011 7:56:04 AM from WinCustomize Forums WinCustomize Forums

Well, unless Windows 8 will multi boot on my current PC which is 2 years old, I won't be buying or designing for Windows 8 until XP, Vista and Windows 7 become non-existent. What a bunch of BS! Forcing people to buy certain hardware or they can't use your product?? Isn't that illegal?

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 7:59:06 AM from WinCustomize Forums WinCustomize Forums

So...Linux is bitching about what is essentially MS following in Apple's footsteps.....

....locking people's computers to specific hardware?

WOW....who'd a thunk it?....

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 8:18:16 AM from WinCustomize Forums WinCustomize Forums

well that sucks, there is no way in hell im going to buy a seperate pc just so i can skin w8 (even though i like it very much, by what ive seen so far)

talk about greed gone mad.........

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 8:34:20 AM from Elemental Forums Elemental Forums

The biggest problem that will create (besides from a lack of competition) is that the consumer would have to do hours of research as to what hardware and software he or she could use with his or her system, which keys his/her machine has enabled for what. That’s ridiculous.

Generally speaking, the types of people who just buy a machine off the shelf without doing any research are not the types of people who will ever want or need to dual boot.

 

What about Stardock’s software? Will you be able to install it? Will it be allowed to work on boot?

Given that all Stardock software runs above the OS, what you can or can't boot isn't really relevant. It never touches that level. Executable signing is a bit more of a concern, but it would be marketing suicide to set it on a general purpose consumer PC. Though I can see Apple or tablet manufacturers using it.

 

Regardless, Windows 8 certification will boil down to whether MS lets them put a sticker on the machine saying it is so. If you want to just buy the OS and throw it on whatever machine that doesn't have signing support, there's nothing stopping you.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 9:07:12 AM from Sins of a Solar Empire Forums Sins of a Solar Empire Forums

So, we are blaming Microsoft because we think Hardware manufacturers are incompetent and won't do something to make their customers happy?

We are blaming Microsoft of trying to be more secure, and if you install their OS on hardware, require the hardware to be secure. Letting hardware people have the option to TURN IT OFF COMPLETELY, but it's Microsoft's fault that Hardware Manufacturers won't let you.

So instead of just not supporting the manufacturers that won't let you do what you want with the hardware, you blame the software company trying to be more secure.

Are we at least not the people who complain about Windows being full of security holes?

And once you turn it off, Windows 8 still boots. And any current machines without UEFI or secure boot enabled won't magically turn it on. So if you want to dual boot with Windows 8 on a machine you are already using, you will have no problems at all.

Even better? You can still buy a machine with Windows 8 on it without this enabled at all.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 9:21:11 AM from Elemental Forums Elemental Forums

Well, I don't think Windows 7 has nearly as many security holes as previous versions of Windows.  How big an issue is this boot-jacking?

Best regards,
Steven.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 9:40:48 AM from WinCustomize Forums WinCustomize Forums

Book Marking

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 11:29:05 AM from WinCustomize Forums WinCustomize Forums

To be honest, I haven't checked 8 out enough to have an opinion about it but wouldn't putting requirements like this in place do allot to ensure it ends up being viewed as a Millinium or Vista OS?

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 11:43:14 AM from WinCustomize Forums WinCustomize Forums

Ain't technology fun, now the folks that provide you the means to use the technology are going to tell us how we can use it.  Won't be long before we are told when we can use it.  Pretty much lets us know who runs our lives. 

 

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 11:47:57 AM from WinCustomize Forums WinCustomize Forums

Microsoft has lost the plot.... and at least one customer, in me.  I won't be purchasing Win 8 unless MS does some major backflips in several key areas.

And I won't be in the boat alone.... did I hear somebody say Windows Millenium II?

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 12:02:23 PM from WinCustomize Forums WinCustomize Forums

Quoting starkers,
And I won't be in the boat alone.... did I hear somebody say Windows Millenium II?

can we get MS on that boat  you know their already wanting to walk the plank .. this way we can hear a plash

 

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 12:19:56 PM from WinCustomize Forums WinCustomize Forums

I got Win 7. Until whoever does the right thing in all this Win 8 will go the way of IE...in the shit can. I for one want to have 'my' machine the way 'I' want it. To hell with what those idiots want.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 12:22:34 PM from WinCustomize Forums WinCustomize Forums

Hi, Uvah... very good to see you!

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 12:28:16 PM from Elemental Forums Elemental Forums

Quoting CarGuy1,
To be honest, I haven't checked 8 out enough to have an opinion about it but wouldn't putting requirements like this in place do allot to ensure it ends up being viewed as a Millinium or Vista OS?

 

How many folks will know or care about this in the general public?

 

 

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 12:52:30 PM from WinCustomize Forums WinCustomize Forums

Quoting Jafo,
So...Linux is bitching about what is essentially MS following in Apple's footsteps.....

....locking people's computers to specific hardware?

WOW....who'd a thunk it?....
Dell's been doing it for a while now, if I'm not mistaken.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 1:01:39 PM from JoeUser Forums JoeUser Forums

So this is the future of UPnP?

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 1:10:56 PM from WinCustomize Forums WinCustomize Forums

For research purposes, I have 7 and 8 dual booted. And I must say, dual booting is made very easy with Windows 8. I didn't even have to edit the MBR or anything to make Windows 7 the default. The ability is built right into Windows 8. Very easy!

 

Of course, this is with the old BIOS system.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 1:12:39 PM from WinCustomize Forums WinCustomize Forums

Quoting Daiwa,
So this is the future of UPnP?

U may not be so U.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 1:38:04 PM from WinCustomize Forums WinCustomize Forums

Uvah, check your PMs.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 2:11:49 PM from WinCustomize Forums WinCustomize Forums

How is it going to stop me booting to a different SATA?

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 2:26:40 PM from WinCustomize Forums WinCustomize Forums

John, if you boot from a non W8 system on which you install W8 (BIOS system), there probably won't be problems.

However, If you have a W8 OEM machine (in the future), your W8 OS may recognize the SATA (if the manufacturer puts it on the "white list" but won't let you boot from there if it has a different OS on it. That's because the UEFI W8's OS keys for that possibility will not be enabled because MS won't let W8 have that possibility. The UEFI by definition will boot only W8.

Reason for Karma (Optional)
Successfully updated karma reason!
October 22, 2011 2:51:19 PM from WinCustomize Forums WinCustomize Forums

Quoting starkers,
And I won't be in the boat alone.... did I hear somebody say Windows Millenium II?

Wasn't Windows Vista nicknamed Windows Millennium 2?

Reason for Karma (Optional)
Successfully updated karma reason!
Stardock Forums v1.0.0.0    #108433  walnut3   Server Load Time: 00:00:00.0001062   Page Render Time:

Home | About | Privacy | Upload Guidelines | Terms of Service | Help
WinCustomize © 2014 Stardock Corporation. All Rights Reserved.