Skip to content

Secure Boot in Windows 8 – Understand what it is and amaze the myths

09/22/2011

Yesterday the discussion was heated in my workgroup because of news that Microsoft would block the HD that had the Windows 8 installed.

Firstly this is not entirely true, because multiple installed the OS and know that it was not necessary and will not be required UEFI to install Windows 8.

Windows 8 is still a Technical Developer Preview, which means that neither can be called a Beta, so there is a commitment that all options presented are implemented. Besides, there is sure to be implemented. Therefore, this entire discussion is based on assumptions.

What is UEFI?

Means Unified Extensible Firmware Interface and will replace the current boot that is still written in 16-bit and requires conversion of commands, while the UEFI is based on 64-bit.

This is not a new invention, began to be drawn in 1995 with the name of EFI and today has become a standard among hardware and software manufacturers http://www.uefi.org/about/.

One of the characteristics of the UEFI is that it allows you to install an OS directly in flash. For those who have already installed a new server from Dell, for example the R710, has seen the application that it has to assist the OS installation? This is an example of UEFI boot.

What is Secure Boot?

One of the new features added to UEFI is the possibility of the OS Kernel indicate an asymmetric key (Key Pairs) and only driver that is digitally signed to be installed. This feature already exists on some Macs (EFI Boot) and prevents rootkits, dai why fewer intrusions.

This feature is not new, change the OS version of Apple equipments require jailbreaks, if Microsoft resolve launch Windows 8 in OEM versions with UEFI bloqued would not be a practice different from what many OS’s already use.

Rumors surrounding Linux

Were published in many places that the intention would be to prohibit Microsoft Linux based on a post on the internet.

However, those who read the full post will notice the snippet below where the author is not saying that Linux won’t work but that the problem is that the Linux distributions and the Drivers do not always have the digital signature, which would make the UEFI understand how rootkit and abort initialization.

clip_image002

To understand the process of using boot UEFI-see the diagram below and watch http://channel9.msdn.com/Events/BUILD/BUILD2011/HW-457T lecture in where he was introduced Secure Boot.

clip_image004

Conclusion

If you are caught on the option to change the BIOS to UEFI on Windows 8 with OEM machines purchased, just buy a machine that is not with Windows 8 and install the OS that you want, including own Windows 8 dual boot as we already.

Or, as he spoke the own analyst who played the issue on the market, signed Linux kernel and drivers.

Advertisements

From → Security, Windows 8

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: