Gizmos Freeware Reviews  

Go Back   Gizmo's Freeware Forum > Freeware Forum > Linux

Reply
 
Thread Tools Display Modes
Old 06. Sep 2015, 01:44 PM   #11 (permalink)
Senior Member
 
Join Date: Oct 2012
Posts: 1,028
Default

Quote:
Originally Posted by Joe A.TT View Post
a. UEFI with Secure Boot
Every guide I have read, including this one, tells me to disable Secure Boot. As we know, Secure Boot is there to protect against boot kits. I know I have to turn it off to install Linux but do I have to leave it off? Does Linux provide any protection against boot kits?
I hope no one thinks I am being presumptuous but I am trying to answer one of my own questions.

If you look at my other thread, you would see I had a problem booting Windows from the Grub menu. Thanks to Jojo's experience and quick thinking I was able to resolve the problem in no time, i.e. by turning Off Secure Boot. However, this got me thinking - Holy cow, I was booting into Linux all along while Secure Boot was On! Of course, I didn't mention that in the other thread since I didn't think it had any bearing on the problem at hand. Nevertheless, my original question has been answered now, or partially at least: Yes, Linux Mint Cinnamon will boot while Secure Boot is On but you may encounter some unpredictable issues.
Joe A.TT is offline   Reply With Quote
Old 07. Sep 2015, 09:45 AM   #12 (permalink)
Maestro di Search
 
Jojo Yee's Avatar
 
Join Date: Jul 2008
Posts: 7,829
Default

Quote:
Originally Posted by Joe A.TT View Post
Holy cow, I was booting into Linux all along while Secure Boot was On!
That's interesting, and reported possible.

On Linux Mint's official release notes, it says "Linux Mint does not use digital signatures and does not register to be certified by Microsoft as being a "secure" OS. As such, it will not boot with SecureBoot. If your system is using secureBoot, turn it off."

Yet there're users reporting that it works with SecureBoot. It's also reported by J.A. Watson at ZDNet where he says, "I have installed Mint 17 on four different systems with UEFI firmware and UEFI Secure Boot enabled, and I had absolutely no problems on any of them."

My understanding is that SecureBoot is implemented by the firmware to check if the boot software and OS are signed. It can be related to both the firmware as well as the OS and boot software.

On one hand, since firmware comes with your PC, OEMs are able to "customize their firmware to meet the needs of their customers by customizing the level of certificate and policy management on their platform". (See Quick Summary in Secure Boot - Enable or Disable in UEFI)

On another hand, SecureBoot may be implemented differently in several Linux distros. Fedora uses Microsoft's secure boot key signing services for one-off $99 fee; Matthew Garrett developed a shim which is a signed bootloader for distributions; while Ubuntu uses a version of shim with its own key to verify the bootloader.

More interesting reading here: Linus Torvalds on Windows 8, UEFI, and Fedora

Last edited by Jojo Yee; 07. Sep 2015 at 10:14 AM.
Jojo Yee is offline   Reply With Quote
Old 07. Sep 2015, 02:03 PM   #13 (permalink)
Senior Member
 
Join Date: Oct 2012
Posts: 1,028
Default

Thanks for all the links Jojo. (Arrgh... more homework ). I did try to read up this Secure Boot thingy because I was looking for a way to get it to play nice with Linux Mint. I gave up in the end when I realized I wasn't quite ready for that soft of thing. Anyway, from what I read, apparently there are some UEFI firmware which are designed with a provision for adding trusted keys. I checked mines and I don't have that option. As far as I am aware, I didn't do anything special to make Mint boot while Secure Boot was On. It was purely by accident. Nevertheless, in a way I'm glad I had the benefit of this experience.
Joe A.TT is offline   Reply With Quote
Old 07. Sep 2015, 02:17 PM   #14 (permalink)
Maestro di Search
 
Jojo Yee's Avatar
 
Join Date: Jul 2008
Posts: 7,829
Default

You're welcome Joe. Just to test out on my laptop which dual boots Windows 10 and Linux Mint 17.2. Same as your experience, it can boot into Linux with SecureBoot on but it can't chainload Windows. I've had to disable SecureBoot for chainloading to work.
Jojo Yee is offline   Reply With Quote
Old 07. Sep 2015, 02:46 PM   #15 (permalink)
Senior Member
 
Join Date: Oct 2012
Posts: 1,028
Default

Thanks for taking the time to corroborate my experience Jojo. I feel less mystified for it.
Joe A.TT is offline   Reply With Quote
Old 07. Sep 2015, 03:47 PM   #16 (permalink)
Senior Member
 
Join Date: Dec 2014
Location: Perth, AU
Posts: 192
Default

the other thing is that SecureBoot itself is somewhat flaky.
ie: it's method of implementation varies by manufacturer.

as such, some Ubuntu derivatives will work, when technically, they shouldn't.
Pierre2 is offline   Reply With Quote
Old 08. Sep 2015, 12:55 PM   #17 (permalink)
Super Moderator
 
Anupam's Avatar
 
Join Date: Jul 2008
Location: India
Posts: 15,296
Default

Joe, it would be good to hear about your experience with Linux Mint too .
__________________
Anupam
Anupam is offline   Reply With Quote
Old 08. Sep 2015, 09:36 PM   #18 (permalink)
Senior Member
 
Join Date: Oct 2012
Posts: 1,028
Default

Glad to know you are following my excursions into Linux, Anupam .

For the record, I did some more tinkering with Secure Boot.

On my own laptop, if I press F12 while I am booting it will bring up a Boot Manager menu. I can then pick any operating system that is installed and boot from it. I don't know for sure whether all computers have this feature. Also, do not confuse this with the Advance Boot Options which can be accessed similarly via the F8 key.

Anyway, as an experiment, I turned Secure Boot On again. I then proceeded to boot into the Boot Manager by pressing F12. In the Boot Manager, I chose to boot from Windows. This time, regardless of the fact that Secure Boot was On, the machine booted into Windows without a problem. The significant difference to note here is if I try to boot into Windows from Grub while Secure Boot is On it will fail. This was mentioned before.

Based on the above, I have come to the following conclusions:
  1. During boot-up, UEFI is initialised first followed by Grub.
  2. Settings in UEFI supersede Grub.
  3. The Boot Manager or F12 menu is part of UEFI.
  4. The Boot Manager offers a way to make use of Secure Boot in a dual booted system.

Last but not least, this is how it is on my system. Your experience may vary.
Joe A.TT is offline   Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT +1. The time now is 06:15 PM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2020, vBulletin Solutions, Inc.