Secureboot

Microsoft using Secureboot to lock down ARM

Thanks to a tip from a colleague - Anshu, I found out further confirmation that the Secureboot issue, that I blogged about earlier, is going to bite us badly just as we expected. According to this post of the Software Freedom Law Center, Microsoft has recently revised it’s Windows 8 Hardware Certification requirements to lock out all alternative OSes from the ARM-based mobile devices that it ships on. The Certification Requirements define (on page 116) a “custom” secure boot mode, in which a physically present user can add signatures for alternative operating systems to the system’s signature database, allowing the system to boot those operating systems.

The incoming Secureboot/Restrictedboot war

For those who aren’t aware of this, FSF (Free Software Foundation) has been running a campaign for the last few months about Microsoft’s malicious Secureboot initiative (which FSF calls restricted boot). Given the mostly Microsoft friendly corporate IT environments out there, I think this is one topic on which most employees should be very aware. A nice summary of the issue can be read up at: http://www.theregister.co.uk/2011/10/18/fsf_windows_8_campaign/ Apparently, Microsoft is practically arm-twisting OEM manufacturers to implement Secureboot to be able to install Windows 8 on their systems - it is a Windows 8 requirement.