UEFI and Linux
Forum rules
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
Do not post support questions here. Before you post read the forum rules. Topics in this forum are automatically closed 6 months after creation.
UEFI and Linux
This whole UEFI thing seems to be getting a bit nuts:
http://www.zdnet.com/blog/open-source/s ... blem/11270
http://www.zdnet.com/blog/open-source/s ... blem/11270
Last edited by LockBot on Wed Dec 28, 2022 7:16 am, edited 1 time in total.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Reason: Topic automatically closed 6 months after creation. New replies are no longer allowed.
Re: UEFI and Linux
Forget the "security boot" and Win 8. Setting up dual-booting with even Win 7 on existing computers that have UEFI instead of BIOS isn't simple at all.
I haven't found a single comprehensible guide on the issue.
And then there's helpful stuff like "The information applies to most versions of GRUB 2, but is specifically written for version 1.99." So noobs now know that 1.99 = 2 and that's just for starters.
I haven't found a single comprehensible guide on the issue.
And then there's helpful stuff like "The information applies to most versions of GRUB 2, but is specifically written for version 1.99." So noobs now know that 1.99 = 2 and that's just for starters.
Re: UEFI and Linux
The thing that concerns me about the article is that two of the biggest Linux players seem to be taking terrible stands. Fedora is making a deal with the devil to get to run their system, and Ubuntu is trying to become the devil (MS) by locking out everyone as well.
I think the time may be in my lifetime that if I want to run Linux I'll have to buy it pre-installed on a computer, and dual-booting, much less multi-booting, will be a thing of the past.
I think the time may be in my lifetime that if I want to run Linux I'll have to buy it pre-installed on a computer, and dual-booting, much less multi-booting, will be a thing of the past.
Re: UEFI and Linux
As shared elsewhere, you can now buy a computer pre-installed with Linux Mint Or pick one of the other options, for example through the list provided at Linux Pre-loaded website. So options will be there for those wanting to run just Linux, BSD, Haiku, or anything but Windows 8 basically. Of course, that is not a solution for duel-booters™ having bought a computer pre-installed with Windows 8
With Valve currently actively recruiting Linux developers, and set to launch the Steam client for Linux this year, a small hope this will leverage some additional pressure to get the UEFI Secure Boot implementation amended so it doesn't promote monopolistic behavior...
I haven't fully read Ubuntu's position on this, but for Fedora I understand they are currently selecting the lesser evil--not giving up on a better solution. They pay $99 once to VeriSign to get a Microsoft signing key, so they can sign their new pre-bootloader with that. The new pre-bootloader will load the actual bootloader (GRUB). GRUB, kernel, etc., will be signed with Fedora's own keys. So only changes to the new pre-bootloader need a new signing key as I understood it. That likely means you can't replace your bootloader with something else, or recompile your kernel (at least not easily).
With Valve currently actively recruiting Linux developers, and set to launch the Steam client for Linux this year, a small hope this will leverage some additional pressure to get the UEFI Secure Boot implementation amended so it doesn't promote monopolistic behavior...
I haven't fully read Ubuntu's position on this, but for Fedora I understand they are currently selecting the lesser evil--not giving up on a better solution. They pay $99 once to VeriSign to get a Microsoft signing key, so they can sign their new pre-bootloader with that. The new pre-bootloader will load the actual bootloader (GRUB). GRUB, kernel, etc., will be signed with Fedora's own keys. So only changes to the new pre-bootloader need a new signing key as I understood it. That likely means you can't replace your bootloader with something else, or recompile your kernel (at least not easily).
Re: UEFI and Linux
Vincent, Fedora's choice may be the lesser evil, but the whole thing stinks, these are the good old days when we can dual-and multi-boot without MS sticking their nose in our business.
I really wish I had 500 bucks lying around, would love one of those Mint machines
I really wish I had 500 bucks lying around, would love one of those Mint machines
Linux Mint UFEI battle plan?
Clem:
We've already seen how Redhat/Fedora will handle the upcoming secure boot requirements for new "widows8" certified hardware. Now it seems that Ubuntu has also decided how to handle this in a somewhat less draconian manor. http://www.phoronix.com/scan.php?page=n ... px=MTEyNDY
Will Mint make use of what Ubuntu is doing?
We've already seen how Redhat/Fedora will handle the upcoming secure boot requirements for new "widows8" certified hardware. Now it seems that Ubuntu has also decided how to handle this in a somewhat less draconian manor. http://www.phoronix.com/scan.php?page=n ... px=MTEyNDY
Will Mint make use of what Ubuntu is doing?
Last edited by xenopeek on Fri Jun 22, 2012 10:56 am, edited 1 time in total.
Reason: Merged topics
Reason: Merged topics
Re: UEFI and Linux
Details about Ubuntu's implementation are being commented on, here http://www.phoronix.com/scan.php?page=n ... px=MTEyNDY and here http://www.ubuntuvibes.com/2012/06/ubun ... 2-for.html. That sounds not that bad, though UEFI Secure Boot is still an issue of course.
Comparing it to Fedora's solution, Ubuntu will replace GRUB2 with Intel's efilinux loader. But the kernel will not be signed, so you can still load binary blobs (for proprietary hardware drivers, like graphics cards or wireless), and you can also patch or compile your own kernel. None of those three you can do with Fedora's solution. The plan includes that efilinux will chainload GRUB2 on machines where secure boot is not active.
I'm not sure what the implications are to Linux Mint / LMDE, but I guess we're still out in the cold and any user with a Windows 8 machine will need to disable secure boot to load either
Comparing it to Fedora's solution, Ubuntu will replace GRUB2 with Intel's efilinux loader. But the kernel will not be signed, so you can still load binary blobs (for proprietary hardware drivers, like graphics cards or wireless), and you can also patch or compile your own kernel. None of those three you can do with Fedora's solution. The plan includes that efilinux will chainload GRUB2 on machines where secure boot is not active.
I'm not sure what the implications are to Linux Mint / LMDE, but I guess we're still out in the cold and any user with a Windows 8 machine will need to disable secure boot to load either
Re: UEFI and Linux
Not necessarily. As I understand it, Microsoft requires not only that users be able to disable secure boot, but that they be able to add their own keys. Thus, you'll be able to generate your own key and sign whatever binaries you want. This will leave Secure Boot enabled and enable you to boot whatever you want. The drawback to this approach is that it requires greater expertise -- you'll need to know how to generate keys, sign binaries, and add the keys to the firmware. I haven't yet looked into the software required for any of these tasks (although adding keys to firmware will likely be done through firmware interfaces, and thus will likely vary from one implementation to another).xenopeek wrote:I'm not sure what the implications are to Linux Mint / LMDE, but I guess we're still out in the cold and any user with a Windows 8 machine will need to disable secure boot to load either
Re: UEFI and Linux
Without bashing anybody, but I think the majority of users dipping their toe in Linux and wanting it to dual-boot with Windows 8 fall in the category of those not knowing how to do those things. That's what I meant Not worried for myself, as I don't dual-boot with Windows, or buy prefab.srs5694 wrote:... The drawback to this approach is that it requires greater expertise -- you'll need to know how to generate keys, sign binaries, and add the keys to the firmware. ...
Re: UEFI and Linux
To me this is all about as clear as mud:
https://lists.ubuntu.com/archives/ubunt ... 35445.html
But it sounds like a future that no longer has dual-boot and multi-boot. And it sounds like users will be mostly using the software they get on the hardware they buy. Of course you will be able to build your own desktops any way you like, but for those using laptops, you will get to use one system, likely the one that comes with your computer. For tablets, you will definitely get to use only the system that comes with your tablet.
I could live with Fedora or Ubuntu better than I can live with MS. But there are many Linux distros, some that work better for users than those two.
My concern is that, unless Win8 is a complete flop, OEM's are not, and likely will not, be boldly launching out into the Linux universe by placing Linux on their computers. There are a few, but not nearly enough. Maybe Win8 will flop, maybe quick hacks will come to disable secure boot and we can put what we want on our hardware again, one thing is for sure--this is going to be interesting.
https://lists.ubuntu.com/archives/ubunt ... 35445.html
But it sounds like a future that no longer has dual-boot and multi-boot. And it sounds like users will be mostly using the software they get on the hardware they buy. Of course you will be able to build your own desktops any way you like, but for those using laptops, you will get to use one system, likely the one that comes with your computer. For tablets, you will definitely get to use only the system that comes with your tablet.
I could live with Fedora or Ubuntu better than I can live with MS. But there are many Linux distros, some that work better for users than those two.
My concern is that, unless Win8 is a complete flop, OEM's are not, and likely will not, be boldly launching out into the Linux universe by placing Linux on their computers. There are a few, but not nearly enough. Maybe Win8 will flop, maybe quick hacks will come to disable secure boot and we can put what we want on our hardware again, one thing is for sure--this is going to be interesting.
Re: UEFI and Linux
Let's say this one more time:KBD47 wrote:To me this is all about as clear as mud:
https://lists.ubuntu.com/archives/ubunt ... 35445.html
But it sounds like a future that no longer has dual-boot and multi-boot. And it sounds like users will be mostly using the software they get on the hardware they buy.
It will be possible to disable Secure Boot or add your own keys.
Granted, this is an extra hassle, but it will be an option, at least on x86-64 systems. (ARM is another matter; Microsoft's requirements for ARM work to further lock down the platform.)
The real threat, IMHO, is in the long term. Microsoft might change their Windows certification requirements for a future version of Windows. With Fedora and Ubuntu coming out with different approaches to the immediate problem, there's also the risk of fragmentation in the Linux community, which could hinder efforts to prevent future badness. For the moment, though, Secure Boot is, at worst, a minor inconvenience to individuals.
Apparently a lot of OEMs are none too happy with Microsoft's decision to dive into the hardware arena with their Surface tablet. This might give savvy marketing people for Red Hat, Ubuntu, SUSE, Android, and others a window of opportunity to get Linux onto more tablets, and perhaps other computers as well.My concern is that, unless Win8 is a complete flop, OEM's are not, and likely will not, be boldly launching out into the Linux universe by placing Linux on their computers.