LINUX WINDOWS
Linux Format|November 2021
Old rivalries have been forgotten and ancient boundaries blurred. Jonni Bidwell investigates this new Redmond-Penguin harmony.
Jonni Bidwell

Back in 2015 Microsoft decided that it loved Linux. It loved it so much that it built a whole Windows Subsystem for Linux (WSL), which enabled Linux programs and development stacks to run natively. The official statement even involved a heart emoji, which we would have reproduced here but putting in-line images in the body text apparently causes alarm bells and wisps of smoke at the printers.

Anyway, heart or no, some people were sceptical of Microsoft’s intentions, with memories of the “Embrace, Extend, Extinguish” mantra and the 1995 Halloween papers still fresh in their minds. But it does really seem like Microsoft wants to accommodate Linux users (well, developers mostly), rather than force a mass defection.

A successor, WSL 2.0, was announced in 2019, which was built around a real Linux Kernel, rather than a Wine-like (or whatever is the inverse of Wine-like) translation layer. So WSL 2.0 brought faster performance, swifter filesystems and increased application compatibility. Back in April this year, an exciting new feature was announced. WSLg, enables graphical tools to run seamlessly on WSL. No need to shoehorn an X server on Windows, no need to redirect PulseAudio – heck, it even works with Wayland. So not only can you run Bash on Ubuntu on Windows (WSL’s working title), you can also run Blender, GIMP and Krita. We’ll see how easy it is to set this up on Windows, how it’s a great way to learn Linux, and how to do some weird and wonderful stuff with it.

Finally, we’ll look at some old and new efforts Linux has made to bridge the divide with its proprietary counterpart. Filesystems, networking, bootloaders. Yes, we’ve broken them all at some stage, but now things are mature and established enough that everything should just work with minor configuration changes.

Platforms, Trusted Platforms and Windows 11

Windows hardware requirements have always promoted confusion, sand this time is no different…

When Windows 8 was announced, there was a concern that Microsoft would use Secure Boot, an optional feature of the then new UEFI (Universal Extensible Firmware Interface), to restrict the installation of other operating systems. Secure Boot only allows booting EFI images that have been signed by a key enrolled in the UEFI. Since almost all hardware ships with a public signing key from Microsoft, it’s easy to see where this concern came from. However, to help Linux distros (or any software that needed its own bootloader) deal with Secure Boot, Microsoft used its magic key to sign a small program (they probably wouldn’t sign something big and complicated) called Shim.

Shim is a first-stage bootloader used by many distros (including Debian and Ubuntu) to launch their own (second stage) bootloaders. Secure Boot works by each stage checking the signature of the following one before executing it, thus establishing a root of trust back to the original signing key. So distributions can embed their own keys into Shim, and have this distro-specific Shim package signed by Microsoft. Shim can then check the GRUB EFI image, signed by the distro key, and boot can proceed. It’s possible to sign kernel images too, as well as subsequently loaded modules and firmware, so if you trust cryptography and the Microsoft Signing Authority, then Secure Boot makes it really hard for malware to be loaded anywhere in the early boot process.

A question of trust

Of course, not everyone’s going to trust Microsoft, or indeed Secure Boot. And that’s okay, because in 2013 when Microsoft stipulated that “Windows 8 Ready” hardware should ship with Secure Boot enabled, it also made the provision that it should be possible to disable it, and also that it should be possible for users to install their own MOKs (Machine Owner Keys) and use them to sign whatever bootloader they wanted, so that ultimate trust (but also ultimate responsibility) lay with the user.

“Windows 10 Ready” hardware was subject to similar conditions, except the requirement that Secure Boot be mutable was reduced to a suggestion. Still, we’ve never come across a single Windows 10 machine where Secure Boot could not be disabled. And if you build your own systems, then you have nothing to worry about. The “Ready” conditions are for OEMs that ship systems with the OS already installed. Now with Windows 11 upon us, it’s no longer Secure Boot clauses that are being scrutinized, but those relating to TPM chips.

Trusted Platform Module (TPM) chips are tiny processors that have a small privileged memory store, which applications can use to store keys, authentication data or anything that they don’t want other applications nosing at or tampering with. Besides some (fairly strict) minimum hardware specifications, for a PC to officially support Windows 11 it must also support TPM 2.0. At the moment, it’s still possible to install Windows 11 via the official ISO if your device doesn’t meet the TPM (or other) requirements, but Microsoft says such installations are unsupported, and may not be privy to security updates further down the line. Indeed, at the time of writing we’ve seen Insider builds of Windows 11 running on a Pi 400, as well as a Nokia Lumia 950XL (one of the last devices to run Windows Phone).

GIVE ME ALL YOUR TPM

TPM chips have been around for most of the past decade. TPM 2.0 was introduced in 2014, and most motherboards from 2016 onwards include one. TPM can be implemented in firmware too (so-called fTPM), at a slight cost to security, since some new Spectre/ Meltdown-type attack could, in “theory”, be leveraged against it. Still, fTPM is good enough for Windows 11’s requirements. You might need to enable TPM via the UEFI (classic BIOS is also not supported), where it goes by so many names that Microsoft made a friendly help page (see https://bit.ly/lxf282-mshelp-tpm2)

TPM is fully supported on Linux, and can be used to secure SSH keys (see http://blog.habets.se/2013/11/TPM-chip-protectingSSH-keys---properly), unlock LUKS encrypted volumes (via systemdcryptenroll or Clevis) or even make Secure Boot even securer (https://threat.tevora.com/secure-boot-tpm-2). There are separate software stacks for TPM 1.2 (TSS aka TrouSerS) and TPM 2.0 (tpm2tools) and there’s a nice summary of both on the Arch Wiki page at https://wiki.archlinux.org/title/Trusted_Platform_Module.

Linux in Windows

Never mind Windows 11, the latest version of the Windows Subsystem for Linux is where it’s at.

Are you part of the slightly sinister-sounding Windows Insiders Program? Have you installed an even more sinister-sounding Preview Build of Windows 10 (at least build 20262)? Then it’s easy to run Linux as part of WSL 2.0: just open an administrator-privilege Windows command prompt and run wsl --install . This also works on Preview Builds of Windows 11. A few clicks and pops and a restart later and you’ll be in business.

Actually the GUI App Support download is pretty large, so now might be a good time to make a cup of tea. On return WSL, Microsoft’s Virtual Machine Platform, their custom Linux Kernel and Ubuntu should all have been downloaded. Other distros are available and one can specify, for example, wsl --install -d Fedora , to install Fedora instead, or additionally if you already have WSL Ubuntu installed. Users of non Preview Builds can either join the Insiders Program and upgrade to one, or follow the manual installation steps below.

Start by firing up Administrator-powered PowerShell, then acknowledging that the command line can get ugly on Windows too, enter the incantation:

> dism.exe /online /enable-feature / featurename:Microsoft-Windows-Subsystem-Linux / all /norestart

This will install WSL 1, at which point you might wish to reboot and play with that. Or you could continue to get the latest incarnation. If you’re not running Build 18362 (check by running winver.exe) or higher (or 19041 or higher form ARM64) you’ll need to persuade the Windows Update Assistant to get you there. To enable WSL 2 we first must enable the Virtual Machine Platform, which requires this doozy of a line to be entered at an Administrator PowerShell:

> dism.exe /online /enable-feature /featurename:Virtu alMachinePlatform /all /norestart

One restart later and you’ll be running the subsystem sequel. To get Microsoft’s latest frankenkernel, download and run the package at https://wslstorestorage.blob. core.windows.net/wslblob/wsl_update_x64.msi. There’s a separate package for ARM devices, so change x64 for arm64 in the previous link if that applies to you. Before we get to installing Linux we need to set WSL 2 as the default version from PowerShell, easy enough:

>wsl --set-default-version 2

Then get ye to the Microsoft Store (https://aka.ms/ wslstore) and install a distribution. The recognisable flavours are all free, but if you’re feeling flush you might want to try the Microsoft Research’s WSL-tailored Pengwin distro, currently on sale for about half of its £16.74 (or 2.5x a copy of LXF–ED) price tag.

Create a standalone account

Continue reading your story on the app

Continue reading your story in the magazine

MORE STORIES FROM LINUX FORMATView All

Zephix 3.0

A fan of portable, modular distros, Mayank Sharma runs across a relatively new one and wonders how it stacks up against his all-time favourite: Slax.

3 mins read
Linux Format
December 2021

Whonix 16

Mayank Sharma is a busy man, but when it comes to privacy and security then, like Louis Armstrong, he has all the time in the world.

3 mins read
Linux Format
December 2021

UBUNTU VS FEDORA

Jonni Bidwell wants to know everything – and he means everything – about the two most popular Gnome-based distros…

10+ mins read
Linux Format
December 2021

SERIAL PERIPHERAL INTERFACE: Driving SPI displays

Let’s go on an adventure into the SPI protocol, LCD displays and model trains with Sean Conway toot-tooting away!

5 mins read
Linux Format
December 2021

Sensor and motor control with the GPIO

Les Pounder shows how we can take Scratch further with a community-developed tool that builds on our Scratch knowledge.

7 mins read
Linux Format
December 2021

LICENCE TO BILL

Jonni Bidwell has been reading licence minutiae and fears big business threatens the future of copyleft and software freedom.

10+ mins read
Linux Format
December 2021

Devuan GNU+Linux

The backlash against Systemd resulted in this sysvinit-friendly distro, now on version 4. Mayank Sharma assesses its progress.

3 mins read
Linux Format
December 2021

AUTOMOTIVE GRADE LINUX

Mats Tage Axelsson shows how open source frameworks and Linux can help navigate you safely to your coding destination.

10+ mins read
Linux Format
December 2021

Atari VCS

Monetising nostalgia should be an easy win for Atari so Matt Safford can‘t believe it’s created another E.T.

3 mins read
Linux Format
December 2021

How To Create Efficient Backups

Backups aren’t just a safety net for Trekkies such as Shashank Sharma, but a way of life. But they can take up quite a lot of space if not done right…

6 mins read
Linux Format
November 2021
RELATED STORIES

MicrosoftOneDrive Is Ditching Windows 7, 8, and 8.1

The cloud storage platform will drop support for older versions of Windows in early 2022.

1 min read
PC Magazine
December 2021

WHAT WORKS FOR ME: WINDOWS OF OPPORTUNITY

Microsoft CEO Satya Nadella functions in a daily pressure cooker of high stakes. Here’s how he finds balance amid the ever-evolving environment of big tech. as told to CHARLES THORP

2 mins read
Men's Journal
November - December 2021

AUGMENTED REALITY PROJECT BRINGS OLYMPICS BIRTHPLACE TO LIFE

What would it be like to walk around the ancient religious sanctuary of Olympia when the Olympic Games were held?

3 mins read
Techlife News
13, November 2021

HOW TO USE SNAP LAYOUTS IN WINDOWS 11

Windows 11 may be better known for its centered taskbar and rounded window borders, but the new Snap Layouts feature (sometimes also called Snap Assist) might be a more useful UI innovation. Windows, as its name implies, has long been excellent at managing and rearranging program windows, but Snap Layouts elevate the operating system (OS) to the next level.

4 mins read
PC Magazine
November 2021

CAN MY PC RUN WINDOWS 11?

With rounded corners for all windows, relocated taskbar icons, and more elegant Settings dialogs, Windows 11 is a significant visual refinement of Windows 10. It’s also a free update, which means you’re probably keen to install it on your existing PC.

5 mins read
PC Magazine
November 2021

HOW TO SET UP AND CUSTOMIZE YOUR WINDOWS 11 INSTALLATION

The Windows 11 setup process is similar to that of Windows 10, but there are a few surprises when it comes to account access, privacy, security, and other features. And installing the new OS is only half the battle. Afterward, you have to go through a host of setup screens to customize and configure Windows 11 the way you want it.

5 mins read
PC Magazine
November 2021

Microsoft Offers TPM 2.0 Bypass to Install Windows 11 on Unsupported PC

For months, Microsoft has been telling customers that Windows 11 requires your PC to have a special security chip called TPM 2.0—but you can actually skirt the restriction. Ironically, the company itself posted official guidance on its website detailing how to circumvent the TPM 2.0 requirement.

1 min read
PC Magazine
November 2021

Microsoft Windows 11: A Radically Modernized Design

Many people thought there would never be a Windows 11—understandably, after Microsoft announced in 2015 that Windows 10 would be the operating system’s last version number.

10+ mins read
PC Magazine
November 2021

How to make Windows 11 look like Windows 10

Windows 11 gives Microsoft’s operating system a bold new look, but you can still make it feel (mostly) familiar.

5 mins read
PCWorld
November 2021

How to upgrade to Windows 11: Every option explained

Microsoft has several tools to upgrade you from Windows 10 to Windows 11 in a matter of minutes.

8 mins read
PCWorld
November 2021