It seems reasonable to say that a considerable part of the users has Linux PCs in the world today, installed the system free and open source running on hardware that is originally loaded with Windows. After all, if there are pre-installed systems available, it often ends up being cheaper to buy a Windows PC and load Linux itself.
Whenever shipping starts of Windows8 PCs can no longer be possible to sustain. It turns out that the new feature is included in the name of operating system security, effectively cannot download Linux for Windows 8-officially certified hardware.
"Probably not worth panicking yet," wrote Red Hat developer Matthew Garrett in a blog on the subject on Tuesday. "But it's worth to be worried."
"It is not installable"
The problem stems from Microsoft's decision to use a hardware-based secure protocol start-up, the Unified Extensible Firmware Interface (UEFI) in Windows 8 in place of the traditional BIOS, we all know. Microsoft principal program manager lead Arie van der Hoeven explained and demonstrated in the interview on UEFI BUILD society conference earlier this month, and that the description is still available in the video below.
In essence, the technology is designed to protect against rootkits and other low-level attacks, prevention of the executables and drivers to be charged unless they are given a cryptographic signature with a signature key dedicated UEFI.
"There is no centralized authority to sign for these key UEFI," said Garrett. "If a key supplier is installed on a machine, the only way to get the code signed with this key is to get the seller to make the signature. A machine can have multiple keys installed, but if you are unable one of them to sign the binary, so it will not install. "
Microsoft said that Windows 8 will need logo on the ship's engines use a secure boot. Windows systems are likely to be signed with a key from Microsoft, Garrett expected.
Other operating systems like Linux, does not contain these signatures in their present state, of course. So, if you deliberately made to provide them ", which is delivered only to OEMs and Microsoft are the keys to launch a generic copy of Linux," says Garrett.
"The core must also be signed"
The options include versions of the Linux operating system, the undersigned, but there are several problems with this approach, Garrett said.
First, a boot loader need non-GPL. Grub 2 Grub and distributed under GPLv2 and GPLv3 license, respectively, he said.
Second, "the design in the near future kernel means the kernel itself is part of the boot loader," said Garrett. "This means that the nuclei must also be signed. Make it impossible for users or developers to build their own kernel’s is not practical. "
Finally, while Linux distributions characters for themselves, the keys need to be covered by all the manufacturers, he said.
It may prove to be the case that Microsoft will allow vendors to provide support firmware to disable this feature and run unsigned code, Garrett recognized. However, it is unlikely that all equipment will be delivered with this option, he said, causes problems in at least some users of Linux on the road.
It is unclear how this will play out, of course. For my part, although it looks like another good reason to choose the hardware with Linux preinstalled.