updated 11:55 pm EDT, Thu September 22, 2011
Microsoft says Windows 8 secure boot non-issue
Microsoft's Tony Mangefeste in a response to early adopters tried to calm down fears that Windows 8 might be used to shut out Linux or competing operating systems. After Red Hat engineer Matt Garrett worried that the UEFI firmware's secure boot feature could be used to exclude non-official operating systems, Sinofsky stepped in to clarify that it was part of the spec and not Microsoft's policy. The code is also an optional policy that, even when active, could still let someone install another OS without a flag preventing the new OS from running.
PC builders can both set which party has control over the security certificates used to greenlight an OS as well as letting customers load certificates themselves.
Secure booting is designed to prevent against viruses and other rogue code that would execute before the OS itself has actually started, compromising Windows or any other platform before it has had a chance to raise defenses. Traditional BIOSes, such as those still used on many Windows PCs, aren't complex enough to check for a certificate on startup and can easily let through such attacks. In addition to white lists of known good operating systems, they can also watch for blacklisted code and stop it from loading.
Microsoft's policies on UEFI still leave concerns. As the company requires UEFI to get a Windows 8 certification sticker but doesn't have a rule mandating support for other operating systems, officially approved PCs could be limited to running Windows only if the PC builder doesn't want or care about the policy.
Pushing UEFI is a form of catch-up for Windows. Apple has had regular EFI since 2006 so that it could recreate and move beyond the features of PowerPC's Open Firmware when it switched to Intel. The Mac producer has accommodated loading Windows from EFI since the outset through Boot Camp.