Microsoft has provided more information regarding its plans for secure boot support in Windows 8, responding to concerns that the move might block users from dual-booting Linux or older versions of Windows. In a nutshell, the company explains that it is simply taking advantage of UEFI to protect against boot loader attacks, and that it supports OEMs having the flexibility to decide whether users can manage security certificates and/or disable secure boot.
Microsoft does require computer manufacturers conforming to the Windows 8 logo program to ship their devices with UEFI and secure boot enabled. So in other words, as speculated yesterday, there are no guarantees that OEMs will give users with the ability to disable secure boot or the option to run unsigned code on their systems -- nor there is any indication of the contrary at this point. In fact, Microsoft notes that the Samsung tablet distributed at the BUILD conference with Windows 8's Developer Preview release allows for secure boot to be easily disabled.
Red Hat developer Matthew Garrett, whose postings originally raised the issue, responded to the clarification saying, "Microsoft's rebuttal is entirely factually accurate. But it's also misleading." According to Garret, the equipment manufacturer is under no obligation to provide users with the ability to disable secure boot. That difference between supporting OEMs having the flexibility to include this option and mandating it on Windows 8 machines is a big one.
Beyond the use of third-party OSes, he argues that the approach might also hamper the ability of users to upgrade components such as graphics cards, because there is no requirement to provide the user with the capability of installing additional keys. "Microsoft claims that the customer is in control of their PC. That's true, if by customer they mean hardware manufacturer," he adds. Garrett makes some valid points but for now it's hard to know how things will play out. The concern is that if OEMs can cut costs by cutting the option to disable secure boot then some probably will.
For users who will want to dual-boot another OS on their Windows 8 machine, or plan to upgrade certain components down the road, it would be wise to do some research on this before buying.