Microsoft defends Windows 8 walled garden for ARM

Rich Fiscus
9 Feb 2012 18:23

In a new blog post about WOA (Windows On ARM) Steven Sinofsky said user's will be limited to running software distributed by Microsoft. Sinofsky heads Microsoft's Windows and Windows Live Division.
This revelation comes in the wake of speculation about whether WOA would be limited to the new Metro UI and why they won't let users turn off Secure Boot on ARM tablets. Metro UI is the touchscreen oriented UI originally developed for Windows Phone. Secure Boot is a BIOS security feature which prevents unauthorized code from running before the OS begins loading.

Sinofsky gave a number of arguments for controlling the software which will run on WOA. He started by talking about code written for the x86/x64 architecture found in traditional PCs. "WOA will not support any type of virtualization or emulation approach," wrote Sinofsky, "and will not enable existing x86/64 applications to be ported or run."
He claims this is because emulation and virtualization would result in poor performance and potential system instability. In addition, he said they wanted to ensure ARM tablets would never require a mouse or keyboard.

This does not mean WOA won't include the standard Windows Desktop Environment. In fact, Microsoft will be bundling a new version of Microsoft Office, which runs on the desktop, with every copy of WOA. There will also be desktop versions of standard Windows components like File Explorer and Internet Explorer.

The prohibition against porting standard Windows programs to WOA would be meaningless without a way to restrict software installation. Synofsky's describes this as a security measure:

Our focus on delivering a new level of security for consumers using WOA is paramount. In one public event, we were asked if we would ?make it easy for existing viruses and malware to run.? Now you can see the answer is decidedly, ?no.? In fact, WOA only supports running code that has been distributed through Windows Update along with the full spectrum of Windows Store applications. As we all know, security is an industry-wide, multi-dimensional challenge and no system or platform can make broad claims without considering many factors.

In other words, WOA has a walled garden like Windows Phone, the iPhone, and the iPad. You will not be able to run programs unless they are approved and distributed by Microsoft. Presumably the exceptions already announced for licensed developers and corporate IT departments will apply.

Sinofsky only mentioned boot-time control in passing in a short section about UEFI firmware, and he avoided the words Secure Boot entirely. UEFI firmware is what provides Secure Boot capability. It is required for Windows 8 Hardware Certification, but OEMs are allowed to give users an option to disable it on traditional x86 PCs. Not only is that not allowed for WOA tablets, he says Microsoft is providing their own firmware to OEMs and updating it via Windows Update.

In fact, it seems their control over ARM hardware is extensive. According to Synofsky:

Microsoft?s role in this partnership is to deliver a Windows operating system that is tuned to this new type of hardware, new scenarios, and new engineering challenges. Our goal is to make sure that a reimagined Windows delivers a seamless experience from the chipset through firmware, through hardware, through the OS, through applications, and ultimately to the person interacting with the PC. This is a new level of involvement that brings with it a new level of engineering work across all of the parties involved. This new approach is about delivering a unique combination of choice, experiences, and a reliable end-to-end experience over the life of the PC.

This may sound familiar. It's essentially the same approach Microsoft has taken with Windows Phone. He even provided some specifics about how far their influence extends. They are working closely with Nvidia, Qualcomm, and Texas Instruments on processor design.

He also presented a weak argument that ARM processor design invalidates complaints about Secure Boot preventing users from installing another OS:

The approach taken by ARM Holdings, the licensor of ARM products is, by design, not standardized in this manner?each device from each manufacturer is unique and the software that runs on that device is unique. There is of course a standard instruction set and CPU architecture, one that is always improving (for example, adding 64-bit support and multiple cores), but many of the connections between the CPU and other components are part of the innovation each licensee brings to the ARM platform. Commonality across devices can occur under the hood, but is not applicable or significant to consumers. End-users are technically restricted from installing a different OS (or OS version) on a device or extending the OS, so this is generally not possible, and rarely supported by the device maker. Device makers work with ARM partners to create a device that is strictly paired with a specific set of software (and sometimes vice versa), and consumers purchase this complete package, which is then serviced and updated through a single pipeline. The cross-partner, integrated engineering of these embedded devices is significant. In these ways, this is all quite different than the Windows on x86/64 world.

Obviously installing another OS on a WOA tablet would require a lot of development work. But implying it's not possible is simply dishonest. We've already seen it happen with the ongoing project porting Android to the HP TouchPad.

More importantly, he avoids talking about the other impact of Secure Boot. It blocks the easiest path for bypassing WOA's software installation control. It's exactly what Secure Boot is designed to prevent, except that it's assumed to be done on behalf of the user, not the OS vendor.

Sinofsky's points out a number of technical differences between ARM and x86 which are certainly true. On the other hand, that doesn't change the fact the biggest differences between x86 and ARM versions of Windows 8 are options chosen by Microsoft.

Since the introduction of Windows Phone, Microsoft has been trying to create a mobile ecosystem to compete with Apple. They set tight hardware restrictions to control the user experience and attract developers. They created a walled garden to become a middleman for app and content sales.

With WOA they seem intent on duplicating that environment for tablets. Clearly they believe that approach, along with supporting a subset of Windows software, will replicate the iPad's success. Maybe they're right, but it hasn't worked for Windows Phone yet.

And perhaps there's another obstacle they aren't considering. With the power and performance improvements Intel has made to their Atom processors, we could see x86 tablets which have all the capabilities of WOA devices, but can also deliver the Windows experience people have come to expect.

Before they can compete with the iPad, Microsoft may lose to themselves.