Microsoft Locks Out Linux On ARM Systems Shipping Windows 8

It's been a few years since Microsoft really shot itself in the foot by making itself look really unfriendly, and someone at the company must've been missing the pain. A careful read of the company's "Windows 8 Hardware Certification Requirements" document has revealed draconian policies that require vendors to block the installation of other operating systems on ARM devices.

First, a bit of history. Earlier this fall, Microsoft briefly made waves when it announced that Windows 8 would require that UEFI (the successor to BIOS) Secure Boot be enabled on all systems that ship with Windows 8 installed. Secure Boot uses vendor-provided signed keys to ensure that the OS in question has been properly validated. The concern was that this process could be used to effectively prevent the installation of Linux on ARM products.

Microsoft responded to these allegations with a substantial blog entry on the UEFI standard and how Secure Boot works, but the company's response to fears that it would prevent non-MS OS's from running was answered as follows: "Microsoft does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows."

And so it doesn't -- as long as we're talking about x86 hardware. The document in question states: "On non-ARM systems, it is required to implement the ability to disable the Secure Boot via firmware setup." It then goes on to say (on Page 116): "Disabling Secure MUST NOT be possible on ARM systems."

We don't WANNA play fair!

There's no technical reason why MS would support disabling Secure Boot for one CPU architecture but enabling it for another, which leaves us with non-technical justifications -- of which there are plenty. By locking out alternate OS's, MS ensures that Windows customers stay Windows customers.

Such a condition would never fly in the x86 world, where MS is the dominant vendor. In handhelds, however, Microsoft only supplies a tiny fraction of the overall market. The company is obviously hoping it can lock out the threat of Android competition by preventing the installation of other operating systems. It's not so different from the early 90s, when Microsoft attempted to force OEMs to purchase a Windows license for every system they shipped, even if the box didn't utilize a Microsoft operating system.

In September, when this issue first arose, MS issued a long statement justifying its response and noting that the Secure Boot feature was part of the UEFI standard. We can't wait to see the company's justification this time around. After years of (fairly) good behavior, Microsoft had begun to build a reputation as a company that legitimately played nice with others. After this, it seems a time out is in order.
RTietjens 2 years ago

What's that smell? Why, it's an anti-trust lawsuit!

They never learn.

realneil 2 years ago

[quote user="RTietjens"]What's that smell? Why, it's an anti-trust lawsuit! They never learn. [/quote]

This exactly.

They'll be sued, and then there will be a fix to fix their fix soonest.


digger1985 2 years ago

What anti-trust?

Exactly. I don't know what the fuss is about. MS has near 0% market share in ARM smartphone and tablets. The market is already dominated by Apple and Android. Consumers have PLENTY of choice with regards to non-Windows ARM devices.

Sure it's anti-competitive, but the whole point of capitalism is to be anti-competitive. Anti-competitive behaviour is only a problem if you have a monopoly. With MS having 0 marketshare and a vast ecosystem of alternatives available, only an idiot would by a Win8 tablet to install another OS, full well knowing before hand that it won't be possible to.

Anti-trust only applies when consumers have no alternatives. Please have a look around and tell me we have no alternatives? If consumers don't want a W8 ARM tablet, they can always go an iPad, the dominant player, or an Android tablet, with a small marketshare but still by a large percentage bigger than what MS currently has.

remixedcat 2 years ago

thing is if we want linux and windows on the same device we can't we'd have to have a seperate device for each operating system... not very economical.

JDiaz 2 years ago

Well, running both Windows and Linux is not something everyone wants to do. It's usually one or the other, while ARM is still a long way from replacing x86 for all traditional PC usage scenarios.

While this won't stop people from doing things like running Linux in VM on a Windows 8 ARM system. You may also be able to boot a network linux. Along with possibly having two systems on the same device...

AKnudson 2 years ago

riddle me this batman why would anyone want linux on a windows operated and designed device? i dont understand this love for an operating system that has done almost nothing to further or improve computer quality in the last ten years.

yea sure there is the fact that you can do more if you know the code its written in so great go ahead or be a real programmer and use a real programming language.

CharlesNorrie 2 years ago

I hope the board of Microsoft realises that what it is doing is illegal under both US and EU law, and its members face heavy fines and long prison sentences for what they are doing.

What it is doing is effectively imposing a rootkit on hardware, which only differs from a criminal piece of vicious malware in that it is sponsored by a supposedly responsible public company.

The US DoD has abandoned Windows for flying its drones because of malware which resulted in the loss of a drone over Iran.

Joel H 2 years ago

*sigh* UEFI is not a rootkit. Secure boot is not a rootkit. It's nothing even close to a rootkit.

There's nothing wrong with UEFI or Secure Boot. The problem is that MS is demanding OEM's lock customers away from installing another OS. That doesn't mean there's anything wrong with the mechanisms in question.

omegadraco 2 years ago

Totally messed up of MS to require OEMs to lock users away from installing another OS. I guess it is even more of a reason to build my own system. I could understand if there was a setting in the UEFI Bios to turn off secure boot.

realneil 2 years ago

Manufacturers may not listen to what we say all that often, (lord knows that Microsoft could care less about us) but they'll listen to ~not selling~ crippled ARM products as fast as they want to.

       Wilted Flower Just don't buy them. Wilted Flower

Or, if one company starts to make them without this crap Super Angry built in to them, buy from them only!

Manufacturers always listen to their bottom line,........

JDiaz 2 years ago

Thing is that's the reason why they're doing it!

Thanks to all the pirating of software and media content has created a culture of paranoia among businesses and they want assurances that their bottom line gets protected. Otherwise forget about HD content and access to the good pay for apps because they don't trust ARM to be secure enough without those strict security measures.

Examples like the Netflix HD app already exist for Android, where if you remove the security or install the app on a non-secure system then it will only stream the SD quality streams.

BHusebye 2 years ago

Bunch of Tree Weasles. People need to push back. All it will take. If I buy a system and I want to get rid of your crap GUI I expect to be able to. All we have to do is go back to that wonderful example of a carboard box gone to waste by looking at Windows Millenium. Office Depot or Office Max or Staples (hell they are all the same to me) was giving away a free plastic watch with the Operating System. The best thing about it was that watch. Bill Gates could have pooped in the box and it would have been better. Take my power away to put anything I want on a box you might as well get Bill Gates lined up with some heavy fiber to take another crap in the box.

Joel H 2 years ago

There are only three outcomes here.

1) MS changes its requirements.

2) MS doesn't change requirements. Vendors that ship Windows 8 ARM solutions ship them locked (no installing other operating systems)

3) MS doesn't change its requirements. Someone ships an unlocked solution and gets the pants sued off them.

#3 isn't going to happen. If you want to protest this decision, do so at the Windows 8 blog, or do it right here. The burden shouldn't be on manufacturers to buck the demand -- not when the consequences of doing so are so enormous.

WBoyd 2 years ago

This is so typical and so scary and disappointing. Anti-trust and unfair.

DHampton 2 years ago

Sure its illegal but if falls enough into the gray area that with enough money it will go away. This is terrible news for smaller companies. I see the point but I mean its counter productive especially when any money from any market dominance will be thrown right back in to protecting their butts from a lawsuit. Also it wont help withing in a month skidrow/ etremezone or other cracker will have the problem fixed. So they invest tons of money into this feature and in the end it wont help customers or themselves cause any extra earning went straight to the lawyers.

digitaldd 2 years ago

I don't know what everyone is up in the air about on this they are just following the successful model that Apple has laid out for them. on ARM apparently they can at least try to control the hardware they allow Windows 8 to install on.

Joel H 2 years ago


There's no comparison. Apple manufacturers its own hardware. You buy an Apple, you buy into their product, built their way, with their restrictions. Microsoft licenses its operating systems to a variety of third parties.

CDeeter 2 years ago

I disagree, it doesn't matter whether or not Apple builds its own hardware or not. If you buy into Apple or Microsoft - that's what you are buying, don't expect support for any other OS. You want to run something else, then buy a system that runs Linux, Android, or whatever.

Or build your own.

Plenty of companies out there sell bare bones systems, and I'm sure that in time ARM processors will find their way into them, and then you can install your OS of choice.

JDiaz 2 years ago

Not that it's important but Apple doesn't actually manufacture most its own hardware, they license and patent designs and then have other companies, like Foxconn, do the actual manufacturing.

While software companies can and have required restrictions be made on the systems they get installed on. Take the HD Netflix app for example, it's the reason why the Nook Tablet came with a locked bootloader to satisfy DRM concerns and that's with a Android OS.

Anyway, this will likely only effect Linux as they have a more strict open source requirement. While Google is more flexible and willing to go the certified route, as those devices with locked bootloaders already show.

slugbug 2 years ago

Don't they realize they're just opening themselves up to more and more lawsuits by doing this. Sorry MS but not everyone buys a PC just to use Windows.

JDiaz 2 years ago

I think people aren't realizing there is a difference between the ARM and x86 markets. ARM is partly by design intended for custom solutions that don't need to support multiple configurations.

E-Book Readers, Smart Phones, even Tablets, etc can be single purpose and they don't need to allow you easy way to change it. In other words they aren't PC's in the traditional sense.

So like it or not MS has the right to impose limitations on a ARM release that would not be allowable on a traditional PC.

This really isn't any different from say B&N locking the bootloader of the Nook Tablet because the HD Netflix app requires it for DRM concerns. Otherwise the app will only allow you to view SD streams.

While nothing is stopping you from still buying a Android device and installing linux if you so wish. The requirement is only for systems that come with Windows 8 pre-installed.

It's not like all ARM devices will only be sold with Windows 8 after all and those others will likely be sold cheaper than the Windows 8 versions anyway.

Joel H 2 years ago

ARM is partly by design intended for custom solutions that don't need to support multiple configurations.

That's the way things have historically been. The question is, why should they stay that way? Why should your choice of CPU architecture define your platform freedom?

JDiaz 2 years ago

Because that's also why ARM can be made cheaper, they don't have to be multi-purpose and so can be streamlined for an intended purpose.

Mind the ARM market also has users buying new versions of the hardware at a much faster rate than traditional PC's. You can buy a new laptop once every 2-5 years and not mind. Desktop users can keep the same system for up to over a decade in some cases.

Smart Phone and Tablets though is more like every six months to maybe a year or two before you're completely out of date and have to upgrade.

So we're talking about very different market dynamics that Windows is trying to get into. Remember too, because of the difference between ARM and x86, MS is already giving up on supporting legacy programs and ARM doesn't yet have enough extra performance to really justify a work around like VM. Though next gen Cortex A15 may change this but till then MS also has to worry about being efficient on ARM.

Since it's not just ARM that helps make ARM devices so energy efficient but the OS and apps too must support those power saving systems and traditional desktop OS do not do so. Background processes for example are always running in a desktop OS and that would keep the system from ever fully idling. Giving another reason not to support legacy programs on top of the difficulty of getting them to run on ARM.

ARM would also start losing it's power efficiency advantage if it had to support multiple configurations/uses. Like one of the reasons Apple was able to get over 10 hours run time for the iPad is because they stripped out everything the iPad would never use, like USB port support, etc.

Even for traditional PC systems, chips made specifically for tablets cut out unnecessary hardware support. Like the AMD Z-01 is basically a stripped down version of the C-50, supporting fewer monitor resolutions, only one of each port type, etc.

So without that customization then ARM will start losing some of the features that make it more desirable for the mobile market than x86 solutions, and remember Intel is already starting to close the gap and may get seriously close to ARM standards by next year.

Meanwhile, ARM is only starting to achieve a performance level in the Intel ATOM range for CPU performance. So running a desktop OS is not going to be as fluid as it would be on a more powerful system. So MS also has to consider optimizing the probability of their OS performing well with minimal hardware support until they're sure Windows 8 will be a success, on top of the other reasons already suspected.

Seansjohnson 2 years ago

Have most of you guys never heard of the iPad? The iPad, too, has a locked bootloader and will not load an unsigned operating system. Ditto the PlayBook, Nook, Kindle Fire, most Galaxy Tabs, and the Asus Transformer Prime... I'm not seeing the issue here.

cowboyspace 2 years ago

this is just ridiculous.Microsoft wants linux out as they see more and more users are using linux .they dont want challenge later O_o

JDiaz 2 years ago

Don't think Linux really enters their thinking much on this. Even now Linux is hardly ever used on ARM devices and the restriction is only for systems with Windows 8 pre-installed, it'll have no effect on systems sold without Windows 8 Pre-Installed.

This more than likely has to do with the general greater fear of hacking on ARM. DRM and other security issues could be potentially circumvented more easily on ARM devices. Whether that's true isn't as important as realizing that companies besides just MS share this fear and is why we are seeing increased efforts to lock ARM devices.

Locked bootloaders, etc are for reasons like ensuring DRM protection levels that will satisfy content providers. While Windows 8 is also trying to be marketed to businesses where security is a concern, integrating for example many features we've only seen before in server and enterprise applications.

They may still change their minds if enough people start complaining but it'll have to be a pretty massive demand, which will likely take more than just those concerned about using linux.

Joel H 2 years ago


The disparity is the issue. It's not a question of segmentation, but of platform -- why should ARM devices be locked when x86 devices aren't, and both are running the same operating system or aimed at the same market? It's not as simple as saying "Well, these are tablets and these are laptops -- not when Intel is building x86 tablets and Qualcomm is planning ARM-based netbooks.

The equivalent would be Apple saying: "Well, our new x86 iPads can install Windows, but not these ARM ones." It wouldn't make any sense in that case, either.

JDiaz 2 years ago

1) ARM and x86 are presently not aimed at the same market. ARM is for low end devices, providing a efficient and low power consumption solution for handling basic tasks required of either embedded or mobile devices. While most x86 is intended for more general purpose and higher end applications where performance is more important than energy efficiency.

2) One of the key points of ARM is it's completely customizable, so companies can design solutions specifically for their needs. Support of multiple purpose applications was never paramount for ARM, as it focused on efficiency and reduction of redundancy.

3) Because of the limitations ARM has up till now been limited primarily to Mobile OS. Even linux has only had limited application with ARM because of the lack of higher end performance. Only now has ARM finally reached the point they can be considered for running desktop OS without annoying compromises but even this is still only at the level of low end x86 solutions like Intel ATOMs.

4) ARM may be finally capable of being considered for more than it traditionally has but the reasons to use them still focus on the reasons ARM was created in the first place. Meaning the focus remains on efficiency and not providing the capacity to cover every possible usage scenario in a single design.

5) If you remove the reasons why ARM has been a better choice for mobile solutions up till now then it becomes harder to not just choose a x86 solution that has been designed from the start to cover a wider range of uses without needing to be optimized.

Like a iPad wouldn't have more run time than other ARM devices if it had to support all the possible ports and peripherals a typical PC would.

Intel is already starting to get close to ARM energy efficiency by adopting many of the key design factors like SoC and the ability to turn individual components off when not being used. While making up for the remaining difference by keeping ahead of the manufacturing die shrink curve. So forcing ARM to start supporting everything a normal PC has to support means the difference will start getting small enough to no longer really matter.

Also we can't forget that ARM's rapid development is due to the fact its market model calls for rapid replacement. End of Life for ARM devices are far faster than the PC market. This has allowed them to advance rapidly but is incompatible with the long term usage models of traditional PC's. So things like upgrade-ability and support for a wide range of possible uses are not what you should be looking for in a ARM solution.

Everything from price to power efficiency depends a lot on ARM's ability to be customized and optimized for specific needs.

OSunday 2 years ago

Man Microsoft's been spending WAY to much time hanging out with Sony, they out to learn from their friends mistakes instead of following in their foot steps...

MKyosh 2 years ago

First thing I do when I buy a laptop is to remove Microsoft Windows and install Linux. and probably run Windows using a VM for testing purposes.

By the way, did you consider developers/programmers? Those who install several Operating Systems on the same machine for testing purposes.

What about those who develop Open Source software runnable in both Linux and Windows? If this illegal MS crap on secure booting is true. Tons of Open sourcers will just discontinue the Windows version of their software, and so will I .....

I can mire how companies like Dell would react to this: they probably will offer again the option to order a system without OS and with secure boot disabled but with a higher price claiming that the extra money will go to Microsoft....

Remember what I have just said ;)

But many of us will just go around manufacturers like System76 and get a Linux certified machine.

JDiaz 2 years ago

1) This only really effects ARM! Traditional x86 systems will by and large not have any problems they didn't have before, since secure boot will likely be left by most as a BIOS option that can be disabled.

2) ARM won't be fully compatible with all software anyway, they're not going to provide legacy support and anything not intended to run on ARM still won't run unless using a work around like VM or remote computing.

Linux will have less of a issue but it's not like everything you could run will be optimized out of the box for ARM.

3) Windows 8 for ARM isn't even coming out till sometime in 2013, only the x86 version is coming out later this year. Meaning there will still be a lot of Android and possibly some Chromebook ARM systems to choose from. While a few may experiment with linux as well, something that has been going on for years now.

4) ARM systems are made to order, unlike x86 systems they aren't intended to be re-purposed or upgraded. In the ARM market upgrade = replace! So if you want to run something besides Windows then get a non-Windows ARM system. Windows doesn't dominate the ARM market and so there are plenty of other systems to choose from.

Mind though there is also pressure to apply boot loader locks for other OS pre-installs if they include apps that require additional security like HD streaming for DRM protection. So this isn't just a MS thing!

5) ARM is not the best market for linux in any case, since ARM is rife with hardware fragmentation that includes closed drivers!

Sure, Linux and ARM will probably find combined uses in fields like servers but those will be by those who can order custom configured hardware and will not effect the general consumer market.

6) Linux on ARM is not new, but only recently has ARM started to provide performance needed to properly run a desktop OS. Though it may still take another year before we really see them overtake netbook like functionality and we'll see if they can start matching netbook like prices.

So I'd be more concerned about the growing numbers of systems with closed driver hardware. Like netbooks use to be a safe haven for Linux users with Intel providing good GMA driver support. However, the Cedar Trail update coming out now uses Imagination PowerVR SGX545. A slightly better version of the SGX535 used in the old GMA 500, which is pretty infamous for it's lousy driver support for linux users.

Unless open source drivers are provided then there's going to be a lot fewer devices fully support by linux at this rate, on systems sold even without a OS.

okeos 2 years ago

SeanJohnson Hit the Nail on the head, most tablets, even some Androids, are boot locked.

Post a Comment
or Register to comment