Microsoft officials are seeking to assuage concerns that its implementation of UEFI in Windows 8 will prevent users from loading non-Microsoft operating systems or applications on their machines. Despite concerns raised by security researchers and open-source advocates about vendor lock-in and other issues arising from the use of a secure boot sequence in the upcoming OS, Microsoft says “the customer is in control of their PC.”
In the days since Microsoft began talking about the details of Windows 8 and the security measures that it has added to the new version of the OS, security researchers and others have raised questions about the consequences of the implementation of the secure boot sequence that includes UEFI instead of a traditional BIOS underneath the firmware. The boot sequence for Windows 8, which is due in 2012, will be markedly different from that of its predecessors. The most notable difference is that the firmware will only load code that is signed and authenticated by a key that’s embedded in the PC hardware. Any module that isn’t signed won’t be loaded.
The goal of this is to prevent malware such as rootkits and bootkits from staying resident on machines and reloading each time the machine is restarted. Such malware variants have become more popular in recent years as attackers have looked for new methods of keeping their attack tools on infected machines for a long period of time. That kind of malware can be difficult to detect and remove, and so Microsoft is hoping that the secure boot sequence using UEFI will help prevent it and other malicious software from making its way onto the PC in the first place.
“In most PCs today, the pre-operating system environment is vulnerable to attacks by redirecting the boot loader handoff to possible malicious loaders. These loaders would remain undetected to operating system security measures and antimalware software,” Microsoft’s Tony Mangefeste wrote in a post explaining the architectural change.
However, critics have raised concerns that the system also gives Microsoft the ability to prevent users from running third-party operating systems such as Linux on their PCs. Ross Anderson, a security researcher at the University of Cambridge, said in a blog post yesterday that the move by Microsoft could have serious consequences.
“The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate. It is clearly unlawful and must not succeed,” Anderson wrote.
Mangefeste said that the secure boot sequence is designed to prevent malware from loading and not to stop users from loading other software they want to run, including alternate operating systems.
“At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks. For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision,” Mangefeste wrote.
“A demonstration of this control is found in the Samsung tablet with Windows 8 Developer Preview that was offered to //BUILD/ participants. In the screenshot below you will notice that we designed the firmware to allow the customer to disable secure boot. However, doing so comes at your own risk.”