andy chung wrote:Fedora has paid $99 to the signing body and its keys are included via microsoft.
It would be more accurate to say that the result is that Microsoft signs Fedora's first-stage EFI boot loader (shim).
should linux mint do the same?
That's a matter of opinion. Mine is that they should, at least in the short- to medium-term. In the long term, I would hope that the open source community would be working on a better solution, such as getting an independent or blanket open source organization's keys included in mass-market computers so that this third-party key could be used rather than Microsoft's. I don't know if there are efforts underway to do this, though. Such an effort would have to be spearheaded by major open source players, such as Red Hat, Canonical, Novell, etc.
would it make installation easier under uefi?
It would make installation easier under Secure Boot,
which is not
synonymous with UEFI.
To elaborate: Secure Boot is one
feature of UEFI, and a technically optional
one, at that. I say "technically" because Microsoft requires that Secure Boot be active on computers that bear a Windows 8 logo, so for mass-market computers, Secure Boot is a Microsoft
requirement. Because most new computers ship with Windows 8, this means that most new computers also ship with Secure Boot active. When installing to a computer with Secure Boot active, it's definitely easier to have Secure Boot support in the installation medium and in the resulting installed OS. (At least, assuming it works correctly. This isn't always the case, but it is the case often enough that it's still a benefit, overall.) Despite the fact that UEFI and Secure Boot are both
present on most new computers, it's important to distinguish between the two, since they have entirely different effects on the Linux installation and boot processes, and it's possible to boot in EFI mode but with Secure Boot disabled.
have been looking around and it appears that it is bunch of trouble installing linux under new pc with win8 uefi.
There are several reasons for this, including:
- Some distributions (including LMDE, the last I heard) lacked explicit EFI support, which means they can't be installed in EFI mode without jumping through extra hoops that are well outside the comfort zone of most Mint users. It is possible to install such distributions in BIOS mode and then add an EFI boot loader, but even that is likely to be too much for the average Mint user.
- Some distributions (I believe including all versions of Mint) lack explicit Secure Boot support but do have EFI support. This means that they can't be installed to computers with Secure Boot active, but they can be installed on older EFI-based computers or on new computers once Secure Boot is disabled. It's possible to add Secure Boot support once such a distribution is installed, but doing so can be even more of a pain than adding an EFI boot loader to a BIOS-mode Linux installation.
- Some distributions have EFI support that's broken in one way or another. Frequently the problems show up on only some computers.
- Some distributions have Secure Boot support that's broken in one way or another. Frequently the problems show up on only some computers. Note that Ubuntu uses shim version 0.1, whereas the latest version is shim 0.2. Version 0.1 is missing some important features, and I suspect that it may be buggier than version 0.2, which may account for some Ubuntu problems with Secure Boot. I'm baffled as to why Ubuntu hasn't upgraded to shim 0.2 for 12.04.2 and 13.04. (Version 0.1 was current when 12.10 was released, though.)
- Many EFIs are buggy and require workarounds at the OS installation stage; and such workarounds are ugly and unreliable hacks, at best. Unfortunately, the "it works with Windows, so it's OK" mentality of most manufacturers has made bug fixes for such problems slow in coming.
- Plug-in cards, especially video cards, have their own firmware, which must be able to coexist with the motherboard's firmware (BIOS or EFI). In some cases, using a video card that's designed for BIOS can work on an EFI-based computer via the computer's BIOS compatibility layer; but sometimes this doesn't work, and so can cause problems.
- Drivers for hardware (especially video hardware) sometimes relies on the firmware to initialize the hardware in a certain way. If this doesn't happen because of BIOS/EFI issues, the result can be video problems, up to and including a blank display. This seems to be an issue on some systems. Nvidia hardware with the proprietary Nvidia drivers seems to be particularly prone to such problems.
- New computer models frequently have hardware for which Linux drivers either don't exist or are immature. This has always resulted in problems installing Linux to new computers, and such problems seem to be occurring with increased frequency today compared to a couple of years ago.