To understand this article, you first need to know few things…..
First one is about UEFI(Unified Extensible Firmware Interface) which is nothing but the replacement to the traditional BIOS which has started to occur.
One can have a good knowledge about it from the following link…. It’s a good link to know about UEFI.
Important Point:-
One feature of UEFI is that it allows firmware to implement Security Policies.
Now why is this UEFI important???
UEFI secure boot is part of Windows 8 secured boot architecture
So, when windows 8 will be launched, the laptops which will be coming with pre-installed Windows 8 will have UEFI instead of traditional BIOS.
Here is a nice article about the boot process of win8:-
So why to be concerned??
·
Windows 8 utilizes secure boot to ensure that the pre-OS environment is secure
· Secure boot doesn’t “lock out” operating system loaders, but is a policy that allows firmware to validate authenticity of components
Usually if we have a laptop with windows installed on it and want to install Linux on it, then we simply either format or create new drive and install Linux onto that. And then it modifies the Boot Loader/System Loader and we get both the OS working.
But with PC’s having Windows 8 installed, if you have UEFI instead of BIOS, you won’t be able to do so. As it now uses UEFI and it has security policies configured which will prevent you from booting any other OS than the authorized ones.
Microsoft can require that hardware vendors include their keys (for secure booting). Their competition can't. A system that ships with Microsoft's signing keys and no others will be unable to perform secure boot of any operating system other than Microsoft's. No other vendor has the same position of power over the hardware vendors. Red Hat is unable to ensure that every OEM carries their signing key. Nor is Canonical. Nor is Nvidia, or AMD or any other PC component manufacturer. Microsoft's influence here is greater than even Intel's.
Linux has no support for UEFI by now and it would be an issue for linux to add support for it as soon as possible and also make vendors to add their certificates in the authorized list.
Here is a nice article on this topic:-
No comments:
Post a Comment