The truth about Microsoft, OEM's and Linux

Chat about just about anything else

The truth about Microsoft, OEM's and Linux

Postby ElectricRider on Tue Feb 05, 2013 8:54 pm

My journey into hell began about two months ago when I purchased a new HP laptop computer with Windows 8 preinstalled. The machine was fast, worked great and was cheap. It has a quad core CPU, 8 gigabytes of Ram with AMD Radeon 7640G graphics that can use up to 4 gigabytes for video processing. (512 MB dedicated called discrete graphics). It played everything I threw at it on high settings with great frame rate such as the new Skyrim, Black Ops 2 and Far Cry 3. All for only 400 US dollars. I could not be happier with my purchase... Then I tried to dual boot Linux and the world came crashing down around me.

I knew nothing of UEFI then or Microsoft's requirement of OEM's to use UEFI's Secure Boot feature with Windows 8. Now, I wish I had. Unified Extensible Firmware Interface - Wikipedia, the free encyclopedia

UEFI, or EFI is slated to be the replacement for Bios and it's been around for about 20 years. Trouble is, it's buggy and no one wanted to use it. There is good reason why OEM's have dragged their feet for years with this technology. It's still getting the kinks worked out. See here for more: EFI and Linux: the future is here, and it's awful - Matthew Garrett - YouTube

So, I started studying this technology. I found out that what most new consumers have that come shipped with Windows 8 is a bios based system with a UEFI layer implemented, but not always. Some systems have a full UEFI with no Bios and some are UEFI based with a compatibility layer of Bios. Most of the time you wont know which type of system you are buying until it's too late as the OEM's who are Microsoft partners don't advertise this information. One things for certain, if you buy a PC with Windows 8 preinstalled you will have some type of UEFI and you will have Secure Boot enabled.

Secure Boot acts as a protection feature that is supposed to ensure your system doesn't have any malware at the time of shipping. It works by checking keys in the operating system against hard coded keys in the UEFI. As these keys are signed by Microsoft, the system will not allow any other operating system to boot assuring you have a clean copy of Windows 8.

For Non ARM based PC's Microsoft requires the user have the ability to disable Secure Boot. Once this is done, Windows 8 will boot normally although still using UEFI for it's IO to the hardware. On many machines you also have the ability to turn off UEFI and boot Windows from Legacy Bios mode.

The problem with dual booting Linux either with UEFI off or Secure Boot disabled is it's not a proven technology that works well even if you do have a distro like Fedora or Ubuntu which supports UEFI and Secure Boot. I spent weeks fighting with getting Linux Mint to work properly in UEFI with Secure Boot disabled getting advise from top professionals - people who know UEFI well enough to write software for it. If the system was installed under UEFI in the first place, you can count on having your share of trouble.

I contacted HP's tech support and went round and round trying to explain the issues to people reading scripts off a card and checking with their supervisor with every sentence because they simply lacked the ability to understand the issues. In the end, I was told HP doesn't give support for UEFI, and I should please contact Microsoft.

Which is silly because Microsoft has nothing to do with the bios/UEFI in the machine, they only require it's use. In fact, you will not find one mention about UEFI in any HP documentation - at all. Not on the website, not in the advertising, not in the user Maintenance and Service Guide.

I wanted answers. I went over the tech supports heads and spoke to someone (I wont mention her name) who is a: Case Manager for "HP AMS TCO Escalations Team" I'm not exactly sure what that team does but they are supposed to have better answers than tech support. She didn't but told me some interesting things.

One reason all PC's that come preinstalled with a Microsoft operating system is cheaper than regular laptop is that Microsoft subsidizes the cost of the hardware. This amounts to being paid off in my book. It's a legal bribe.

The case manager claims this is common knowledge and all OEM's have this same agreement with Microsoft. I asked if she could provide me a reference to this online and she said it's not anywhere online that she knows of. I'm not too surprised at this.

If you read through the Windows 8 Hardware Certification Requirements for Client and Server Systems, found here: Windows Hardware Certification Requirements for Client and Server Systems , you will read about functionality you are supposed to have, that OEM's agree to - that you may not find in your system. The case manager avows all is good because after all, Microsoft signed off on the certification for these systems HP sells - Wonder how they can do this and still have the product pass Microsoft hardware certification? They are scratching each others backs there is no other way to put it. The case manager made a point to tell me several times that because Microsoft subsidizes these systems they do not have to allow support for dual booting with Non Microsoft systems or give UEFI support or even provide any documentation on UEFI.

What's worse in my opinion is she made a point to state proudly they are very interested in Linux. They have several machines certified to work with Linux and they are even Platinum members of The Linux Foundation. It's not about software freedom folks, it's about Money. Many people fear Microsoft doing these things knowingly to keep people from dual booting with Windows 8. I even recently defended Microsoft's rights here because I thought the author went overboard: http://www.linuxforums.org/forum/coffee-lounge/194593-my-problem-free-software-foundation.html

After talking to this case manager, I'm not so sure I had all the facts. It certainly does look like there is something rotten in town and it's not looking good for dual boot users.

The best solution to all of this is if you have such a machine make backup copies of your Recovery Disks, uninstall the system completely, and reinstall in Legacy Bios mode. You don't really need UEFI at this stage unless you have a hard drive larger than 2.2 TB's. If you want to do a clean non OEM bundled install you may be able to obtain a Windows 8 ISO from torrent of the disks here: MSDN Subscriber Downloads ( You will still have to re-install all your drivers manually) You cannot download from this site directly if you are not a MSDN partner but if you obtain such a disk you can legally use it because the product keys and CD keys are embedded in the systems bios. This will be true for all OEM machines that come preshipped with Windows 8. The installation disk will check your keys and activate your Windows as legal on first boot. In HP's case, this also will not void the warranty, your OEM may be different.

Bottom line, if you plan to dual boot, don't buy a Windows 8 preinstalled machine or be prepared for headaches. Better yet, don't support these companies at all who have these shady business practices. Buy from a company who doesn't partner with Microsoft or build your own machine. I know for me, this HP will be the last I ever buy.
ElectricRider
Level 4
Level 4
 
Posts: 205
Joined: Tue Dec 07, 2010 8:39 pm

Linux Mint is funded by ads and donations.
 

Re: The truth about Microsoft, OEM's and Linux

Postby srs5694 on Wed Feb 06, 2013 11:36 am

I'm sorry you've had so many problems, ElectricRider, and your frustration is certainly justified. I want to comment on a few points, though....

ElectricRider wrote:UEFI, or EFI is slated to be the replacement for Bios and it's been around for about 20 years.


According to Intel, work on the Intel Boot Initiative (which would eventually become EFI) began in 1998. I don't know precisely when the first version of EFI was released, but it was probably well after that point. In 2005, EFI 1.1 was discontinued and EFI 2.0 (UEFI) was begun. Thus, the age of EFI is more like 10-15 years, and UEFI is about 8 years old.

Trouble is, it's buggy and no one wanted to use it. There is good reason why OEM's have dragged their feet for years with this technology. It's still getting the kinks worked out.


This is a problem with any new platform: Nobody wants to use it until it's mature, and it won't become mature until a significant number of people starts to use it. Unfortunately, the BIOS is ancient (over 30 years old) and we're starting to run up against its limitations. It's long since time that it be replaced.

Also, bear in mind that EFI is not a monolithic system, like Windows -- every vendor has their own version. This is both part of the problem and a reason why your experience is not universal. You ran into an implementation with certain bugs that you've found difficult to overcome. Other implementations have different bugs, or fewer bugs, and work more smoothly.

So, I started studying this technology. I found out that what most new consumers have that come shipped with Windows 8 is a bios based system with a UEFI layer implemented, but not always.


I'm highly skeptical of the "most" claim. Some, yes, but at this stage, I suspect that most manufacturers are shipping UEFIs that don't use BIOS except in their compatibility layer, which can be disabled, and in fact often is disabled to speed up the boot process.

Secure Boot acts as a protection feature that is supposed to ensure your system doesn't have any malware at the time of shipping. It works by checking keys in the operating system against hard coded keys in the UEFI. As these keys are signed by Microsoft, the system will not allow any other operating system to boot assuring you have a clean copy of Windows 8.


This isn't quite true. The vast majority of PCs ship with two Microsoft keys, as well as with keys that are owned by the manufacturer of the PC. My own Secure Boot system (based on an ASUS motherboard) also has a Canonical key. In any event, Microsoft uses one of its keys to sign its own boot loaders and other EFI binaries, and it uses the other to sign third-party tools. A handful of Linux vendors and individuals have used this service to get Linux boot loaders signed, so they'll boot on most Secure Boot PCs with Secure Boot active. Thus, the claim that "the system will not allow any other operating system to boot" is incorrect, although it may well be true that particular (or even most) OSes won't boot on a stock Windows 8 computer without disabling Secure Boot.

For Non ARM based PC's Microsoft requires the user have the ability to disable Secure Boot. Once this is done, Windows 8 will boot normally although still using UEFI for it's IO to the hardware.


Once an OS is booted, most I/O does not go through the firmware, whether it's BIOS or EFI.The firmware is involved only during the early stages of the boot process. An exception is DOS, which relies on the BIOS for some of its basic I/O. UEFI does offer runtime services, and IIRC it's possible for an OS to use those for access to network hardware. Runtime services also give an OS access to firmware variables. For the most part, though, things like disk I/O, USB I/O, and so on, are handled the same way under UEFI as they are under BIOS: By OS drivers.

The problem with dual booting Linux either with UEFI off or Secure Boot disabled is it's not a proven technology that works well even if you do have a distro like Fedora or Ubuntu which supports UEFI and Secure Boot.


This statement is overly broad. It does work well if you've got the right software, if you know what you're doing, and if you've got reasonably bug-free EFI implementation. (In fact, any two of those three should be sufficient to get it to work well.) Unfortunately, Mint seems to be lagging in EFI support -- perhaps not all that much, but it's definitely not as robust as Fedora or even Ubuntu. Judging by your posts in your thread about your problems, it seems that you've got an unusually buggy UEFI implementation, and your efforts to get it working were hindered by your lack of familiarity with EFI. Thus, you had none of those three preconditions working in your favor.

If the system was installed under UEFI in the first place, you can count on having your share of trouble.

Not necessarily. Quite honestly, at this point, my advice for somebody with limited or no EFI experience and a computer that came pre-shipped with Windows 8 is to install Fedora 18. That's likely to be much easier to get started with than Mint, despite the fact that I've got my qualms about Fedora 18's rewrite of their installer (Anaconda). If you really want to use Mint, then do the following before attempting an installation:

  • Read up on EFI generally.
  • Read up on Secure Boot specifically.
  • Study your firmware options and learn how to disable Secure Boot, then do so.
  • Prepare a bootable rEFInd CD or USB flash drive.
  • Ensure that you boot your Mint installer in EFI mode rather than in BIOS mode. (If you don't know how to do this, you haven't researched EFI sufficiently.)
  • Write down the device identifier for your root (/) partition (as in "/dev/sda7" or "/dev/sdb2") so that you can pass it as a kernel option to rEFInd, should you need to boot in that way.

This shouldn't be necessary, but given Mint's weak EFI support, that's what Mint users are left with. With any luck Mint 15 will provide improved EFI support, but for now it is a mess, and it's as much Mint's fault as it is the fault of UEFI implementations.
srs5694
Level 6
Level 6
 
Posts: 1020
Joined: Mon Feb 27, 2012 1:42 pm


Return to Open chat

Who is online

Users browsing this forum: No registered users and 5 guests