Microsoft are pushing for changes to the Unified Extensible Firmware Interface (UEFI) firmware specifications that would prevent any operating system apart from Windows 8 being able to boot on a computer.

The proposal would see all computers sold by manufacturers wishing to gain a ‘Windows Certified’ badge for their devices needing to adhere to the ‘secure boot’ protocol – thus locking out the ability to install Linux in the process.

‘Secure Boot’ works by keeping ‘secret keys’ within the system itself. These keys are then used to “sign” anything that wishes to run – such as operating systems. If an operating system isn’t signed by a matching key then booting of it will not be allowed.

But it’s not just restrictive to software vendors either as Red Hat’s Matthew Garrett explains: –

“A hardware vendor cannot run their hardware inside the EFI environment unless their drivers are signed with a key that’s included in the system firmware. If you install a new graphics card that either has unsigned drivers, or drivers that are signed with a key that’s not in your system firmware, you’ll get no graphics support in the firmware.”

The technology isn’t new; most motherboards shipped today support Secure Boot but have it disabled by default. For the roll out of Windows 8 Microsoft want to see Secure Boot enabled on all devices shipping with their name on by default.

Don’t Panic – At least not yet

First of all, this hasn’t happened yet. And Microsoft are likely to face fierce opposition in trying to push this change through – including from the Competition Commission of the EU, who previously forced Microsoft to offer a choice of Web Browsers in the European edition of Windows 7.

OEMs would also be able to offer a BIOS feature to disable the service – a literal ‘off switch’ for Windows.

Ross Anderson of Light Blue Touchpaper, who has campaigned against similar, albeit less restrictive, moves before is stern in his verdict: –

“The extension of Microsoft’s OS monopoly to hardware would be a disaster, with increased lock-in, decreased consumer choice and lack of space to innovate. It is clearly unlawful and must not succeed.”

Microsoft secureboot windows