Windows 8 Secure Boot Can’t Be Disabled on ARM Devices

Users of non-ARM Windows 8 machines will have the option to disable it

By on January 16th, 2012 12:40 GMT

Windows 8 is the first version of Microsoft’s platform that brings along support for touchscreen displays and offers optimizations for tablet PCs.

The platform will arrive on the market before the end of the year, and will be loaded on Intel-based devices.

Next year, however, we should see Windows 8 loaded on ARM tablet PCs as well, the first time a Windows version will offer support for this architecture.

Windows 8 ARM machines will be different from x86 ones, it seems, both in terms of hardware and specific capabilities.

For example, they will not allow users to disable the Secure Boot feature that Microsoft unveiled for Windows 8 a while ago.

With Secure Boot enabled, users would not be able to load a different platform on their devices, unless OEMs provided them with the possibility to easily disable the feature.

The idea is that a signed key will be required for the OS to boot, which was designed to keep users safe from bootloader attacks.

On non-ARM devices, however, it will be possible to turn off Secure Boot, Microsoft's latest hardware requirements, published in December 2011, show.

“On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup,” the document reads.

“A physically present user must be allowed to disable Secure Boot via firmware setup without possession of Pkpriv. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services must not be possible.”

When it comes to ARM devices, however, things appear to be different. The said document clearly says that Secure Boot can't be disabled on these devices: “Disabling Secure must not be possible on ARM systems.”

Things are so even if Microsoft claims that it “does not mandate or control the settings on PC firmware that control or enable secured boot from any operating system other than Windows.”

One way or the other, Windows 8 ARM tablets won’t be the first devices to feature locked bootloaders. Today‘s Android-powered tablet PCs arrive on shelves in a similar state and they are powered by ARM processors.

Google’s Android OS is open source and Microsoft’s Windows 8 isn’t. This means that the Redmond-based company can impose certain policies for devices powered by its platform, though it’s interesting to see that these differ for x86 and ARM.

Comments