Windows has taken the brunt of attacks from hackers over the decades. No one will argue against that statement. Very few, however, in the Open world give Microsoft credit from not locking down the hardware Mac-style. This liberal mindset has allowed alternatives to flourish, particularly in the Linux world. The bell may be cracked however, in this ringing of liberty and it may all soon come to an end.
Microsoft has developed a newer tradition of requiring hardware manufacturers to meet certain requirements in order to be able to advertise themselves as “Designed for Windows”. Typically these requirements have not interfered with the user customizing their own system. After all, “The PC” is short for what used to be called the “IBM Compatible PC” and designated a modular, interchangeable and basically open system, customizable by the owner. Microsoft began changing this when made their licenses a lease of the operating system, essentially retaining full ownership of your copy of their software. This was the first step toward the closed universe, and many technicians were prophesying such.
While the new “Designed for Windows 8” requirements for hardware manufacturers is mostly inert, such as the 10G free space requirements, there is a clause that reminds us of what politicians do to slip in an unpopular constraint. The clause includes a set of requirements for firmware.
To qualify for Microsoft’s certification, a system must employ Unified Extensible Firmware Interface, or UEFI, with its Secure Boot enabled. UEFI has clear advantages, such as faster boot time, processor independence, and modularity. It acts in many ways, like the old BIOS system, initializing the mainboard, probing for connected hardware, and relinquishing control to the operating system.
One obvious need for UEFI is that BIOS is incapable of booting from 2 TB and larger hard drives. While it was first created by HP for x86 and Itanium computers, in 2005 it was expanded to operate on x86-64 systems. The latest development has seen it also built for ARM systems. If your system has a Sandy Bridge processor, then it utilizes UEFI.
The most important aspect of UEFI, the one setting the Linux world’s anger ablaze, is the use of certificates. While the principle is innocuous, its employment in ARM for Windows 8 certified systems locks out alternative operating systems. It uses nothing more devious than standard public key infrastructure technology. At least one certificate is stored in the firmware. Every piece of software during the boot process must present a signature that is found in one of the certificates. Without a valid signature the computer will not boot.
Microsoft has compromised on the x86 systems, allowing them to put into custom mode, so alternative operating systems can boot. However, on ARM systems, there is no custom mode. They are required to be locked with only one certificate present, that from Microsoft. Now you can see what has the penguins at Linux companies and forums waddling about, mumbling angry words to each other. However, Microsoft is fighting a real battle with hackers and must take appropriate measures to secure their systems, even at the expensive of freedom of competition. It may come to the courts to decide if they are flexing their monopolistic muscles again.