Microsoft Blocks Linux From Windows 8 Machines

    January 13, 2012
    Shaylin Clark
    Comments are off for this post.

As Microsoft prepares to launch Windows 8 sometime this year, the company has published a new set of Windows Hardware Certification Requirements. These requirements govern the hardware specifications for machines on which Windows can be installed. These sorts of requirements are nothing new – Microsoft has been publishing them for several years. This time, however, there is a hidden gem in the requirements that is causing a fair bit of concern.

In order for Windows 8 to be legally installed on a computer with an ARM processor, that machine must have custom boot mode disabled. Custom boot mode allows users to add new operating system signatures to the system’s database, enabling them to install, for example, Linux-based systems on their machines. With custom boot disabled, that capability is taken away. In other words, Microsoft is demanding that every ARM-based computer that ships with Windows 8 must be locked down in such a way that competing operating systems can never be installed.

Microsoft’s argument is that the goal of this new requirement is to give users the best and most secure experience possible. it is difficult to see, however, how preventing users from installing non-Windows operating systems could be construed as a security measure. At any rate, the significantly smaller market share of ARM processors means that these requirements will not impact very many users, at least at first. However, as ARM’s market share grows – especially with the introduction of so many ARM-based ultrabooks at this year’s CES – that problem could grow considerably larger.

[Source: Software Freedom Law Center]

  • busuttilj

    This looks to be a test to see how many will complain and an inroads campaign to other architectures. However with MS’s past issues with the Justice Dept. this looks to be a lawsuit waiting to happen.

    • q

      This have to be refereed to DoJ.
      It is clear abusive action to gain monopoly powers.

      • http://www.allthatgamingstuff.com Jason Ward

        No, actually, it isn’t. It’s about system-level security, and it was both brought up and debunked several months ago, a fact which the author of the post would have known if he’d bother to do a little research.

        MS requires that hardware vendors set a toggle in the UEFI interface to “Enabled” on systems with Windows 8 installed, to enable the OS Bootloader to be secured against modification by malware from within or without the OS.

        Want to install Linux or some other OS? Easy: Go into the UEFI interface, similar to how you would go into BIOS, and switch that toggle from “Enabled” to “Disabled.” Done deal, and easy.

        • Seamus

          @ Jason Ward – Read the wording of Microsoft’s ARM certification requirements. It explicitly states “Disabling Secure [Boot] MUST NOT be possible on ARM systems.”

          So basically, you are wrong on every count.

  • sesher

    more and more programmers are on Linux systems and the regular users are moving to tablets. Which means that Microsoft people can live in their perfect little world on their own (only to be accompanied by Viruses) lol

  • justicebeaver

    good, who needs that useless geek os anyway.

    • ITguy

      Switch every linux/ unix system off for 24 hours off and you probably lose a massive chunk of the internet. (Anyone else care to put a figure on it… I’m thinking 75-90%)

      Even if the server you use isn’t down, accessing it may need use of several intermediate systems…

      But you knew all that, didn’t you, and were just being ironic !!

  • asmoore82

    “Ultrabook” is an Intel trademark. There’s no such thing as an “ARM-based Ultrabook.” They are ARM-based subnotebooks or netbooks.

    I take this opportunity to nitpick at the author because that’s just how irrelevant windows 8 really is. With Tegra 3 devices hitting the market and the capable Tegra 2 pushing down into the value priced market, Android will eat Windows 8’s Lunch, ARM and otherwise, before it(8) even gets out of beta.

  • tapiwa

    its okay. Developers are underway now to combat ‘wise’ ballmer!

  • Michael Cerquoni

    so basically Microsoft is doing the same thing that Android Tablet makers and and Apple is doing, good luck installing Android on your iPad or Microsoft 8 on your android tablets!! but some how when microsoft does this its “EVIL”!! what-ev!

    • CRC

      I’m told that some people run Linux next to Apple’s OS but I don’t know exactly which version.

    • myself

      “Google experience” devices (nexus, xoom) have an unlockable bootloader. So, google is not doing it. In addition, many tablet makers such as asus are releasing optional bootloader unlock tools.

  • CRC

    Oh sure, that will fix all those nasty infections that MS is always getting from all those other OS’s out there! HAHAHAHAH!

  • ITguy

    Thanks for the info… Apple used to be classed as control freaks but this is Bad News for both users and innovation.

    Here in the UK there are some in industry and government who want the under-18s to have encouragement to learn proper IT skills (software engineering) and not just be given basic Word, Excel, Publisher “exposure”.

    Locking down a machine harms the more experimental uses and users, and Microsoft should be made to answer for this stupid restriction by a boycott.

    • http://www.allthatgamingstuff.com Jason Ward

      Nonsense. This is nothing more than a simple toggle from “Enabled” to “Disabled” in the UEFI interface. The only thing it stops is malware from modifying boot code that harms users. It’s a GOOD thing.

  • Charles Norrie

    In my opinion this has become a criminal matter. Microsoft is interferung with Inerstate trade both in the US and much more seriously here in Europe.

    I hope the board of the company are ready to go to jail for a long term.

    • http://www.allthatgamingstuff.com Jason Ward

      This is not criminal in any fashion, and no one is going to jail.

      This is a SETTING. It can be disabled with a single toggle in the UEFI firmware interface. It will be very similar to customizing settings in the BIOS.

      The author of this article is merely trying to get hits by stirring people up needlessly. This issue was announced and debunked in September of 2011. It’s not news, you’ve been scammed.

  • http://www.google.com Amol


  • http://www.startblue.net LJKelley

    This article’s insinuation is wrong. Yes it does technically block Linux but it does from a security standpoint. It blocks unsigned code from running, to stop malware from booting up with your system for example. This will only effect a small number of power users who can choose a Linux based os like Android or even Ubuntu Tablet or x86 based instead.

  • Darren

    This is really just Microsoft’s attempt at stopping piracy of it’s OS. Vista and Windows 7 have both been pirated using the OEM certificates and bootloader (to fake the bios). By blocking custom bootloader code, they prevent the most common method of pirating the operating system. Security is not MS’s #1 priority, money is. Savy users that dare to hack their actual bios can still inject the certs, but this comes with some risk and is not available on many bigbox manufacturers.

  • vijay kris

    apple has been doing it for years…and when Microsoft does it,it becomes a crime?

    • Bill

      It’s not the same thing. Apple manufactures the hardware on which the OS is installed. Microsoft is forcing OTHER manufactures to lock down their machines.

      • http://www.allthatgamingstuff.com Jason Ward

        No, they’re not. They’re saying a simple toggle in the UEFI interface has to be set to “enabled.” Anyone who knows how to get into the UEFI and how to install a different operating system can surely understand how to toggle a setting from “Enabled” to “Disabled.”

        If you can’t figure that out, maybe you should step away from the install media. Slowly.

    • Duncan

      Not a crime, just too restrictive. And it’s just as bad when Apple does it, which is why anyone who knows computers refuses to use a Mac.

  • JimMike

    Now is not the time for microsoft to try and show their muscle, to wit:

    “We’re sick and tired of all you people buying hardware running microsoft OSs, and then deleting our trash to run real OSs. We’ll show YOU!”

    You certainly have, microsoft. Many,MANY thanks.

  • really

    so microsoft mind has been cracked

  • Maina

    Hmm Good idear by microsoft windows7 has been soo good hope that windows 8 will be even better.

  • http://www.matsclock.com Mathews

    I think there is nothing wrong in this move by Microsoft. You have a great MS OS 8 with ultimate security features to protect your computer. But you install a use another OS which MS Windows 8 has no control over. Then you use that OS often till a virus or a spyware destroy your world inside your lovely Windows 8 Computer. Now you blame MS Windows 8 and go around putting it up on Facebook. I am sure MS or any OS manufacturer can stand it.

    • Bill

      This is idiotic. You have no clue how an OS runs do you?

      • http://www.allthatgamingstuff.com Jason Ward

        Actually, he probably doesn’t, hehe. However, he’s right that there’s nothing wrong with this move, as the ability to turn the feature on or off is ultimately left in the hands of the end user. It’s simply “on” by default. And frankly, it *should* be on by default, to protect non-tech savvy users.

  • http://www.ssrichardmontgomery.com ron

    I cant see what the argument here is, If it is locked DON’T buy it. Simple….

  • http://www.allthatgamingstuff.com Jason Ward

    I have to admit, I’m a little surprised not only at the ineptitude of the author of this article, but at many of the commenters in response. Let’s start at the top of why.

    First, this isn’t news. This issue came up in September of 2011. See here: http://news.cnet.com/8301-10805_3-20111545-75/microsoft-addresses-windows-8-secure-boot-issue/

    Second, the issue has already been addressed and isn’t remotely what the author of this article claims. If he’d done his RESEARCH, as a good blogger does, he would know that Microsoft’s requirement is that secure boot be enabled by default in order to protect the average user–which it will. Moreover, they’ve stated in clear terms that hardware vendors are 100% free to allow the end user to disable secure boot and install appropriate certificates for any OS they choose:

    “Microsoft supports OEMs having the flexibility to decide who manages security certificates and how to allow customers to import and manage those certificates, and manage secure boot. We believe it is important to support this flexibility to the OEMs and to allow our customers to decide how they want to manage their systems.”

    In the same article, they state that “Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows”


    This move is fully compliant with the design of UEFI standards defined in Chapter 27 of the UEFI 2.3.1 specification.

    This is a GOOD thing. It creates significant improvements to the safety and security of any computer system using Windows 8 (which, in spite of some people’s very silly assertions to the contrary, will number in the hundreds of millions inside of two years post-launch), which for the average user means that it will save them hassle, money and frustration.

    Moreover, it leaves open the option for more savvy users to install any OS they choose.

    In short, relax, people–this is not news, it’s a non-issue, and more pathetically, it was resolved MONTHS ago. Shame the article author didn’t bother to THINK before he simply REACTED. Of course, if all you’re looking to do is stir the pot and get page hits from inflamed commenters, I suppose the dishonesty of the strategy is, nevertheless, effective.

    • Matt R

      So, to be clear. Windows 8 users can install Linux alongside Windows 8 as another boot option?

      • langyaw

        yes. that’s what Jason said at the 3rd post (2nd reply) at the top of this discussion. it’s a simple matter of “Enable / Disable” at the UEFI/BIOS setting.

    • Seamus

      Jason – I’ve seen you go through everyone’s comments individually rebutting the same points. My initial comment was a bit of a knee-jerk reaction, so my apologies, but I’d genuinely like your thoughts on some of the wording from the original article, and how it relates to your supposed evidence that Microsoft will not demand the UEFI is locked down on ARM systems.

      All the articles you linked to are relevant to how Microsoft is implementing certification policies on PCs. I think it’s important to emphasize that, as almost all the ARM-based devices Microsoft will be targeting will not be PCs in the traditional sense, but rather tablets, laptops and phones.

      Also, in spite of all the articles you link to, the actual Windows Hardware Certification Requirements document makes pretty clear distinctions between its policies for Intel (PC) and ARM-based (portable) devices. As I previously quoted, it is explicitly stated that “Disabling Secure [Boot] MUST NOT be possible on ARM systems.”, which pretty-much precludes any of you or Microsoft’s previous assertions that the user could choose to install another operating system. If you have even the most rudimentary knowledge of how UEFI works, you will know that Secure Boot must be disabled for the user to be able to execute unsigned boot code.