Linux Distros Won't Run On Microsoft's Education-Focused Windows 10 S OS

Reader BrianFagioli writes: I was sort of hopeful for Windows 10 S when Microsoft made a shocking announcement at Build 2017 that it is bringing Linux distributions to the Windows Store. This gave the impression that students using the S variant of the OS would be able to tinker with Linux. Unfortunately, this is not the case as Microsoft will be blocking Linux on the new OS. In other words, not all apps in the store will be available for Windows 10 S. "Windows 10 S does not run command-line applications, nor the Windows Console, Cmd / PowerShell, or Linux/Bash/WSL instances since command-line apps run outside the safe environment that protects Windows 10 S from malicious / misbehaving software," says Rich Turner, Senior Product Manager, Microsoft. Tuner further explains, "Linux distro store packages are an exotic type of app package that are published to the Windows Store by known partners. Users find and install distros , safely, quickly, and reliably via the Windows Store app. Once installed, however, distros should be treated as command-line tools that run outside the UWP sandbox and secure runtime infrastructure. They run with the capabilities granted to the local user -- in the same way as Cmd and PowerShell do. This is why Linux distros don't run on Windows 10 S: Even though they're delivered via the Windows Store, and installed as standard UWP APPX's, they run as non-UWP command-line tools and this can access more of a system than a UWP can."

Re:as a workaround

[maestroX]

when managing multiple machines in education, just pxe boot (https://help.ubuntu.com/community/DisklessUbuntuHowto)

Re:Windows S O S

[green1]

It took you a month 10 years ago, today it would only take a minute, I can't believe the improvements to Linux since I switched completely back around 2000

Linux is far easier to use than Windows, and it "just works", no fiddling with drivers, no searching for codecs, you just use it. Every time I have to sit down in front of a Windows machine for any reason I cringe, they're slow, unintuitive, and incredibly difficult to configure to do what you need. I don't want to spend hours trying to figure out how to do the simplest tasks, I just want it to work.

Everyone who claims Linux isn't the alternative either:
- has never tried Linux
- last tried Linux in the mid '90s
- is a paid shill for MS
- is part of an extremely tiny minority of users who uses one of the very few applications that refuse to run on Linux and have no practical alternative (and even most people who think they belong to this group don't as their app has a replacement in Linux that they haven't been willing to consider, or runs just fine in wine)

Re:as a workaround

[KiloByte]

There's one small detail here, though: there are two keys: one, the "Microsoft Windows Production PCA" is used to sign Windows only, while the other, "Microsoft Corporation UEFI CA" is the one they for antitrust reasons "kindly" allow certain biggest distributions to be signed with. Inclusion of the former is mandatory, while the other OEMs merely "should consider including".

Doesn't sound that ominous yet? Then recall what the way Windows is sold: there's a ridiculously high official price no one pays, and "volume discounts" every single mainstream PC maker gets, negotiated under strict non-disclosure. You can bet that when the time is ripe, all the makers will suddenly fail to include the UEFI CA key (as losing the volume discounts would effectively put them out of business).

And even while the UEFI CA key lasts, you lose the main reason to use Linux rather than some proprietary kernel: there's no way you can edit the kernel, install a non-distro version, build your own modules, etc. You no longer can insert unsigned modules, kexec an unsigned kernel, use a number of facilities that could be used to gain control over your own machine.

And what's the gain for you? Precisely nothing! A thief can still install Windows on a stolen machine, someone who wants your data can boot Windows (or, for now, one of the "blessed" distros). The UEFI CA doesn't sign particular kernel builds but distro signing keys, so you can be assured every three letter agency of US, Russia, China and any other country Microsoft wants to sell their software in do have such a signing key. Thus, the malware the thugs use against your machine on the border will also boot fine.

Ie, "Secure" Boot is strictly negative for you unless you can remove all keys not under your control.