Since Windows 8 is using Unified Extensible Firmware Interface (UEFI) to perform secure boot, it will be difficult to install and execute many distros of Linux Operating System in a Windows 8 computer if those distributions are not UEFI verified. Windows 8 is using UEFI to prevent rootkits and other boot level attacks but it may prevent other versions of OS boot loaders too from booting. So it is difficult to implement a dual-boot system in a Windows 8 computer. UEFI is a promising technology to improve the booting speed and security but it can create many unexpected issues. One of the problem is the lack of ability to run a genuine firmware or OS loader in a computer (Secure boot enabled) by the user if it is not UEFI verified. It is afraid that many OEMs will not give the control to turn off secure boot to the user and it may end the world of free software. In a careful analysis the issue is not directly related to Windows 8 but related to vendors who decide to implement secure boot for their PCs.
What is Unified UEFI and Secure Boot
Unified Extensible Firmware Interface (UEFI) is a promising firmware interface controlled by UEFI forum, a collection of chipset, hardware, system, firmware, and operating system vendors who decide specifications, test tools, and reference implementations that are used across many UEFI PCs. Any company can join UEFI forum and ensure their product is UEFI verified. It is an effort to improve the security of a PC by eliminating the chances of booting any boot level malware. Secure boot is the firmware validation process of UEFI.
How UEFI Secure Boot Improves PC Security
In Microsoft blog they demonstrate the differences between an ordinary boot and secure boot.
This image is self explanatory and anyone can easily identify how Secure Boot prevents rootkits from booting. Secure boot check the signature of the firmware when the system powered on and if the signature of the firmware is not present in the allowed list stored in the database, it cannot execute. Here comes the problem for many Linux distributions in a secure boot enabled system. If the Linux distro is not in the allowed list, UEFI will not let it to boot. Since many Linux users use customized Linux versions, it will be more complicated.
What is Unified UEFI and Secure Boot
Unified Extensible Firmware Interface (UEFI) is a promising firmware interface controlled by UEFI forum, a collection of chipset, hardware, system, firmware, and operating system vendors who decide specifications, test tools, and reference implementations that are used across many UEFI PCs. Any company can join UEFI forum and ensure their product is UEFI verified. It is an effort to improve the security of a PC by eliminating the chances of booting any boot level malware. Secure boot is the firmware validation process of UEFI.
How UEFI Secure Boot Improves PC Security
In Microsoft blog they demonstrate the differences between an ordinary boot and secure boot.
This image is self explanatory and anyone can easily identify how Secure Boot prevents rootkits from booting. Secure boot check the signature of the firmware when the system powered on and if the signature of the firmware is not present in the allowed list stored in the database, it cannot execute. Here comes the problem for many Linux distributions in a secure boot enabled system. If the Linux distro is not in the allowed list, UEFI will not let it to boot. Since many Linux users use customized Linux versions, it will be more complicated.
Technology Blog
1 comments:
Nice post thanks for sharing.
Post a Comment