# Windows Surface RT ?

## remix

i hear that this device is unable to have any other os installed on it due to the secure boot feature. 

has anyone here had any success bypassing the UEFI on this tablet?

----------

## Ant P.

Yes, the ARM versions basically have DRM in the firmware to lock you into windows. The only solution is to not buy them, or return them as defective if you have.

----------

## tlhonmey

Theoretically you can get a loader signed by Micro$oft for just a few hundred dollars.  They may or may not be doing it for ARM, and they won't sign anything released under an open source license, so you'll have to write your own bootloader.  Also, The Linux Foundation has been trying to get it done for months without any success.  They keep running into "technical difficulties."

Don't worry.  As soon as Windows 7 is out of support, they'll likely be applying the same policies to x86_64.  (Windows certification for ARM requires that the hardware be locked so that only Micro$oft can sign bootloaders.  They can't do that for x86 due to legacy products.)

----------

## RazielFMX

 *tlhonmey wrote:*   

> Theoretically you can get a loader signed by Micro$oft for just a few hundred dollars.  They may or may not be doing it for ARM, and they won't sign anything released under an open source license, so you'll have to write your own bootloader.  Also, The Linux Foundation has been trying to get it done for months without any success.  They keep running into "technical difficulties."
> 
> Don't worry.  As soon as Windows 7 is out of support, they'll likely be applying the same policies to x86_64.  (Windows certification for ARM requires that the hardware be locked so that only Micro$oft can sign bootloaders.  They can't do that for x86 due to legacy products.)

 

You are a bit off base. ARM doesn't make chips; its an intellectual property firm that puts forth design specifications for an architecture. Of course the ARM chips manufactured by (via contract) Microsoft are locked into Windows, just like the A7 is locked into iOS (which is also ARM under the hood). The x86_64 architecture chips (Intel/AMD) are made my manufacturers for general purpose computing. Should Intel start make chips specifically for Microsoft your claims might hold some water, however, this would not be cost effective given the volume of chips Intel produces that are not used by Windows desktop/servers.

Currently, UEFI requires cert chains signed by Microsoft. UEFI is replacing BIOS. No hardware manufacturer is going to lock their bootloader to Windows only. Do you really think a corporation like Dell or HP that make a killing off of selling x86_64 servers with RHEL are going to anger their deep pocket corporate clients by informing them they have to run Windows?

Further reading about ARM:

http://en.wikipedia.org/wiki/ARM_architecture

http://www.arm.com/

----------

## tlhonmey

I never meant to imply that ARM was a chip manufacturer.  It's a chip architecture.  And the processor chip itself isn't locked to anything;  that functionality is handled by the firmware that gets loaded from flash when the system is powered on.  ARM and x86_64 use different sets of signing keys from Microsoft, so something signed for one won't be recognized by the other. (not that it would run if it was...)

According to the specification documents I've read, currently, if you are a computer manufacturer and you want your ARM-based board to be listed as "Windows Certified" It must boot only bootloaders signed by Microsoft, and there must be no way for the end user to change that.  Microsoft offers to sign bootloaders for approximately $100 a pop, but their terms forbid submitting for signature anything distributed under an open source license, and, so far as I know, the program only applies to x86_64.  Additionally, the Linux Foundation's efforts to get a signed bootloader usable for dual-boot systems have not yet met with success. There may be a similar option for ARM architecture signatures, but I cannot find any details one way or another.

Currently, Microsoft can't push such a draconian policy to x86_64 because they are still selling/supporting Windows 7 and Vista.  However, once those drop out of support, it will not surprise me if they make this kind of signing requirement their policy for all architectures.  It won't bother Dell or HP because, like I said, it's not the processor itself that sets the restrictions.  The difference is in the firmware.  HP and Dell will just put different firmware on different models (which they do anyway): One for the Windows Certified ones that prevents them from running anything else, and one for the non-certified machines, which may or may not be capable of running Windows.

----------

## destroyedlolo

And they (constructors) will be happy with that as all 4 or 5 year old computers will have to go to the trash / recycling, users will have to buy new one only because :

their disks will be deadly fragmented, OS will need to be reinstalled

 the original "os" will not be available anymore (no re-installation media is provided with new PC),

 the hardware will be too slow for the last redmon s**t and not able to run alternate OS that is more resources friendly !

Dell is already playing this game with low end system like SX260 which is has strictly no way to enhance its original hardware.

----------

