n January 2012, Microsoft confirmedto PC manufacturers that they must enable Secure Boot by default on PCs to be “Certified for Windows 8”.
The purpose of Secure Boot is to put an end to computer viruses that sneak between the hardware and the operating system. These viruses, also known as bootkits, work by getting themselves loaded before the operating system, then they make changes to the operating system while it lies defenseless on disk, and then they load the now defenseless operating system and have their way with it.
Secure Boot counters the bootkit by ensuring the hardware verifies the identity and authenticity of the software that sits between the hardware and the operating system – the bootloader, and also the software embedded in hardware devices like network and graphics adapters.
Secure Boot sounds like a smart solution to the bootkit problem doesn’t it? Who wouldn’t want a secure boot?
Proponents of alternative operating system don’t want Secure Boot; not in its current form anyway. Since Microsoft’s pronouncement, anger has been widespread within Linux
communities that Secure Boot on PCs Certified for Windows 8 will lock out alternative operating systems, e.g. all Linux distributions.
The problem boils down to the way Microsoft and PC manufacturers will implement Secure Boot, and how difficult it will be for many, if not all, alternative
operating systems to follow suit. Microsoft’s stance
has been “not our problem”, and in the everyone for themselves
sense, they’re right.
Will Secure Boot’s implementation also mean that bootable removable media (rescue disks, Live CDs, Live USBs, Live OSs) will also no longer boot?
Live CDs and Live USBs provide an “out-of-band” security and management capability that is as relevant to Secure Boot systems as their predecessors.
The practice of cleaning an infected device from an independent, external, known clean device is recommended by government cyber security departments (United States Computer Emergency Readiness Team
, Canada’s Cyber Incident Response Centre
, Australian Government’s cybersecurity website
) and computer security leaders (Krebs
) around the world.
A Live OS running several anti-virus scanners is effective at detecting and removing rootkits and bootkits, as well as other types of malware that are not going to be slowed down by Secure Boot. Indeed, with a Live OS, it’s the bootkit that lies defenseless on disk while the Live OS has its way with it.
Based on what’s knowable of the Secure Boot implementation on PCs to be Certified for Windows 8 (these don’t exist yet for confirming anyone’s understanding), external devices containing a Live OS are not going to boot via UEFI’s Secure Boot process. There won’t be a certificate for the Live OS’s bootloader in the Secure Boot table of bootloader certificates.
Is Secure Boot in exchange for no more Live OS a smart security tradeoff?
Enter the Windows 8 Windows Recovery Environment (RE). In a recent “Building Windows 8″ blog post
, Microsoft program manager Chris Clark details the new capabilities in Windows 8 RE. One of the new capabilities enables the end-user, with the click of the mouse, to tell the Windows bootloader to boot an external device.
This feature of Windows RE will make booting a Live OS on an external device easier than it’s ever been for end-users. End-users will no longer have to hit a manufacturer specific function key in less than ~2 seconds on startup in order to access and then modify their BIOS\UEFI settings.
This is a great development for Live OS on external bootable media, and great news for Linux distributions looking to lower the barrier to entry and capture new users, e.g. Ubuntu’s Live OS will now be bootable without requiring the user to fiddle with their computer’s BIOS\UEFI, which is at least as difficult as fiddling with the Secure Boot on/off setting will be.
The question remaining is – will this new and easy way to boot an external device mean more users than ever will try an alternative operating system on PCs that are otherwise locked to Windows 8?