Linux Mint Forums

[mintjoseph]

I'm a newbie to the linux world. I had linux mint installed [dual boot] on my last laptop for about a month which the retail store that I bought it at destroyed it in a spam of 3 months [under garantee - got my money back]. Suffice to say I enjoyed working with it in that it runs smoothly.

My question to the community is I just purchased a new laptop and would want to install version 14.1 of linux mint however yesterday I read the following story http://news.softpedia.com/news/All-Linux-Distributions-Get-the-Secure-Boot-Bootloader-311259.shtml and http://www.codon.org.uk/~mjg59/shim-signed/. Is this "shim" already incorporated in the current version of linux mint 14.1 and if no then will it be as I don't mind waiting for the next release that would probably incorporate this "shim".

Thank you for your patience coming from a newbie.

[xenopeek]

No, Linux Mint 14.1 requires you to disable secure boot. As also shared on the announcement: http://blog.linuxmint.com/?p=2234

[srs5694]

Note that you only need Shim if you want to (and can!) use Secure Boot. Until Windows 8 hit the shelves, few computers supported Secure Boot at all, and fewer still (AFAIK none, in fact) shipped with Secure Boot active. It's only Microsoft's branding requirements for Windows 8 computers that are causing Secure Boot to be used on new computers.

If you're stuck with such a computer, you've got basically three options for booting Linux:

• Disable Secure Boot -- As Vincent says, you can disable Secure Boot on x86/x86-64 computers. Unfortunately, the process varies from one computer to another, so you may need to dig around in your firmware to find the setting.
• Use Shim or a similar program -- You can boot with Secure Boot active by using Shim or something like it. AFAIK, Ubuntu 12.10 is the only distribution that yet ships with an early version of Shim, but others will follow suit. Fedora and SUSE will both use it with their next versions. I don't happen to know what Mint's plans are on this score. You can add Shim yourself, but this will require installing with Secure Boot disabled, installing Shim, and then re-enabling Secure Boot.
• Create your own Secure Boot keys -- This approach is very awkward, but it gives you complete control of the boot process, since you must sign anything that boots. This means that if/when somebody releases malware that's signed with Microsoft's key, it won't run on your system. See these instructions if you care to give it a try -- but be aware that this approach requires a fair amount of technical savvy.

The last two options are likely to become easier with time, as tools improve and work their way into distributions' standard package sets. The first option is likely to become better documented with time, too, although it might not become any easier.

One final caveat: If you've got an ARM computer that ships with Windows 8, your options are very limited. Microsoft's branding requirements forbid manufacturers from giving you a way to disable Secure Boot on ARM systems or reconfigure the keys, so the first and third options aren't possible on such systems. Currently, Shim doesn't support ARM, although it should be possible to make it do so. Nobody's bothered yet, but I expect it'll be only a matter of time before somebody does.