The concern over whether or not the Windows 8 requirement for ‘Secure Boot’ will prevent users from installing other operating systems has been addressed by Microsoft‘s Steven Sinofsky in a blog post on the Microsoft Developers Network site.

Pre-built Windows 8 computers that want a “Windows Certified” sticker have to offer support for “Secure Boot” and enable it by default, but it remains up to the OEMs as to whether they provide an ‘off’ switch to allow users of other operating systems – including Microsoft’s own – the ability to install/boot into them.

But what Microsoft are not doing is asking OEMs to prevent Secure Boot being disabled by the user: –

“…such decisions are left to the OEM. There may be good reasons why certain enterprises may not want PCs that can be configured in such a way, and there may be good reasons why an OEM or white box retailer may choose to allow that flexiblity (sic) for their customers. It’s all about choice and flexibility.”

Don’t mention the ‘L’ word

The relevant part of Microsoft’s article, at least from the point-of-view of a ‘concerned Linux user’, is found towards the end of the post, although they explicitly avoid referring to Linux: –

“At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves. We work with our OEM ecosystem to provide customers with this flexibility. The security that UEFI has to offer with secure boot means that most customers will have their systems protected against boot loader attacks.

For the enthusiast who wants to run older operating systems, the option is there to allow you to make that decision.

A demonstration of this control is found in the Samsung tablet with Windows 8 Developer Preview that was offered to //BUILD/ participants. In the screenshot below you will notice that we designed the firmware to allow the customer to disable secure boot.

However, doing so comes at your own risk. OEMs are free to choose how to enable this support and can further customize the parameters as described above in an effort to deliver unique value propositions to their customers.

Windows merely did work to provide great OS support for a scenario we believe many will find valuable across consumers and enterprise customers.”

Image of a console with options for TPM Configuration: Enable virtualization [enabled], CSM Support [Disabled], Attempt Secure Boot [Enabled], Display Rev. Info - Intel UEFI...

No need to panic

The probability is that most OEMs – at least those with a vested interest in making money – will provide an option to disable Secure Boot, thus allowing you to boot into Ubuntu, Fedora, Android, Windows 98, etc.

But will this added layer, of what we Brits call ‘faff‘, put potential new users off?

You want me to disable a _security feature_ so I can boot into this Linux thing?

Image credit: Steven Sinofsky

Microsoft secureboot windows