Linux Foundation Secure Boot fix Released

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read this

Linux Foundation Secure Boot fix Released

Postby ElectricRider on Wed Feb 13, 2013 12:47 am

If anyone with a new Windows 8 PC wants to dual boot with UEFI and Secure Boot you can give this a try. The Linux Foundation has after fighting with this since November, released the new Linux Secure Boot pre-loader. http://blog.hansenpartnership.com/linux ... -released/

These instructions are not for absolute beginners. Distros will have to incorporate this fix into the next distro release to make the process easier on new Linux users.

Please help the community if you can by alerting The Linux Foundation and or James Bottomley with problems you may have to help refine the code.

BTW, I want to apologize to the Devs and Mods for not posting this in an off topic forum. I know it's not a question but I thought since many people use older versions of Mint with newer hardware they may come into problems because of UEFI and Secure Boot and not know why.
Last edited by ElectricRider on Wed Feb 13, 2013 4:05 pm, edited 1 time in total.
ElectricRider
Level 4
Level 4
 
Posts: 205
Joined: Tue Dec 07, 2010 8:39 pm

Linux Mint is funded by ads and donations.
 

Re: Linux Foundation Secure Boot fix Released

Postby srs5694 on Wed Feb 13, 2013 10:54 am

Distributions are better off using the shim approach, as Fedora 18 and Ubuntu 12.10 both already do. The LF's PreBootloader is likely to be a little bit easier for users to install themselves, though, or for developers of Linux emergency discs (like System Rescue CD or Parted Magic) to use, at least assuming they aren't willing or able to shell out the $100 required to get their own signed copy of shim.
srs5694
Level 6
Level 6
 
Posts: 1020
Joined: Mon Feb 27, 2012 1:42 pm

Re: Linux Foundation Secure Boot fix Released

Postby ElectricRider on Wed Feb 13, 2013 11:56 am

So, srs5694,

just to clarify, should this work with all distros even those that don't already use the shim or any otherwise UEFI compatibility? Or perhaps an older version of Mint even not based on Ubuntu 2.10?

The problem with all distros using the shim approach is not all of them are going to want to do that - or not work on it in a timely manner. I've had some tell me they wont worry about UEFI (let alone Secure Boot) till the next version of the OS, which may come in over a year.

Seems to me all boot managers and apps that run at boot time like a partition managers or Windows apps like Comodo Time Machine or Rollback RX are going to have to deal with MS holding out their hands for payment. I understand this payment doesn't go to Microsoft but to the company that runs the software to purchase the keys.. I think it's Verisign.
ElectricRider
Level 4
Level 4
 
Posts: 205
Joined: Tue Dec 07, 2010 8:39 pm

Re: Linux Foundation Secure Boot fix Released

Postby tdockery97 on Wed Feb 13, 2013 12:15 pm

I'm glad the Linux community is being proactive regarding access to computers with this secure boot "feature". Personally my solution was to turn off secure boot and use legacy BIOS.
Image

HP Pavilion 17 Notebook, 8GB DDR3, 2.5GHZ A10-APU, Radeon HD 8650G
User avatar
tdockery97
Level 13
Level 13
 
Posts: 4893
Joined: Sun Jan 10, 2010 8:54 am
Location: Salem, Oregon

Re: Linux Foundation Secure Boot fix Released

Postby srs5694 on Thu Feb 14, 2013 11:43 am

ElectricRider wrote:should this work with all distros even those that don't already use the shim or any otherwise UEFI compatibility? Or perhaps an older version of Mint even not based on Ubuntu 2.10?


Yes, with the caveat that the user must either modify the installer manually or install with Secure Boot disabled and then re-enable Secure Boot after setting everything up. This is no different than using shim, at least in principle. The difference is that PreBootloader is easier to get started with, since it doesn't require signing binaries; but PreBootloader requires more maintenance in the long term, since it requires registering each new binary (boot loader and perhaps kernel) whenever it's upgraded.

The problem with all distros using the shim approach is not all of them are going to want to do that - or not work on it in a timely manner. I've had some tell me they wont worry about UEFI (let alone Secure Boot) till the next version of the OS, which may come in over a year.


As I say, an end user can set up either tool. I describe the process for shim here. I've got an update with more details about PreBootloader close to ready.

Seems to me all boot managers and apps that run at boot time like a partition managers or Windows apps like Comodo Time Machine or Rollback RX are going to have to deal with MS holding out their hands for payment. I understand this payment doesn't go to Microsoft but to the company that runs the software to purchase the keys.. I think it's Verisign.


A one-time payment will do it; or they can use shim or PreBootloader without paying, but imposing a bit of an extra burden on users to select a file in a file manager before proceeding.
srs5694
Level 6
Level 6
 
Posts: 1020
Joined: Mon Feb 27, 2012 1:42 pm


Return to Installation & Boot

Who is online

Users browsing this forum: No registered users and 12 guests