Microsoft’s latest hardware certification requirements will make it tricky for Windows 8 ARM machines to boot into alternative operating systems. Microsoft is preventing ARM system builders from disabling a controversial Secure Boot feature that requires signed keys to allow operating systems to boot. Designed to prevent bootloader attacks for Windows 8, Secure Boot will also block other operating systems (including older versions of Windows) from booting correctly without assistance from an OEM. The technology generated a lot of negative press for Microsoft several months ago; after the company insisted that system builders enable it on Windows 8 PCs.
The majority of criticism died down after Microsoft revealed OEMs could provide an easy method for end users to disable Secure Boot, in order to load alternative operating systems such as Linux. However, Microsoft’s latest hardware requirements, published in December 2011, indicate that Secure Boot cannot be disabled for Windows 8 ARM systems. The requirements contradict Microsoft’s previous statement that the company “does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows.”
The Software Freedom Law Center has voiced its concern over Microsoft’s requirements, and the Free Software Foundation previously urged computer makers to implement an on-off switch for the Secure Boot feature — both are critical of Microsoft’s approach to Secure Boot. It’s not clear why Microsoft is treating ARM differently to x86, but some Android smartphone makers have attempted to lock down their own bootloaders previously, while Windows Phone and iOS devices are always sold locked down. Unlike Google, Microsoft licenses its operating systems and is free to dictate terms such as Secure Boot. We would prefer to see the company keep a consistent approach across ARM and x86, though, not least because of the number of users who’d love to run Android alongside Windows 8 on their future tablets.