Linux Foundation finds Workaround for Windows8 Secure BootMicrosoft is pushing its hardware vendors to adopt replace traditional BIOS with a little something they cooked up, called SecureBoot. The idea is purportedly to make sure that the operating system being installed is valid, having a signature that checks out. But it has a nasty side effect: Linux distributions, whether traditional or Android, can't get these certificates, and therefore can't be booted on machines with SecureBoot.
Linus Torvalds, Aalto Center for Entrepreneurship (ACE)
That wouldn't be much of a problem if this was an optional feature, but Microsoft is requiring it on all ARM tablets. X86 manufacturers can choose to disable it, but let's be honest: X86 has been losing ground to ARM as we move away from the desktop. This means that any Arm Windows 8 machine will only be able to run Windows 8, period. Not exactly a great situation.
Thankfully, the Linux foundation has found a workaround until a more permanent solution can be found. You use Microsoft's own signature to sign your Linux distribution.
Right now the solution is hacky at best, but you can expect that it won't stay that way. Already the major Linux manufacturers are creating their own solutions to the problem, each one tackling it in a slightly different way.
In all likelihood, SecureBoot was designed with no ulterior motives. Very rarely do you need to run code before the operating system unless you are using an alternate bootloader, and that was the vector that rootkits used to infect machines. SecureBoot will essentially neuter rootkits, plugging one of the most frightening loopholes in computer security.
Still, it isn't hard to look at SecureBoot as a move to lock in consumers. Considering it is only forced on ARM tablets, my first thought was that this was a ploy to block Android from being installed on these machines.