Linux Foundation Secure Boot fix Released

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post read how to get help. Topics in this forum are automatically closed 6 months after creation.
Locked
ElectricRider

Linux Foundation Secure Boot fix Released

Post by ElectricRider »

If anyone with a new Windows 8 PC wants to dual boot with UEFI and Secure Boot you can give this a try. The Linux Foundation has after fighting with this since November, released the new Linux Secure Boot pre-loader. http://blog.hansenpartnership.com/linux ... -released/

These instructions are not for absolute beginners. Distros will have to incorporate this fix into the next distro release to make the process easier on new Linux users.

Please help the community if you can by alerting The Linux Foundation and or James Bottomley with problems you may have to help refine the code.

BTW, I want to apologize to the Devs and Mods for not posting this in an off topic forum. I know it's not a question but I thought since many people use older versions of Mint with newer hardware they may come into problems because of UEFI and Secure Boot and not know why.
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 2 times in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
srs5694
Level 6
Level 6
Posts: 1386
Joined: Mon Feb 27, 2012 1:42 pm

Re: Linux Foundation Secure Boot fix Released

Post by srs5694 »

Distributions are better off using the shim approach, as Fedora 18 and Ubuntu 12.10 both already do. The LF's PreBootloader is likely to be a little bit easier for users to install themselves, though, or for developers of Linux emergency discs (like System Rescue CD or Parted Magic) to use, at least assuming they aren't willing or able to shell out the $100 required to get their own signed copy of shim.
ElectricRider

Re: Linux Foundation Secure Boot fix Released

Post by ElectricRider »

So, srs5694,

just to clarify, should this work with all distros even those that don't already use the shim or any otherwise UEFI compatibility? Or perhaps an older version of Mint even not based on Ubuntu 2.10?

The problem with all distros using the shim approach is not all of them are going to want to do that - or not work on it in a timely manner. I've had some tell me they wont worry about UEFI (let alone Secure Boot) till the next version of the OS, which may come in over a year.

Seems to me all boot managers and apps that run at boot time like a partition managers or Windows apps like Comodo Time Machine or Rollback RX are going to have to deal with MS holding out their hands for payment. I understand this payment doesn't go to Microsoft but to the company that runs the software to purchase the keys.. I think it's Verisign.
User avatar
tdockery97
Level 14
Level 14
Posts: 5058
Joined: Sun Jan 10, 2010 8:54 am
Location: Mt. Angel, Oregon

Re: Linux Foundation Secure Boot fix Released

Post by tdockery97 »

I'm glad the Linux community is being proactive regarding access to computers with this secure boot "feature". Personally my solution was to turn off secure boot and use legacy BIOS.
Mint Cinnamon 20.1
srs5694
Level 6
Level 6
Posts: 1386
Joined: Mon Feb 27, 2012 1:42 pm

Re: Linux Foundation Secure Boot fix Released

Post by srs5694 »

ElectricRider wrote:should this work with all distros even those that don't already use the shim or any otherwise UEFI compatibility? Or perhaps an older version of Mint even not based on Ubuntu 2.10?
Yes, with the caveat that the user must either modify the installer manually or install with Secure Boot disabled and then re-enable Secure Boot after setting everything up. This is no different than using shim, at least in principle. The difference is that PreBootloader is easier to get started with, since it doesn't require signing binaries; but PreBootloader requires more maintenance in the long term, since it requires registering each new binary (boot loader and perhaps kernel) whenever it's upgraded.
The problem with all distros using the shim approach is not all of them are going to want to do that - or not work on it in a timely manner. I've had some tell me they wont worry about UEFI (let alone Secure Boot) till the next version of the OS, which may come in over a year.
As I say, an end user can set up either tool. I describe the process for shim here. I've got an update with more details about PreBootloader close to ready.
Seems to me all boot managers and apps that run at boot time like a partition managers or Windows apps like Comodo Time Machine or Rollback RX are going to have to deal with MS holding out their hands for payment. I understand this payment doesn't go to Microsoft but to the company that runs the software to purchase the keys.. I think it's Verisign.
A one-time payment will do it; or they can use shim or PreBootloader without paying, but imposing a bit of an extra burden on users to select a file in a file manager before proceeding.
Locked

Return to “Installation & Boot”