There’s another round of fussing among Linux users over Microsoft’s decision to require a feature called Secure Boot in Windows 8. I break down the details over at ZDNet. Here’s an excerpt from Linux won’t be locked out of Windows 8 PCs, but FUD continues
Let’s talk about Windows 8 PCs. The new specifications make it very clear:
- All versions of Windows 8 shall be UEFI-compatible …
- All client systems must support UEFI Secure boot …
- MANDATORY: Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv [the private key that supports Secure Boot].
“Non-ARM systems” means the classic x86 PC design. Roughly 400 million of these devices will be sold this year, and probably an equivalent number will be sold in the first year that Windows 8 is available. Every single one of those PCs will have the ability to run older versions of Windows, Linux, or a new operating system you create yourself. To do so, you will simply have to flip a bit in the system’s setup screen.
Sorry, conspiracy theorists. This does not represent “Microsoft’s latest attempt to abuse their PC monopoly power .” Quite the opposite. In the general-purpose PC segment, where small vestiges of Microsoft’s one-time monopoly still exist, this new security feature will be enabled by default, but the option to disable it will be mandatory. No lock-out for Linux.
General-purpose PCs are awesome. I don’t believe they will ever go away. I do not want them to go away.
But I do think we’ll see many more specialized devices that are engineered as part of end-to-end experiences, not easily hackable, with limitations imposed by app stores and digital signatures.
I want to have the choice to buy those devices as well as general-purpose PCs. iPads are arguably highly locked down. One can chafe at the limitations and restrictions, but there is no doubt that the end result is a very secure, very usable, very supportable combination of device and software.
The reason that the full system is “locked down” and the app store is curated is to keep out malware. And I would bet the number of people who are affected every year by malware is an order of magnitude larger than the people who want to buy a PC with one OS installed and hack it so they can install something else.
For many people, especially nontechnical users, the availability of that type of device is a good thing. Between Apple, Google, and Microsoft, we are heading toward a world where we will have at least three different hardware/OS and app ecosystems, all of them designed around very different experiences. I hope that all three of those platforms are able to coexist. I’d rather not return to the days of monopoly, thanks very much.
Ironically, the “open hardware” movement wants to restrict my choice. I want the ability to buy a device that can’t be easily hacked, even by me. We both want “open” PCs to continue to exist. But by insisting that every device be “open,” they’re taking away my option to freely, with eyes wide open, choose “closed.”
9 thoughts on “It all depends on your definition of “open,” I guess”
I’m really not a big fan of the single source app ecosystem. I dislike having any one source being the sole arbitrator of what type of applications I’m allowed to run.
Even Metro is heading this way, all applications being available solely through Microsoft, I like the choice of who I purchase from, and the sheer simplicity of anyone being able to freely make available any software online they wish.
If we see Metro eclipse the desktop completely, that will be gone. Microsoft decides what we’re allowed to use, and the simple ease of being able to make anything available is gone with everything having to be approved by MS, and anyone listing any software being charged for the listing.
I like being able to make small utilities available freely to anyone who wishes to use it. I don’t like MS choosing whether I’m allowed to distribute them and being charged for making them available to people.
App Stores have their place for security and simple ease of use. The strident move away from anything else even on general purpose PC’s concerns me greatly. I want free choice not only in hardware, but software. Use what I want, from whom I want.
I can tolerate app stores being the sole choice on my smartphone, I cannot tolerate an app store being the sole choice on a general purpose PC or even a tablet.
The SecureBoot is a non issue IMO. Anyone that is likely to be willing to install Linux (Or whatever non Win8 OS they wish) themselves is almost certainly going to be knowledgeable enough to feel comfortable going into the BIOS and disabling SecureBoot.
As long as we have that choice, and we clearly will this is a non issue. Microsoft isn’t doing anything to prevent anyone from installing whatever OS they choose.
It’s one small extra step that’s liable to take a minute at most to disable, not a big hindrance when you consider the obvious desireable benefits of having SecureBoot enabled by default.
I agree. I think your order of magnitude guess is way off though, for the ratio of people who want to buy something and leave it alone versus people who want to buy and install something else. Three (or more) orders of magnitude feels more correct.
I’d feel better though if the old implied warranty of fitness for a particular purpose weren’t routinely waived.
The key wording is “… on non-ARM devices”. However, on ARM devices (e.g. tablets), Microsoft IS locking users out:
More links in the article …
I addressed those concerns fully in my post. “Non-ARM devices” covers the 400 million-plus general purpose PCs sold every year. ARM devices covers a new class of managed devices that will be available from Microsoft and are already available from Android OEMs and Apple.
Please tell me why Microsoft should be forced to compromise security in its new hardware platform specifically so that hackers can install a different operating system on it. They have the right to say no to that, just as Apple and most of those Android OEMs have.
Who owns the device, Microsoft or me? Am I just licensing the device along with the OS or do I actually own the hardware? If I’m prevented from installing my OS of choice, then it’s Microsoft’s device and that’s where the problem lies.
The only solution I see is not buying any ARM boxes which have Win8 on them, at least until they have been “rooted” — as have most iOS and Android devices.
Nothing new here. Somewhat similar to if you decide to put a Chevy engine in a Ford car you void the warranty. Or those “don’t remove this sticker” stickers on so many electronic devices. Sure it’s limiting, but what do you really loose? For 99% of us, nothing. You do gain security and assurance that your device will work better. There will ALWAYS be devices without this limitation if you just must hack.
“General-purpose PCs are awesome. I don’t believe they will ever go away. I do not want them to go away.”
But then you seem to think that there will never be a general-purpose PC powered by an ARM. That seems to me a very bad intuition.
Furthermore, there begins to be some convergence between tablets and general-purpose PCs, for example laptops with removable touch screen. Do you consider that being a tablet or a general-puspose PC ? Is the nature of this device different if running an ARM Cortex or an Intel Atom ? Do you consider I should be able to do whatever I want with this hardware (like GP-PC) or not (like closed tablet) ?
The distinction between tablets and general-purpose PCs just does not stand, it’s converging and in a few years you won’t be able to tell the difference.
Moreover I don’t really see how the architecture of the CPU might be relevant to decide if a platform should be open or closed, and to decide if a device is a tablet or a PC.
You haven’t factored in the fact that technology changes over time. Today, general-purpose PCs built on the x86/x64 architecture represent 100% of Microsoft’s market and about 90% of the general computing market if you factor in iPads and other tablets.
That mix will change over the next decade, but this sort of change happens slowly, and Microsoft will not play a monopoly role in the shift. I am certain we will see a mix of general purpose and fixed purpose computing devices using a variety of architectures. As the technology changes, the requirements will change as well.
And yes, there IS a difference between an x86 and an ARM device that appear identical in terms of hardware. The former will run the full range of legacy software, from Microsoft and others. The latter will run only software that has been written to a new set of specifications and compiled to run on that processor.
“That mix will change over the next decade, but this sort of change happens slowly, and Microsoft will not play a monopoly role in the shift.”
That might happen slowly (how slowly anyway), but I don’t agree with Microsoft not playing any monopoly. Microsoft is big leader, as you said, with 90% of the market of the general computing market, so a constructor that want to sell a lot of units has no choice but to support Windows (unless it’s a Mac). And as until now Windows only ran on x86/x64 archs, constructor had virtually no choice for the processor’s architecture. With Windows ported on ARM, that changes everything, and because ARM cores are much more power efficient than, say, an Intel Atom, there will be Cortex-based netbooks, and I think there will be a lot of them.
“And yes, there IS a difference between an x86 and an ARM device that appear identical in terms of hardware. The former will run the full range of legacy software, from Microsoft and others. The latter will run only software that has been written to a new set of specifications and compiled to run on that processor.”
I don’t think this is a real issue.
We have do split the analysis into userspace software and kernelspace software.
For userspace software (which is the big majority), I don’t really know the compiling toolchain on Windows, but I assume that a C/C++ program that compiles on Windows/x86 will compile as well on Windows/Arm with Microsoft’s toolchain. Not mentionning that any soft written in Java or C# (or any other language that targets a portable VM) would not even need to be recompiled.
The only problem I could see is with device drivers, that live in kernel space. But, although again I don’t know how you make a Windows driver, I imagine that there is some hardware abstraction layer, such as a USB stack, a PCI stack, and that hardware is accessed only through those stacks. If basic hardware communication is abstracted, I don’t really see the portability problem for a device driver either : system headers are the same, just recompile it and that will work, minor issue for the hardware manufacturer. I might be wrong on that point so just let me know if that’s the case.
Moreover, even if there are some problems, Microsoft will certainly allow software developpers to train on betas or RCs (just like they do for new Windows releases). Or maybe they will push them to try and port what needs to be ported, for the exact reason you give : Microsoft (and manufacturers) won’t sell devices on which you can do nothing but play Free Cell.
Last, Microsoft could very well develop (and has maybe developed it ?) a virtualisation layer to allow x86 binaries to run on Arm devices, just like Apple did when they switched from PPC to x86.
So, except maybe for some hardware, I don’t really think that porting application will be such an issue. I don’t see the big fence that would prevent manufacturer from releasing ARM-based netbooks, especially as Arm’s advance concerning power-efficience is so big.
I still think that the distinction tablet/general-purpose PC does not really stand, or at least won’t stand for long, and above all that the ARM/x86 distinction is mostly irrelevant.