Secure Startup: Microsoft in Your Motherboard - What Secure Startup Wrecks
(Page 3 of 4 )
There are a lot of questions about what Secure Startup will allow and what it won't. Linux users are understandably wary of this technology. Would Microsoft and the other members of the Trusted Computing Group design a system that doesn't allow Linux to load since the hardware is looking for Windows? I'm sure Microsoft would smile at the idea, but it's not likely they would do this. Besides the legality of blocking competitors, Microsoft probably wants to stay on good terms with companies that use Windows desktops and open source servers.
More concerning though is whether this feature will interfere with systems that dual-boot both Windows and Linux. This feature will not necessarily bother dual loading programs; the dual loader will be accessible as it is on the Linux partition, and the SYSKEY should not be necessary unless loading Windows. Linux should boot fine, but the Windows disk will be entirely inaccessible. If booting Windows, it will go through the authentication process with the TPM and probably gain the SYSKEY to unlock itself. The only thing that would stand in the way is whether or not the authentication would be denied for having a boot loader in the startup. If not, remember that Secure Startup can be turned off.
Managing computers will become a bit more difficult to manage. Microsoft really had to make this feature optional; otherwise upgrading and troubleshooting computers would become nearly impossible. As it looks now, people who want the feature are going to need to remember to deactivate it before changing hardware around, especially hard drives and motherboards, and to reactivate it once the system is done changing. Pulling a drive out and putting into another computer for a virus scan or to move over files will require performing that extra step. Giving away a drive or installing a new one will require a little extra work too. Booting changed computer will fail if users forget to do this, which would force them to change all the hardware back to the original state and start over.
The real problem areas arise from hardware failures. Motherboards die sometimes, or they can cause problems that prevent the operating system from loading or functioning stably. With Secure Startup activated, this could be devastating. Say the motherboard completely goes while the feature was activated. The only place that SYSKEY exists is in the unusable motherboard, so your Windows disk may be unbootable unless you wipe the drive clean and start all over. This would be devastating to anyone that has anything on their hard drive that they're attached to. And if Microsoft made a fix-it tool for extracting the SYSKEY from the TPM, it would negate the purpose of the entire Trustworthy Computing project. Anyone who would be vaguely troubled by losing all their data should consider opting out of this feature.
For corporate networks, this may be a different issue though. Microsoft says, "Recovery passwords and keys can be stored in the Active Directory. Therefore, users can call their corporate helpdesk or administrator who has recovery key access for assistance with system reactivation." General computer or laptop users will not have this sort of helpdesk support as their keys and passwords will be stuck only in the TPM. This makes Secure Startup more reliable for large networks granted that they are using Microsoft's Active Directory, part of the Windows Server. If Active Directory is in fact the only option, this is one of the concerns that NGSCB opponents fear; users might be coerced into a less competitive market in order to run a system properly, since Microsoft will probably only allow a limited number of programs be trustworthy.
Next: What Microsoft Wants >>
More Motherboards Articles
More By Developer Shed
