Microsoft: Windows 8 Machines Will Only Run Windows 8 OS
Sep. 22nd, 2011 by Dave Courbanou
If you’re an OEM and you want the coveted Windows 8 logo on your new Windows 8 machines, you’re going to have to do a few things to satisfy Microsoft. No big deal, right? Just a few minimum RAM and CPU requirements, right? Not this time. According to some recently surfaced BUILD slides on Windows 8, machines now must use UEFI with “hardened boot” certificate authentication. And that might mean no alternative OSes can boot …
Brian Proffitt at ITWorld.com has a very lengthy and detailed explanation of what Windows 8 using UEFI and hardened boot means, but we’ll keep it really simple here. UEFI, for the uninitiated, is the Unified Extensible Firmware Interface, and like Apple’s computers (which use the UEFI platform and which boot very quickly), Windows 8 computers also will use the UEFI platform, which does away with the BIOS. The BIOS often bogs things down, since it exists to support a swath of legacy hardware and chipset needs. Since Windows 8 aims to push Windows beyond its current status, Microsoft believes the past must stay in the past, especially to achieve super-fast (and instant-on) boot times.
But what do super-fast boot times have to do with “hardened boot” and authentication on power-up? According to Microsoft’s BUILD slides from Arie van der Hoeven, the principal lead program manager for Microsoft, Windows 8 client computers are required to have this technology for their own protection. Straight from Hoeven’s slides:
Current issues with boot:
- Growing class of malware targets the boot path
- Often the only fix is to reinstall the operating system
UEFI and secure boot harden the boot process
- All firmware and software in the boot process must be signed by a trusted Certificate Authority (CA)
- Required for Windows 8 client
- Does not require a Trusted Platform Module (TPM)
- Reduces the likelihood of bootkits, rootkits and ransomware
It’s nice to know that Microsoft is combating security issues, but this certificate signing means that the version of Windows 8 you install on your Windows 8 machine can only come from the OEM from whom you purchased your computer. It also means installing any other operating system on that computer is basically impossible without (hypothetically) fudging the certification keys. In plain English, Microsoft has devised a way to ensure that once a Windows 8 computer is purchased, Windows 8 will be the only OS to ever run on it.
What does this mean for VARs and partners of computer manufacturing companies such as Dell and Lenovo? It means that customers will not be able to install anything other than the OEM version of Windows 8 on their machines, if you, the partner, is selling them a “certified” Windows 8 computer. It also means licensing will be much more tightly controlled, thanks to the certificate authority authentication. If customers are looking for flexibility, they may want to buy “older” Windows 7 machines and manually upgrade to Windows 8 to ensure old PCs can continue to be repurposed after they’ve outlived Windows 8. Conversely, VARs can always just build a fleet of their own computers and install and update them as needed.
There is one other way: Proffitt discusses how Red Hat’s Matthew Garrett uncovered the majority of these Windows 8 issues, but Garrett believes OEMs can include an option to disable full certification and authentication to allow users more freedom with what they install on their machines. That could mean users can boot Linux, but not Windows 8. To boot back into Windows 8, the user would likely have to flip on their security switch. Windows 8-certified machines are still about a year off, and it will be interesting to see how OEM vendors work with partners to ensure customers are happy and comfortable with their purchases.
Here’s my spin on this: Other than blocking out alternative operating systems, Microsoft and OEM vendors stand to gain some substantial cash from this lockdown — sort of. Many PCs are often cheaper than Apple alternatives for a multitude of reasons, but one of which is bundled third-party “bloatware.” With the Windows 8-certified machine locked down to reinstall only the OEM-certified version of Windows 8 that shipped with the machine, the bloatware essentially always will be packaged. This eliminates those people who buy super-cheap PCs, wipe them clean, install Linux or their own version of Windows, and extend the “value proposition” of a third party bundling its software with an OEM.
But don’t let all the fear, uncertainty and doubt get to you. Let’s hope for the best, prepare for the lockdown, and see where OEMs and Microsoft take the world with Windows 8. At the very least, it’ll be interesting.
Read More About This Topic
Share This Post
Posted In: hardware | Mobile Technology | Open Source | Sales | Software
Tags: Microsoft
Interact: Add a Comment | Trackback Link | Permalink
Subscribe: RSS Feed
Tags: Microsoft
Interact: Add a Comment | Trackback Link | Permalink
Subscribe: RSS Feed
Don't miss Charlene O'Hanlon's weekly columns...
“Apple Stance”?! Uh, Macs run Windows without issue. This is an attempt to justify locking customers into Windows, and I happen to like being able to multi-boot Linux, DOS, FreeBSD, etc on my computers. In fact, I need Linux for certain tasks. Hopefully some manufacturers will realize that plenty of customers don’t want goofy stickers and actually need the ability to run Windows alongside other operating systems.
Hi TechByTom,
We tweaked the title. Something funny happened on the way to publishing =)
Thanks for reading! I agree, Microsoft is definitely getting a little unscrupulous. I’m hoping — like you — that OEM vendors decide to enable turning off the authentication so you can boot whatever you want. It may be a bit annoying switching that feature back on to boot into Windows, but if you’re not really using Windows to begin with, it’s all good.
Whenever Microsoft institutes a new lock-down (Trusted Computing for a historical example) it’s the customers who follow the EULA to the letter who end up getting hit with the worst of it. They are the ones who will end up buying new machines because of a simple hardware failure. Everyone else will manage a work-around. That will be the carrot and stick for the OEMs.
I wonder how many Linux enthusiasts are going to get burned when they try to go into a store and buy a computer off the shelf running Windoze 8 and find that when when they uninstall Windoze 8 and install Linux that they can’t install linux nor can they get Windoze 8 back on the machine. Oh I will return to the store and they can rtv retun to vendor…NO YOU WONT… you have altered the operating system…you are stuck with a computer that won’t run Windoze 8 and won’t run linux…perfect for a door jam though…
Nice read. Thank you for that article Dave.