Microsoft’s Win8 Secure Boot

Since most of my readers are Windows people this is an issue worth bring up. It seems Microsoft wants to build in a feature named Secure Boot. It will be an integral part of the coming Windows 8. It sounds like a good reason to upgrade to Windows 7 and hold off Win8 as long as possible.

Booting

Everything seems to have a boot process. Booting takes time and is prone to root kit attacks. Microsoft is looking at redoing the boot process. With this rethink they are including phones, tablets, pads, laptops, and desktops.

What will all the rethinking look like to the end user? They have a cool video, about a minute long.

The Challenges

Think about how the process might work on phones, pads, and tablets. All seems pretty straight forward, until you think about when a device has problems. If you’re on a smart phone you do not want to see Press F1 when there is some problem. So, using a similar process across a wide range of devices can get complex.

For Microsoft there is the need to simplify their operating system and reuse code rather than write separate code for each device. As we use Desktops, laptops, tablets, pads, and phones running the same OS we should be able to connect to the same network and communicate. The challenge is in setting up wired and wireless and private networks. Those chores are usually in the first start of a device. In many ways they are one time boot tasks.

Then what happens when we hit the BSOD (Blue Screen of Death)?

The current process has been stuck in time for 30 years. So, it is probably time for an update.

If you read the Microsoft side, it all sounds glorious and much better.

The Gotchas

To work for multiple devices Win8 is designed to work with touch screens and small devices. For desktop users this can present problems and people in large numbers are complaining. Win7 may be the choice for desktop users for some time to come.

Additionally the Linux community is going nuts because of the feature named Secure Boot. You may ask why? It is complex.

Security is a problem and it becomes more of a problem as portable devices are added to the mix. To handle security Microsoft is pushing the idea of UEFI (Unified Extensible Firmware Interface). UEFI is software on a chip that will mostly replace the typical boot process built into the motherboard of computers now (BIOS). UEFI includes security to prevent a device booting an unauthorized operating system.

I can place a CD/DVD in a computer and boot a Windows system to Linux. I can then use the Linux to hack the password or pull data from the system’s hard drive. With UEFI installed I cannot do that. Sound good? This is where the problem starts and things become unclear because we do not have the final implementation.

It seems UEFI has to be able to recognize the system it is installed in and know which operating system is supposed to be there, like Windows. The problems start when you change a video card, hard drive, or network card.

There is an operating system signature that Win8 creates. If a video card, network card, or other part of the devices changes the signature has to be redone. So UEFI will force you into the authorized OS and if Win8 does not recognize your system… you are locked out.

Remember those Vista messages, “You are not authorized to…”? Even if you were the system administrator you were screwed. This is worse.

Plus once the computer is made and the UEFI installed, there is no provision for adding another operating system. UEFI will only recognize what the manufacture has told it to recognize. Think they will charge extra to tell your computer about other OS’s you may want to use? This really gets the Linux people going.

For a more technical explanation of the problem see: Microsoft’s Non-Response to the Secure Boot Problem.

Summing It Up

At this stage in the development it is hard to know how this will be implemented. Also, the problem does not affect everyone. But, once there are problems with the system or it is resold the problems are a serious PITA.

It is up to the computer maker and the retailer that install the operating system to set the system to allow you control of the computer. Otherwise, you simply will not be in control of your computer, change video card brands and other typical user activities.

Sounds dumb to me. But, Microsoft has done dumb things before.

Leave a Reply

Your email address will not be published. Required fields are marked *