During WinHEC (Windows Hardware Engineering Conference), Microsoft announced that PCs with Windows 10 and UEFI must ship with Secure Boot enabled by default. Secure Boot is a feature to protect PCs from malware which can infect the OS boot loader to load itself at the earliest stage of booting. What Secure Boot does it allows only a Microsoft-verified / signed boot loader to be used. So boot loaders that are not signed can no longer boot other operating systems like Linux. With Windows 8, Microsoft had not mandated that Secure Boot be enabled by default. With Windows 10, now hardware manufacturers (OEMs) must enable it by default if they want Windows logo certification, and it is up to the OEM to decide whether they even want to give you the ability to disable Secure Boot. This is an extremely alarming situation as you can potentially be locked out of using other operating systems thanks to Microsoft. Here is what you should do to avoid this.
In case of Windows 8.x, OEMs were not required to sell Windows 8 logo certified PCs with Secure Boot enabled. They were free to disable all boot security restrictions.
Users who want to install an alternative OS on a Windows 10 Secure Boot-enabled computer will have to use a special UEFI bootloader, signed by Microsoft. Alternatively, developers of the "alternative" bootloader need to contact the hardware vendor directly to ask them to include a special digital key to allow their bootloader to be loaded properly.
If at any point in time, Microsoft changes their mind and discontinues their boot loader certification program, you are screwed. Also, this gives Microsoft full authority over which OSes you can install on your hardware.
Being a Linux user, I am certainly not happy with these changes as these go against the spirit of freedom that free software offers. At this moment, ALL my PCs are running Linux. Workstations and laptops run Arch Linux (which is the best Linux distro, IMHO) and servers are running Debian. There is only one PC which has Windows 8.1 in a dual boot configuration, which I use to develop my freeware for you in order to make your Windows experience better.
What is the solution?
I see no solution to this other than to be careful while purchasing a new PC. Choose your laptop or desktop OEM carefully - choose one that allows you to disable Secure Boot. If you assemble your own desktop PC, make sure your motherboard OEM allows disabling Secure Boot.
In the worst case, I believe that all hardware can eventually be locked to run only Windows 10 and we will lose the ability to install Linux. I am looking forward to projects like CoreBoot (which is an alternative UEFI BIOS firmware) and CubieTruck (open hardware). However, they will always lag behind the mainstream UEFI BIOS firmwares in terms of hardware compatibility. CubieTruck is in fact an ARM-based SoC. While it can be used for lightweight tasks like writing this article for Winaero, it will not run virtual machines and is very limited in performance. Welcome to a brave new world.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
Hi Sergey,
Thanks for the heads up! I love Linux (Flavor: Ubuntu) and see this is as a bad/wrong decision but again I am sure hot heads outside M$ will come up with something double evil to counter the above. :)
I have no such optimism
It seems strange to me, that you use Linux all the way, and this site is all about tweaking Windows…
Ok.
I am not saying is not true… :)
I believe it’s true, but just seems strange to me :)
Anyway, keep the good work. I love this site and the free tools, that make Windows much better.
Good. Who would want to install Linux trash on to their computer?
I think that’s terrible. I recently bought a laptop that came pre-installed with Windows 8.1 64 bit which I did not want because I like 32 bit. But I was able to install Windows 7 as I disabled secure boot. But if the option to do this is taken away we won’t be able to. That is wrong.
Not everyone wants to use Windows 10 or the latest OS that comes with the PC. So you won’t be able to downgrade to Windows 8, 7 or even do a clean install of Windows if this restriction happens. So what are we suposed to do if for any reason we need to reinstall Windows?
Now Windows just got WSL (Windows subsystem for Linux), which helps us to run Linux terminal and bash right on Windows.
If you guys hadn’t tried out yet, why don’t you give it a shot?. It is now available in recently versions of Windows.
P/s: You can try it without turning off Secure boot. And, you can install VcXsrv optionally to have a desktop environment in it.
Update: Windows 10 2004(19041.208) now have a full Linux kernel in WSL 2.0.