See also: Unified Extensible Firmware Interface#Secure boot and Hardware restrictions#Windows 8
Windows 8 supports a feature of the UEFI specification known as "Secure boot", which uses a public-key infrastructure to verify the integrity of the operating system and prevent unauthorized programs such as bootkits from infecting the device.
Despite the security benefits of the feature, Microsoft faced criticism (particularly from free software supporters) for mandating that devices receiving its optional certification for Windows 8 have secure boot enabled by default using a key provided by Microsoft. Concerns were raised that secure boot could prevent or hinder the use of alternate operating systems such as Linux. In response to the criticism, Microsoft developer Tony Mangefeste stated that "At the end of the day, the customer is in control of their PC. Microsoft’s philosophy is to provide customers with the best experience first, and allow them to make decisions themselves."
Microsoft's certification requirements eventually revealed that UEFI firmware on x86 systems must allow users to re-configure or turn off secure boot, but that this must not be possible on ARM-based systems (Windows RT). Microsoft faced further criticism for its decision to restrict Windows RT devices by using this functionality, despite it being consistent with other consumer electronics with similar protection measures. No mandate is made regarding the installation of third-party certificates that would enable running alternative software