When Windows 8 was being launched Microsoft imposed a few restrictions on OEMs who wanted to display the “Designed for Windows 8” stickers on their products. The OEMs had to ensure that their machines would support UEFI Secure Boot. While this is a good security feature it brings all sorts of problems for people who want to run alternative operating systems like Linux or FreeBSD. Microsoft included a solution as well which eased fears. OEMs were obligated to build a user accessible switch which could turn Secure Boot off, thus allowing them to run alternative operating systems. Windows 10 brings its own set of rules.

UEFI Secure Boot protects the machine against malware that can interfere with the boot process and inject itself at a low level. When this feature is enabled correct cryptographic signatures are required by the core components that will boot the computer. UEFI firmware will verify the signatures before it allows the boot process to proceed.

If it detects that files have been tampered with and their signatures have been broken the UEFI firmware will not allow the system to boot. In Windows 8 users could turn this security feature off or they also had the option of adding their own cryptographic certificates and signatures so that they could take advantage of Secure Boot while having the freedom to compile their own OS.

Microsoft talked about the hardware requirements for Windows 10 at the WinHEC conference in Shenzhen, China and while the specs haven’t been finalized as yet, which means that the possibility exists that they can be changed, the company did reveal that it is now optional for OEMs to include the switch that allowed users to turn Secure Boot off.

If an OEM decides to not include the switch the people who buy its “Designed for Windows 10” products will not be able to run alternative operating systems, assuming if users aren’t not even allowed to add their own signatures or certificates, Microsoft is silent on that for now.

Filed in Computers. Read more about and . Source: arstechnica