Three PC Brands Where SecureBoot On Linux Is Botched

Chat about Linux in general
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Locked
Orbmiser

Three PC Brands Where SecureBoot On Linux Is Botched

Post by Orbmiser »

Three PC Brands Where SecureBoot On Linux Is Botched
http://www.phoronix.com/scan.php?page=n ... px=MTI4OTc

Was expecting this kind of thing.
"Some Lenovo PCs will only boot Windows or Red Hat Enterprise Linux. This situation is more concerning and Matthew just says, "I recommend drinking, because as far as I know they haven't actually got around to doing anything useful about this yet."

Linux Foundation Still Prepping Its Secure Boot Loader
http://www.phoronix.com/scan.php?page=n ... px=MTI4OTg
.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
User avatar
xenopeek
Level 25
Level 25
Posts: 29507
Joined: Wed Jul 06, 2011 3:58 am

Re: Three PC Brands Where SecureBoot On Linux Is Botched

Post by xenopeek »

Thanks for sharing that; I had bookmarked it but hadn't gotten around to posting it yet. We do have a first victim it seems :( Anybody a bit knowledgeable about this, please give Chifte's post linuxmint has been blocked by security policy a read and see if you can help...

I've noted viking777 and srs5694 making quite a few posts related to secure boot and UEFI in general. Perhaps to read up on what you need to know when you do buy a PC certified for Windows 8:
- Chainloading with gpt and uefi+ fixing Mint efi installation
- Want to dual boot Mint and Win 8 - UEFI questions
- Blank Partition Table: Install Mint 14 64bit from Windows 8
- How to boot LMDE on an UEFI-based pc?

It all reads like a nightmare... And on top of that we have this news, of PCs certified for Windows 8, but without a means to configure secure boot to work with Linux Mint :(
Image
srs5694
Level 6
Level 6
Posts: 1386
Joined: Mon Feb 27, 2012 1:42 pm

Re: Three PC Brands Where SecureBoot On Linux Is Botched

Post by srs5694 »

xenopeek wrote:It all reads like a nightmare...
It can be if you're unprepared. It's really not so bad if you understand it. The problem is that almost nobody understands it. Well, that and the buggy implementations, which really boil down to there being more to understand....
And on top of that we have this news, of PCs certified for Windows 8, but without a means to configure secure boot to work with Linux Mint :(
Lack of Secure Boot support is definitely an LM developer issue. Ubuntu 12.10, upon which LM 14 is based, has (early) Secure Boot support. I hope that the LM developers get this fixed for LM 15.

At the moment, the easiest workaround is to simply disable Secure Boot. This usually isn't very hard, but the required steps are very much machine-specific, since they require fiddling with firmware settings that aren't standardized. Booting with Secure Boot active is possible, but it requires installing extra software that's not part of the LM repositories. In practice, unless you want to re-master the installer, this means disabling Secure Boot, installing Mint, installing extra software, and then re-enabling Secure Boot. This might be worthwhile if you're really concerned about boot-time malware, but for most people it's just not worth the hassle. If you're really interested in trying it, read my Web page on the topic or my rEFInd Secure Boot documentation.
Locked

Return to “Chat about Linux”