Will Bios vendors block opensource operating systems from using “Secure Boot”?

Saw this on a thread over on Slashdot Friday and just now saw it on Information Week. Apparently one of the features that helps protect end users from RootKits and Malware would also potentially stop users from migrating to open source operating systems such as Ubuntu and Jolicloud. I read a few times that Microsoft is responsible for this, and i disagree, ultimately this is up to the OEM’s such as HP, Lenovo etc. and im not sure why this is such a big deal, you could always turn off that feature in the BIOS and install whatever you like.

 

anyways here is an excerpt from IW

A brand-new security feature to be included in Windows 8, designed to block some types of malware, is drawing fire from advocates of non-Microsoft operating system. In particular, they accuse Microsoft of launching a stealth attack against people who choose to install open source operating systems on their Windows-branded PCs.

and here is a overview of secureboot from microsoft:

http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx

Quick summary

  • UEFI allows firmware to implement a security policy
  • Secure boot is a UEFI protocol not a Windows 8 feature
  • UEFI secure boot is part of Windows 8 secured boot architecture
  • Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
  • Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
  • OEMs have the ability to customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform
  • Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows

The big picture – no compromises on security

The UEFI secure boot protocol is the foundation of an architecturally neutral approach to platform and firmware security. Based on the Public Key Infrastructure (PKI) process to validate firmware images before they are allowed to execute, secure boot helps reduce the risk of boot loader attacks. Microsoft relies on this protocol in Windows 8 to improve platform security for our customers.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Here is a screenshot of what option you would use to turn off this feature to allow non approved OS installations: