[SOLVED] Is "Secure Boot" still a problem with new machines today?

[peterstone]

A friend has asked me to advise her about acquiring a suitable new desktop (not a laptop), and then to install a Linux distro on it, replacing the MS Windows 10 with which it will probably be delivered. She does not want to retain the Win 10, but to use Linux only. When the machine arrives, I am minded to install a dual boot of Mint 18.3 KDE and Mint 19 XFCE, and let her discover which she prefers.

I am uncertain whether at present there is a risk that a new machine may come with Secure Boot on and without the option to disable it in the bios settings. Is this a real risk, so that a firm promise from the dealer that this will not happen should be sought before the order is placed?

My current thought is that, apart from this issue, a Dell machine (with a core-i5, 8 GB RAM, a 128 GB SSD, and a 1 TB traditional drive) might be the best purchase.

Any relevant information would be much appreciated.

Best wishes,
Peter Stone

[gm10]

I have yet to see a secure boot that could not be disabled, but Mint usually works fine with secure boot enabled even. There are some UEFI implementations that try very hard from blocking you to install anything but Windows, some touchpads cause trouble, stuff like that, so best just do a search for the specific device you're planning on buying and its Linux compatibility.

[Moem]

Dells are generally quite Linuxfriendly, I think you can't go wrong with that one.

[HaveaMint]

I would suggest loading one system and using virtual box to sample the other DE's. It is much easier to clean up later.

[MrGrimm]

always turn secure boot and fast boot off.

[michael louwe]

I am uncertain whether at present there is a risk that a new machine may come with Secure Boot on and without the option to disable it in the bios settings. Is this a real risk, so that a firm promise from the dealer that this will not happen should be sought before the order is placed?

.
A few years ago, ARM-based M$ Windows 8.1 RT Surface devices do not allow Secure Boot to be disabled. This should be the same for today's Win 10 on ARM devices/netbooks.
....... M$ Win 10 Surface devices do not allow Legacy BIOS install mode because of the newer UEFI Class 3 standard requirement. UEFI Class 2 allows Legacy BIOS mode in System BIOS.

For the launch of Win 10 in 2015, M$ gave a new mandate to the OEMs that it was up to their discretion whether they wanted to allow Secure Boot to be disabled or not by the customers. Before that M$ had mandated the OEMs to allow Secure Boot to be disabled after vociferous opposition from the tech industry and computer buyers/users, ie when UEFI and Secure Boot were first mandated by M$ on all new OEM Win 8 computers in 2012.
....... As of today, no OEM has taken up on M$'s "offer" to disallow Secure Boot to be disabled. If the OEMs do so, there will be much hue and cry from computer buyers and users. Nevertheless, M$ may still exert pressure on the OEMs to take up on her "offer", eg by using her market-monopoly power or by offering more discounts for OEM Win 10 Volume Licenses.

So, you should be quite secure from Secure Boot and the Win 10 "malware" from M$.

[peterstone]

Many thanks to all who replied.

Since there seems to be no problem at present with Secure Boot in relation to installing Linux on a new PC, I shall proceed to recommend a Dell PC to my friend, and eventually to install Mint on it.

Best wishes,
Peter Stone

[diapason]

I have yet to see a secure boot that could not be disabled, but Mint usually works fine with secure boot enabled even. There are some UEFI implementations that try very hard from blocking you to install anything but Windows, some touchpads cause trouble, stuff like that, so best just do a search for the specific device you're planning on buying and its Linux compatibility.

If only ........ I am still searching (in vain) for the means to disable secure boot on a Nokia Lumia 2520. The hardware (including the keyboard cover with additional battery) is excellent but ruined by the completely useless Windows 8.1RT. I want to get rid of Windows altogether and replace it with Android or maybe a Linux Lite distro so that I can make use of it. It has been gathering dust in a cupboard since I bought it in 2013. If you do have some inkling of how to disable the secure boot, please share.

[gm10]

If only ........ I am still searching (in vain) for the means to disable secure boot on a Nokia Lumia 2520. The hardware (including the keyboard cover with additional battery) is excellent but ruined by the completely useless Windows 8.1RT. I want to get rid of Windows altogether and replace it with Android or maybe a Linux Lite distro so that I can make use of it. It has been gathering dust in a cupboard since I bought it in 2013. If you do have some inkling of how to disable the secure boot, please share.

I have zero experience with UEFI on phones and can claim no expertise there, sorry. I do remember seeing this years back though: https://www.xda-developers.com/microsof ... cure-boot/

[diapason]

Ah, if only it were just a phone, I would bin it. However, the Nokia Lumia 2520 is a proper tablet, launched by Nokia just before Microsoft acquired them. I bought it in the UK two or three weeks after the launch on the recommendation of a technical support person. In US dollar terms, it set me back about $1000. As I said, the hardware is really first class but the operating system is so limited as to make it useless for anything other than basic recreational purposes. I hang onto it in the hope that one day, someone will crack disabling the secure boot. There was a solution on here for a short while some time ago but, by the time I saw it, MS had plugged the loophole. As RT is all but defunct now, one might hope that MS will be sporting and offer a solution but I'm not holding my breath.

[Moem]

I am still searching (in vain) for the means to disable secure boot on a Nokia Lumia 2520.

I strongly suggest starting a new thread for that.

[diapason]

Thanks. I know that this topic is marked [solved] so I was really just responding to gm10's recent comment which a search had thrown up rather than looking for general input. I doubt that there will ever be a solution to the RT issue. Nevertheless, as there may well be mileage in starting a new thread, I will take up your suggestion.

[michael louwe]

I doubt that there will ever be a solution to the RT issue.

.
Yes, you doubt rightly since Surface RT ARM-based devices did not sell much = like Win 10 Mobile smartphones = abandoned and forgotten by M$ like a bad dream.

Desktop Windows is a bloated and resource hungry OS, compared to MacOS and Linux. Win 8.x/10 have both desktop and mobile features, eg touchscreen. Windows is not really compatible with the purposely-crippled mobile ARM processor, especially when used by power-users. Those who fell for M$'s hype or con-job have mostly themselves to blame, eg those who are buying the new OEM Win 10 on ARM devices, ie even though not buying M$'s Surface Win 8.x/10 RT or Nokia Lumia 2520.

Another con-job is M$ colluding with the OEMs to preinstall Win 8.x/10 on cheap under-powered Intel Atom 2-in-1 tablets using a proprietary 32bit UEFI bootloader and with only 32GB of eMMC storage.

M$'s marketing motto is also, "a sucker is born every minute" for her to experiment with or recruit as beta-testers.

[diapason]

I see you are as cynical about M$ as I am. I bought the Nokia tablet in 2013 on the recommendation of one of those M$ Partner types when I was looking to replace an ageing Acer Android tablet (which is still going strong today in the hands of a friend). Nokia really messed up by going for Windows RT instead of Android; that would have made the 2520 a superb tablet but I guess they were already cosying up to be acquired by M$ and that it was a political decision.

By the time I had figured out how big a pig-in-a-poke I had bought, it was too late to return it to the department store so it went into a cupboard and I bought a HP Slate 10 which is excellent and I am still using but it won't upgrade beyond Android 4.4. Getting Android or a Linux Lite onto the Nokia would be ideal.

The (expensive) lesson was actually a blessing in disguise because, at the same time, I was looking to replace my Sony Vaio VGN FS series Windows XP laptop. Seeing what a disaster 8.1RT is as an operating system made me look more closely at Windows 7, Vista and 8 and I did not like what I saw. Then I started to hear that secure boot was becoming standard on machines with a Windows OS pre-installed and that eventually it may not be possible to disable it (as with RT).

That was the last straw. Spending money to be shackled to M$ is just not on. I'm no fan of Apple either so I did what I should have done long before. I made a bootable USB stick of Linux Mint 16 to have a look at and, after a few hours decided to put it on the Sony Vaio in dual boot to evaluate properly. Within a week, I was hooked and the decision was made. I ordered a custom built 64 bit laptop from System 76 in the US. It was delivered to my UK address within a week. I put Mint 16 with Cinnamon desktop on it and I have not looked back. I upgraded to Mint 17 and through to Mint 17.3 which I stayed with until a few weeks ago. As support ends in 2019, I thought now would be a good time to make a move so I skipped Mint 18 and went for a clean install of Mint 19 which is working beautifully so, with upgrade releases, I reckon I'm set now till 2023. There is nothing I miss about Windows and the knowledge and willing help when necessary available from the Linux forums 24/7 leaves traditional support methods way behind.

I retired to Uruguay a couple of years ago and I have not found any other Linux users here yet but there are some in neighbouring Argentina and Brasil.