Three PC Brands Where SecureBoot On Linux Is Botched

Chat about Linux in general

Three PC Brands Where SecureBoot On Linux Is Botched

Postby Orbmiser on Sat Feb 02, 2013 12:14 am

Three PC Brands Where SecureBoot On Linux Is Botched
http://www.phoronix.com/scan.php?page=news_item&px=MTI4OTc

Was expecting this kind of thing.

"Some Lenovo PCs will only boot Windows or Red Hat Enterprise Linux. This situation is more concerning and Matthew just says, "I recommend drinking, because as far as I know they haven't actually got around to doing anything useful about this yet."



Linux Foundation Still Prepping Its Secure Boot Loader
http://www.phoronix.com/scan.php?page=news_item&px=MTI4OTg
.
User avatar
Orbmiser
Level 7
Level 7
 
Posts: 1514
Joined: Thu Oct 18, 2012 5:16 pm
Location: Portland,Oregon

Linux Mint is funded by ads and donations.
 

Re: Three PC Brands Where SecureBoot On Linux Is Botched

Postby xenopeek on Sat Feb 02, 2013 4:46 am

Thanks for sharing that; I had bookmarked it but hadn't gotten around to posting it yet. We do have a first victim it seems :( Anybody a bit knowledgeable about this, please give Chifte's post linuxmint has been blocked by security policy a read and see if you can help...

I've noted viking777 and srs5694 making quite a few posts related to secure boot and UEFI in general. Perhaps to read up on what you need to know when you do buy a PC certified for Windows 8:
- Chainloading with gpt and uefi+ fixing Mint efi installation
- Want to dual boot Mint and Win 8 - UEFI questions
- Blank Partition Table: Install Mint 14 64bit from Windows 8
- How to boot LMDE on an UEFI-based pc?

It all reads like a nightmare... And on top of that we have this news, of PCs certified for Windows 8, but without a means to configure secure boot to work with Linux Mint :(
User avatar
xenopeek
Level 21
Level 21
 
Posts: 15440
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Three PC Brands Where SecureBoot On Linux Is Botched

Postby srs5694 on Sat Feb 02, 2013 2:42 pm

xenopeek wrote:It all reads like a nightmare...


It can be if you're unprepared. It's really not so bad if you understand it. The problem is that almost nobody understands it. Well, that and the buggy implementations, which really boil down to there being more to understand....

And on top of that we have this news, of PCs certified for Windows 8, but without a means to configure secure boot to work with Linux Mint :(


Lack of Secure Boot support is definitely an LM developer issue. Ubuntu 12.10, upon which LM 14 is based, has (early) Secure Boot support. I hope that the LM developers get this fixed for LM 15.

At the moment, the easiest workaround is to simply disable Secure Boot. This usually isn't very hard, but the required steps are very much machine-specific, since they require fiddling with firmware settings that aren't standardized. Booting with Secure Boot active is possible, but it requires installing extra software that's not part of the LM repositories. In practice, unless you want to re-master the installer, this means disabling Secure Boot, installing Mint, installing extra software, and then re-enabling Secure Boot. This might be worthwhile if you're really concerned about boot-time malware, but for most people it's just not worth the hassle. If you're really interested in trying it, read my Web page on the topic or my rEFInd Secure Boot documentation.
srs5694
Level 6
Level 6
 
Posts: 1020
Joined: Mon Feb 27, 2012 1:42 pm


Return to Chat about Linux

Who is online

Users browsing this forum: No registered users and 8 guests