Windows 10's Secure Boot requirement could make installing Linux a big headache

PC vendors may not have to include a Secure Boot toggle with Windows 10, raising a bigger barrier for alternative operating systems.

PC vendors may not have to include a Secure Boot toggle with Windows 10, making it harder for users to install alternative operating systems.

In Windows 8, Microsoft embraced a protocol known as Unified Extensible Firmware Interface (or UEFI) Secure Boot. UEFI is a more modern replacement for the traditional BIOS that earlier PCs used to start up, and Secure Boot is intended to lock out low-level malware that might try to infect the boot process. PC vendors that wanted "Designed for Windows" certification had to include UEFI Secure Boot on their machines.

The arrival of UEFI caused some anxiety in the Linux community a few years ago, as it could have shut out alternative operating systems that didn't work with the new technology. But in the end, Microsoft provided a workaround: PC vendors had to provide a way to turn off UEFI secure boot (at least for x86-based machines), essentially letting users manually unlock the door and install whatever they wanted.

According to Ars Technica, citing a slide from a Microsoft WinHEC presentation last week, Microsoft may no longer require PC makers to provide a toggle for UEFI Secure Boot in Windows 10. In other words, PC vendors can decide to raise bigger barriers for alternative operating systems in the name of security. (As with before, Windows 10 smartphones cannot have secure boot disabled.)

Ars notes that Microsoft hasn't finalized the exact specs yet, so it's possible that things could change. Additionally, this requirement would only affect new PCs--not older models upgrading to Windows 10. But given that the current Windows secure boot mechanism isn't attack-proof, it's not surprising that Microsoft would look to lock things down further.

Why this matters: This move doesn't completely shut out Linux distributions on Windows-based machines. Larger distributions such as Ubuntu already include their own tools to work with UEFI, and the Linux Foundation has been working with Microsoft on a secure boot loader that works with independent distributions. But dropping the option to turn off UEFI would create more work for creators of alternative distros, and takes a little more control out of the hands of users.

Join the CSO newsletter!

Error: Please check your email address.

Tags LinuxMicrosoftsecurityWindowsfedorasoftwareWindows 10operating systems

More about FedoraLinuxMicrosoftUbuntu

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jared Newman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts