Difference between revisions of "PC 21C & Secure Boot"

From Info Wiki
Jump to: navigation, search
(added outline of requirements to get Linux working on computers having Secure Boot)
(Secure Boot: added procedure for Acer notebooks)
Line 28: Line 28:
   
 
== Secure Boot ==
 
== Secure Boot ==
As of early 2013 the ability of Linux to work with secure boot is still uncertain. The pre-requiiste is one or both of:
+
The only reliable way to ensure that Linux will work with a computer that has secure boot is to disable secure boot:
*Secure Boot being able to be set to ''DISABLED'' in UEFI
 
*UEFI containing a Linux key
 
**presently none do
 
   
 
The UEFI specification does provide for Secure Boot to be able to be disabled
 
The UEFI specification does provide for Secure Boot to be able to be disabled
 
*AMI provide this feature in their UEFI (although hardware makers might not implement it)
 
*AMI provide this feature in their UEFI (although hardware makers might not implement it)
  +
*Award/Phoenix ?
   
 
Linux users are advised not to purchase a new computer (desktop or laptop) without first confirming that it will boot Linux (eg from CD Live CD or installed to USB stick)
 
Linux users are advised not to purchase a new computer (desktop or laptop) without first confirming that it will boot Linux (eg from CD Live CD or installed to USB stick)
 
Secure boot '''can''' be disabled on the following models:
 
Secure boot '''can''' be disabled on the following models:
  +
  +
=== Acer Notebooks ===
  +
  +
#Completely shut down your computer
  +
#power up/reboot and press F2
  +
#Use the right arrow key to select Security
  +
#Use the down arrow key to highlight Set Supervisor Password and press Enter.
  +
#Create a password and press Enter. Retype the password to confirm and press Enter again.
  +
#Use the right arrow key to select Boot.
  +
#Press the down arrow key to select Secure Boot and press Enter.
  +
#With the arrow key, highlight Disabled and press Enter.
  +
#Press the F10 key and select Yes to save the changes and exit the BIOS.
  +
  +
=== Samsung Notebooks ===
   
 
http://www.jbhifi.com.au/computers/samsung/15-notebook-sku-90670/
 
http://www.jbhifi.com.au/computers/samsung/15-notebook-sku-90670/
   
 
[Category:Technical Info]]
 
[Category:Technical Info]]
[[User:Rpeters|Rpeters]]14:03, 10 January 2013 (EST)
+
[[User:Rpeters|Rod]]14:03, 18 Freruary 2014 (EST)

Revision as of 13:38, 18 February 2014

The new technologies being introduced with PC & disk drives manufactured in 2011 and later include the core technology of UEFI firmware and its related technologies:

  • AF disk drives
  • GPT disk partitioning
  • EFI boot routine
  • Secure Boot (within the UEFI firmware)

More detailed guidelines, help and recommendations are available from:

http://rodsbooks.com

Many mainboards that were manufactured by Intel from 2006 include (U)EFI, but are likely to require upgrading to the latest available firmware release, in order to work reliably with the first three technologies above. Intel provide an ISO image of a bootable CD, which allows the upgrade to be done without Windows.

EFI Boot

The EFI bootloader within UEFI is capable of booting a kernel image directly, provided that the image has an extension of .efi. Getting this working, directly, requires being able to add to the boot entries in the mainboard's setup and this feature is not implemented on all mainboards. After entering the mainboard's setup, folllow the trail:

Boot tab -> Boot Priority -> Add entry

Workarounds include:

  1. many current Linux installer routines will place an entry for a bootloader (eg grub.efi, although it is likely to be named after the distro) in the mainboard's boot priority list
  2. the rEFInd boot manager from the above site will place an entry for itself in the mainboard's list.
    • rEFInd is more flexible, being able to select various boot devices:
      • a bootloader such as grub.efi
      • a CD or USB boot device or
      • a kernel file having .efi extension
    • rEFInd also presents an attractive boot menu, having icon-interface

EFI boot looks for FAT32 partitions having type code ef00 (type ESP). Contemporary kernel + initrd occupy > 20 MB. An ESP of several hundred MB is advisable if many OS will be installed on the PC or if older kernels are being retained.

Secure Boot

The only reliable way to ensure that Linux will work with a computer that has secure boot is to disable secure boot:

The UEFI specification does provide for Secure Boot to be able to be disabled

  • AMI provide this feature in their UEFI (although hardware makers might not implement it)
  • Award/Phoenix ?

Linux users are advised not to purchase a new computer (desktop or laptop) without first confirming that it will boot Linux (eg from CD Live CD or installed to USB stick) Secure boot can be disabled on the following models:

Acer Notebooks

  1. Completely shut down your computer
  2. power up/reboot and press F2
  3. Use the right arrow key to select Security
  4. Use the down arrow key to highlight Set Supervisor Password and press Enter.
  5. Create a password and press Enter. Retype the password to confirm and press Enter again.
  6. Use the right arrow key to select Boot.
  7. Press the down arrow key to select Secure Boot and press Enter.
  8. With the arrow key, highlight Disabled and press Enter.
  9. Press the F10 key and select Yes to save the changes and exit the BIOS.

Samsung Notebooks

http://www.jbhifi.com.au/computers/samsung/15-notebook-sku-90670/

[Category:Technical Info]] Rod14:03, 18 Freruary 2014 (EST)