What's this "shim" . . . etc

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help

What's this "shim" . . . etc

Postby mintjoseph on Sun Dec 02, 2012 11:35 am

I'm a newbie to the linux world. I had linux mint installed [dual boot] on my last laptop for about a month which the retail store that I bought it at destroyed it in a spam of 3 months [under garantee - got my money back]. Suffice to say I enjoyed working with it in that it runs smoothly.

My question to the community is I just purchased a new laptop and would want to install version 14.1 of linux mint however yesterday I read the following story http://news.softpedia.com/news/All-Linux-Distributions-Get-the-Secure-Boot-Bootloader-311259.shtml and http://www.codon.org.uk/~mjg59/shim-signed/. Is this "shim" already incorporated in the current version of linux mint 14.1 and if no then will it be as I don't mind waiting for the next release that would probably incorporate this "shim".

Thank you for your patience coming from a newbie.
mintjoseph
Level 1
Level 1
 
Posts: 1
Joined: Sun Dec 02, 2012 11:26 am

Linux Mint is funded by ads and donations.
 

Re: What's this "shim" . . . etc

Postby xenopeek on Sun Dec 02, 2012 11:51 am

No, Linux Mint 14.1 requires you to disable secure boot. As also shared on the announcement: http://blog.linuxmint.com/?p=2234
User avatar
xenopeek
Level 21
Level 21
 
Posts: 15249
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: What's this "shim" . . . etc

Postby srs5694 on Sun Dec 02, 2012 1:40 pm

Note that you only need Shim if you want to (and can!) use Secure Boot. Until Windows 8 hit the shelves, few computers supported Secure Boot at all, and fewer still (AFAIK none, in fact) shipped with Secure Boot active. It's only Microsoft's branding requirements for Windows 8 computers that are causing Secure Boot to be used on new computers.

If you're stuck with such a computer, you've got basically three options for booting Linux:

  • Disable Secure Boot -- As Vincent says, you can disable Secure Boot on x86/x86-64 computers. Unfortunately, the process varies from one computer to another, so you may need to dig around in your firmware to find the setting.
  • Use Shim or a similar program -- You can boot with Secure Boot active by using Shim or something like it. AFAIK, Ubuntu 12.10 is the only distribution that yet ships with an early version of Shim, but others will follow suit. Fedora and SUSE will both use it with their next versions. I don't happen to know what Mint's plans are on this score. You can add Shim yourself, but this will require installing with Secure Boot disabled, installing Shim, and then re-enabling Secure Boot.
  • Create your own Secure Boot keys -- This approach is very awkward, but it gives you complete control of the boot process, since you must sign anything that boots. This means that if/when somebody releases malware that's signed with Microsoft's key, it won't run on your system. See these instructions if you care to give it a try -- but be aware that this approach requires a fair amount of technical savvy.

The last two options are likely to become easier with time, as tools improve and work their way into distributions' standard package sets. The first option is likely to become better documented with time, too, although it might not become any easier.

One final caveat: If you've got an ARM computer that ships with Windows 8, your options are very limited. Microsoft's branding requirements forbid manufacturers from giving you a way to disable Secure Boot on ARM systems or reconfigure the keys, so the first and third options aren't possible on such systems. Currently, Shim doesn't support ARM, although it should be possible to make it do so. Nobody's bothered yet, but I expect it'll be only a matter of time before somebody does.
srs5694
Level 6
Level 6
 
Posts: 1020
Joined: Mon Feb 27, 2012 1:42 pm


Return to Newbie Questions

Who is online

Users browsing this forum: Mute Ant and 25 guests