Is it all really worth it?
Many Linux lovers are worried that Microsoft’s new Secure Boot technology will make it more difficult to get the open source operating system onto machines that originally ship with Windows 8. But Linux founder Linus Torvalds believes that the complaints are overblown. The bigger issue, he says, is that Secure Boot can be hacked.
Microsoft has set up a system in which encryption keys are needed to secure communication between the operating system and the machine’s firmware, the embedded software that talks to its hardware. “The real problem, I feel, is that clever hackers will bypass the whole key issue,” Toralds tells ZDNet.
When Microsoft first unveiled its unified extensible firmware interface, or UEFI, many complained that it would keep Linux off of machines that originally ship with Windows 8, due to officially arrive this fall. But since then, Linux distributor Red Hat and others have worked to massage the technology so that third party OS’s are accommodated. Essentially, Red Hat and other OS makers must distribute their own keys to firmware makers, and in order to do so for Linux distros such as Fedora, they must pay a one-time $99 fee to VeriSign, which helps distribute the keys.
Some are still concerned that this will put Linux at a disadvantage, but Torvalds thinks they should lighten up — at least a little. “I’m certainly not a huge UEFI fan, but at the same time I see why you might want to have signed bootup etc. And if it’s only $99 to get a key for Fedora, I don’t see what the huge deal is,” he tells ZDNet.
But he believes that Secure Boot could be vulnerable. He argues that hackers will either find a way to get the right keys — “how many of those private keys have stayed really private again? Oh, that’s right, pretty much none of them,” he says — or they’ll take advantage of security bugs so that they can get in with no keys at all.
George Hotz, the man who cracked Sony’s attempts to keep third party operating systems and unlicensed games off of the PlayStation 3, sees Torvalds’ point. But he downplays the issue. “Overall, I don’t see it as the sky is falling,” he tells Wired.
He takes the wider view that secure boot is just one of so many ways Microsoft is trying to keep Windows relevant in a world that’s moving elsewhere. “I think Windows 8 is a last ditch attempt by Microsoft to try to cling to ownership of the dominant API that they lost when the Web rose to prominence.”
Matthew Garrett — a Red Hat engineer who has worked closely with Secure Boot — believes it’s just a matter of time before the technology is hacked, but he believes that Microsoft will ultimately keep hackers at bay. “Yes, Secure Boot will be broken,” he says. “And then it will be fixed. And after this happens a few times, there will be no further breaks.”
He also says that hackers are unlikely to secure legitimate keys by pretending to be an operating system vendor such as Red Hat. “Secure Boot is unlikely to be broken via fundamental flaws in its implementation, and there’s no evidence that public availability of the signing service will result in an explosion of boot level malware.”