Windows 8 Secure Boot Stops Low Level Attacks But Might Block Linux Installs

Microsoft’s requirements for the Windows 8 Logo program will require hardware makes to have the option for secure boot via the Unified Extensible Firmware Interface (UEFI) instead of the familiar BIOS interface.

UEFI Windows 8 Secure Boot

This is one of the many security measures that have been implemented within Windows 8 in order to stop low-level attack vectors. However, one side effect of this is that it will block other operating systems to be installed if they are not signed digitally so that they too can boot on secure mode.

UEFI Secured Boot Will Require Windows 8 Install To Be Signed By Certified Authority In Order to Boot

This new booting option is a hardened boot environment that will protect the system from attack vectors that inject malware in to the system at boot levels. However, this also means that any OS that tries to boot on the machine will have to have been digitally signed by a Certified Authority (CA) in order to be successful.

This can be done in two ways — either Microsoft signs each pre-installed copy of Windows 8 that manufacturers use and give the public part of the key or manufacturers themselves can sign it. However, if manufacturers themselves sign it, then boxed copies of Windows will become impossible to install on the system. Also, updates will become impossible to install unless the manufacturer signs them too. So the more feasible option seems to be Microsoft being the sole signing authority.

Why Linux Distributions will Face Problems

The problem with most Linux Distros is that almost none of them are signed. And with their GPL licensing, signing becomes difficult to implement. Once it is signed, it will also become hard to implement the signature with all OEM’s.

Also, with the current design of the Linux core, the kernel it self will also require signing. And this will stop developers from easily being able to compile their own Kernel. Essentially, the open nature of Linux and its eco-system makes it difficult to bring this amount of guarding to the platform. However, Linux bigwigs like Red Hat and others are not perturbed. They have ensured that a solution will be found.

Published: Thursday, September 22nd, 2011 Last Modified: September 22, 2011

Related Posts

Rate This Article