mbohets wrote:In the mint7 blog I read: Edit by Clem: No, it won’t support secureBoot
I've not read the referenced blog (you've provided no link), and I have no inner knowledge of the Mint developer's intentions on this score, so I can't really comment on that. I do know that, the last I checked (Mint 16, IIRC), Mint shipped with the boot loaders and kernels from Ubuntu, which do
support Secure Boot; but many people (myself included) have had more trouble getting them to work on a Mint installation than on an Ubuntu installation. I haven't investigated this in depth, though; it could be there's some simple tweak to get it to work better in Mint than in Ubuntu. In the meantime, though, if you need Secure Boot, it's better to stick with Ubuntu (or switch to Fedora) than to use Mint.
This seems strange, as new PCs all come with the new UEFI secureboot thing which is mandatory to use W8, so I wonder what could be the reason for not supporting this feature ?
I can't speak for the Mint developers, but it's probably a question of two factors: money and of the hassle of it. It costs $99 to get the right to send binaries off to Microsoft for signing, and recent changes to their policies require that you have another
authoritative (not self-issued) signing key, so that will cost more money. This isn't a huge sum for the likes of Canonical, Red Hat, or Novell, but for an all-volunteer operation on a shoe-string budget, it could be a factor. There's also the fact that there are a lot of hoops to jump through to get things signed, procedures for building certain binaries must be changed, there's more testing involved, etc. This adds up to a lot of hassle.
Also I see that Ubuntu supports this, and since Mint is based on Ubuntu, why is this not ported over to mint ? is this not a prime feature of open source that you are allowed to do that ?
In theory, if Mint uses exactly the same binaries as Ubuntu for key items (Shim, GRUB, and the kernel), it should work directly. If any of those items were to be recompiled, though, they'd need to be re-signed, with either Microsoft's private key or with Canonical's private key. The former costs money (see above) and the latter is impossible because Canonical doesn't (to the best of my knowledge) sign third-party binaries with their private key.
On the other hand I see plenty of post about dual booting with W8, so how can you dual boot if mint does not support this boot method ?
You either jump through certain hoops yourself (as described here,
among other places) or you disable Secure Boot. Just because a PC ships with Windows 8 and Secure Boot enabled does not
mean that you have to leave it enabled.
Note that the FSF isn't opposed to Secure Boot per se; rather, they object to its use as a means of limiting end-users' ability to boot the OS of their choice. Theoretically, it's currently not a serious problem on x86 and x86-64 computers, although it can be an annoyance or extra hurdle for some people and OSes. ARM devices that ship with Windows, though, are more limiting, and should be avoided. It's also possible that future changes to Microsoft's licensing policies will create problems on other platforms.
mbohets wrote:Technically I am still confused aibut the difference between UEFI and secureboot.
Secure Boot is one
feature -- and an optional
feature -- of UEFI. Secure Boot is to UEFI as a GPS navigation system is to a car.
PC Magazine wrote:Anyone who wants to install a non-Windows operating system on Windows 8-certified hardware would first have to manually disable SecureBoot.
This isn't correct. You can use Shim or PreLoader to boot just about anything with Secure Boot active. Big Linux distributions (and some not-so-big ones) distribute these programs and use them to support Secure Boot.
DrHu wrote:Secure boot is an MS marketing gimmick, I would think; and if not that, then it is a limiting of any competition, either as a market feature or simply by making it difficult to install other OS, if you follow all the rules: that is do not disable secure boot or uefi secure mode..
--does it really help the end-user in any way..
Secure Boot does have benefits to the end user. There are known
boot kits that Secure Boot can block, therefore keeping the computer safe from infection by those items of malware.
Secure Boot does not
limit competition, at least not in the x86-64 arena, where Shim and PreLoader are both available and can be used to launch Linux or other OSes. Furthermore, one of the "rules" you stated (namely, "do not disable secure boot") is flat-out wrong -- Microsoft's own certification requirements include the stipulation that users must
be able to disable Secure Boot. If that option isn't there, then an EFI is not in compliance and the PC should not have a Windows 8 sticker on it. (For x86 and x86-64 systems, anyhow; for ARM it's another matter.)
xerion567 wrote:I could be wrong on this one, but I'm not sure W8 requires you to have SecureBoot in order to function, but it might require that you have UEFI.
There are two issues: Technical requirements and legal requirements. (The latter can be further subdivided depending on who
is bound by the legal requirements.)
On a technical level, Windows 8 requires neither UEFI nor Secure Boot. If you get a retail copy of Windows 8, you can install it on a BIOS-mode computer without a trace of EFI, on an EFI-based computer that lacks Secure Boot, on an EFI-based computer with Secure Boot but that feature disabled, or on an EFI-based computer with Secure Boot enabled (provided it's got Microsoft's public keys in its firmware).
On a legal level, Microsoft's licensing agreement says that any manufacturer who wants to slap a Windows 8 sticker on a non-server PC must
ship that computer with Secure Boot enabled. This in turn implies that the computer ship configured to boot in EFI mode. Note that this applies only to PC manufacturers, and to those who want a Windows 8 sticker. A Mom & Pop computer store that doesn't sign this licensing agreement can still sell you a Windows 8 PC that boots in BIOS mode -- they just could not legally put a Windows 8 sticker on the computer. You're also free to install a retail copy of Windows 8 in any way you choose. In theory, you could re-install in BIOS mode on something that came with Windows 8 in EFI mode, although in practice the recovery/installation tools provided by the manufacturer might not support this.