Microsoft has moved to defuse rumours that upcoming Windows 8-compatible PCs could use the secure boot feature to lock out alternative operating systems including Linux.
The concerns center around the new UEFI firmware which is a replacement for the aging low level BIOS. Among the new features is the ability to lock down computers using the new UEFI system so that operating systems need to be digitally signed via ‘secure boot’.
Cambridge University security engineering professor Ross Anderson raised the red flag on the Lightbluetouchpaper security research blog, saying that Microsoft pushing for mandatory UEFI support meant "unauthorised operating systems like Linux and FreeBSD just won’t run at all."
"The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate. It is clearly unlawful and must not succeed," said Prof Anderson.
Microsoft’s Windows chief Steven Sinofsky said that the UEFI secure boot comments "seemed to synthesize scenarios that are not the case" and moved to explain what UEFI offers with Windows 8.
"Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components," explained Microsoft ‘ecosystem’ man Tony Mangefeste.
"Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows," he added.
Microsoft posted a lengthy description of UEFI and Windows 8 support for the next-generation security feature.
"For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision," Mangefeste concluded.
Microsoft is essentially saying that the ability to disable UEFI secure boot is down to the manufacturer of the hardware. Without such a disable feature then other operating systems cannot be started.
Professor Anderson’s claimed that Microsoft and unspecified ‘others’ were "pushing for this (UEFI secure boot) to be mandatory" and that it would be required for "OS badging". Microsoft denied such a move.