powerhouse wrote:It's a pity it doesn't have UEFI support out of the box, at least that is what I understand from your post.
I haven't yet tried Mint 14, but if it's based off of Ubuntu 12.10, chances are it at least includes a kernel with EFI stub loader support. This can help a lot, since it means you can easily use rEFInd
as a boot manager, or even reference the kernel as a boot loader directly from your firmware's own boot manager. If you know what you're doing, this is a big plus. The trouble is that few people know what they're doing around UEFI just yet, which makes it harder to get help or find documentation.
UEFI is becoming more and more popular from the hardware side. It also has a number of advantages (it should have since MBR is stone age). It is also really important for Linux to grab UEFI because Microsoft is going to hijack it for "security" and other reasons.
I presume you're referring to Secure Boot. There was a big public storm about this about a year ago, but it turns out to be not nearly as much of a threat as was once believed. See Matthew Garrett's blog post about Shim,
which is the tool that Red Hat/Fedora is developing (apparently with significant input from SUSE) to get those distributions booted. The Shim approach essentially changes the Secure Boot "track" from one that's tightly controlled by Microsoft to one that's much friendlier to open source. It would have been better for the UEFI spec to create it that way to begin with, but Shim looks like a workable solution. Right now Shim isn't yet completely functional, though, so some workarounds
may be necessary. Disabling Secure Boot is pretty simple on x86/x86-64 PCs, if you're used to adjusting firmware options. Creating your own keys is also possible, but is too awkward for anything but experts at this point.
One way Microsoft intents to use UEFI is to have mobile device manufacturers to lock down their devices for Microsoft. In other words, you buy a mobile device with MS Windows or whatever on it, and it will be locked down so that you cannot install Linux (or anything else).
ARM devices have the disadvantage that Microsoft's Windows 8 certification requirements specify that Secure Boot can not
be disabled on ARM, whereas the same document says that users must
have the ability to disable it on x86/x86-64. (Of course, ARM devices that don't ship with Windows 8 can ignore Microsoft's requirements.) That said, the same approach that Red Hat is using on x86/x86-64 should work on ARM -- namely, signing Shim with Microsoft's key through the signing service that Verisign administers. Matthew Garrett says that Red Hat/Fedora won't be doing so itself, but some other interested party could certainly do so. OTOH, this does mean that your ability to boot Linux will be held hostage to Microsoft's willingness to continue supporting key signing by third parties. Personally, I hope to never buy any Secure Boot device on which the feature can't be disabled, just in case future developments block Shim or similar tools.