During Windows 8 secure startup, Microsoft once explained UEFI (Unified extensible firmware interface), but it has caused many misunderstandings. Red Hat Developer Matthew Garret pointed out that, third-party operating systems, such as Linux, may not be installed on Windows 8 brand authentication machines. in this regard, Microsoft once again elaborated on how UEFI helps the computer to start safely on its official blog today, and dispelled everyone's concerns.
Microsoft said that Windows 8 introduced this security solution to provide consumers with the protection they always wanted, while allowing users to completely and completely control the PC. Windows 8 secure boot is mainly used to prevent unauthorized Boot Loader (OS Loader) from starting in BIOS. UEFI only starts authenticated boot Loader, such as Windows 8, malware cannot use this method to attack users.
Existing boot processes: BIOS starts any boot loader, or even malware
Windows 8 secure startup: UEFI only starts authenticated boot programs
Microsoft Tony Mangefeste said: "Microsoft provides OEM manufacturers with great freedom to decide who to manage security certifications, how to allow consumers to introduce and manage these certifications, and how to manage security boot. We think this is very important. By providing OEM manufacturers with the greatest freedom, consumers can decide how to manage their systems on their own ."
Mangefeste believes that consumers are the ultimate controllers of their PCs. "Microsoft's philosophy is to provide consumers with the best experience. This is the most important thing, and consumers must make their own decisions. We work with our OEM partners to build the most free system for consumers ."
The security key is provided by the OEM's original device manufacturer, and the OEM's firmware update program also includes the vendor's own key.
In addition, OEMs can enable secure boot, or enable users to disable secure boot through UEFI configuration panel, without blocking installation of other operating systems, just like Samsung Windows 8 tablet:
Microsoft summarized the UEFI secure launch as follows:
-UEFI allows the firmware to execute security policies;
-Safe start is a UEFI protocol, not a Windows 8 function;
-UEFI secure startup is part of the Windows 8 secure startup architecture;
-To ensure the security of the Pre-OS environment, Windows 8 adopts secure startup;
-Safe start does not lock loading programs of other operating systems out of the door;
-OEM original device manufacturers can customize their firmware to meet users' needs. They can customize authentication thresholds and policy management on their own platforms;
-Microsoft does not limit or control the PC firmware settings. By setting the PC firmware, it can control any operating system for secure startup, not just Windows.