dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
794
share rss forum feed


FF4m3

@bhn.net

Current Overview Of 'Secure Boot' By Matthew Garrett

An overview of our Secure Boot implementation - Oct. 30th, 2012:

Clear explanations and summary.



sempergoofy
Premium
join:2001-07-06
Smyrna, GA
Reviews:
·AT&T Southeast

Nice and clear explanation. Thanks for posting it.

I fought and was defeated last weekend by UEFI trying to build a dual boot system with brand new current motherboard for my son. The plan was to dual boot win 7 and opensuse 12.2 x86_64. Due to issues with the opensuse 12.2 installer (found threads on the topic after searching), I finally gave up. I could get one or the other installed with UEFI partitions, but not both on the same hard drive. First time I was ever defeated by not being able to get opensuse to install to my satisfaction. Since win 7 was a "must have" and Linux optional for my son, Linux lost out this time.

Maybe they'll have some more of the kinks worked out of the installer parts affected by UEFI in 12.3. I sure hope so.
--
nohup rm -fr /&



FastEddie
Premium,Ex-Mod 2001-13
join:2000-12-29
Channel Z
kudos:6

2 recommendations


Give the people who hack this stuff time. They will find away around it.

If it can be build you can find a way to get around it.


--
Here's To You



markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5

said by FastEddie:


Give the people who hack this stuff time. They will find away around it.

If it can be build you can find a way to get around it.


No reason to, like I've been posting on these boards for over a year now: Secure Boot with Linux will be used as designed; leave the panicking to those lacking intellect.

As for UEFI non-secure boot installation issues, sempergoofy See Profile post a new topic with as many details as you can and I (and others) will gladly walk you through. Linux was the first OS to support native UEFI booting. I have installed native UEFI boots on many machines, it is not complicated if instructions are followed precisely. Dual booting with Windows 7 adds challenges, just like MBR/BIOS, but it is achievable in painless effort in all of the distro's I've tried. OpenSuSE is one I have not, but it can't be that different from Ubuntu, Arch, Fedora, Gentoo, and most recently RHEL. This guide seems very detailed and proper. Great background in the process here if you are interested. Also, you will need the full DVD version of OpenSuSE, the smaller "Live" CD does not have UEFI boot capability.
--
Show off that hardware: join Team Discovery and Team Helix


El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4
Reviews:
·TekSavvy Cable
·TekSavvy DSL
reply to sempergoofy

With out knowing exactly what you did it's hard to know why you're getting locked out, but you should be able to turn off secure boot on a new motherboard, which although less secure, would eliminate the problem from the get go.

Do you require/want secure boot?
--
Support Bacteria -- It's the Only Culture Some People Have



markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5

1 recommendation

said by El Quintron:

With out knowing exactly what you did it's hard to know why you're getting locked out, but you should be able to turn off secure boot on a new motherboard, which although less secure, would eliminate the problem from the get go.

Do you require/want secure boot?

Secure boot isn't the problem for him, else he wouldn't be in Windows 7 either...

Most likely, it could be one of these common things:

1. Didn't boot the DVD/USB stick via UEFI and via Legacy MBR instead
2. Windows isn't UEFI installed, forcing Linux to UEFI destroyed the MBR
3. OpenSuSE has a "sometimes" bug where the Legacy MBR compatibility partition is removed and rewritten as "hybrid" (Which borks the Windows 7 install)
4. Did not reorder the Grub2 menu away from Elilo priority which boots straight into OpenSuSE without the Grub menu to pick between Linux and Windows

Either way, off topic to Secure Boot.

said by sempergoofy:

I could get one or the other installed with UEFI partitions, but not both on the same hard drive

--
Show off that hardware: join Team Discovery and Team Helix


sempergoofy
Premium
join:2001-07-06
Smyrna, GA
Reviews:
·AT&T Southeast

The issue for that system is moot now since my son needed the system and has taken it to his apartment elsewhere. I don't have access anymore.

I believe the one that bit me was the one you described as #3. I found a bugzilla item ultimately after reading the "how to" articles on opensuse.org where other people were having difficulties with dual boot. »bugzilla.novell.com/show_bug.cgi?id=781688

I tried a few legacy (non-UEFI) type installs, too, and it would consistently fail at first boot. I succeeded once in my several attempts (perhaps that was the time when I said "use grub not grub2" for the bootloader, but I can't recall for sure now. I did succeed in with a UEFI install with just opensuse 12.2 once, but was testing and that install got blown away with subsequent testing.

I also tried an install from the opensuse 12.2 KDE-live CDROM, too, with no better results.

I'll be ordering up components soon for a new build for myself. Not sure if I will go with the same motherboard I got for my son's build (Asus P8z77-V pro) as my requirements are different than his were. Linux will be a hard requirement for me, and if I can't make it work I'll be looking for help.

If I had had more time, I might have tried another Linux distribution, but I'm used to opensuse so was sticking with that for the recent build attempts.
--
nohup rm -fr /&



El Quintron
Resident Mouth Breather
Premium
join:2008-04-28
Etobicoke, ON
kudos:4

Thanks for letting me know, I installed Ubuntu 12.04, and Mint 13 without hassle on a 3770/P8Z77-V setup, along side Win 7
--
Support Bacteria -- It's the Only Culture Some People Have



sempergoofy
Premium
join:2001-07-06
Smyrna, GA

Just to confirm your success, UEFI or legacy intalls?

I'm not doubting that this just opensuse installer faults.

Also, I did flash the mobo bios to the latest available from Asus.
--
nohup rm -fr /&



markofmayhem
Why not now?
Premium
join:2004-04-08
Pittsburgh, PA
kudos:5

said by sempergoofy:

Just to confirm your success, UEFI or legacy intalls?

I'm not doubting that this just opensuse installer faults.

Also, I did flash the mobo bios to the latest available from Asus.

Just FYI: I have 15 Z77 boards with the latest BIOS to include Secure Boot and successfully loaded Windows 7 and Ubuntu 12.04 on all 15 as workstations for devs. They have two options to boot: through the UEFI boot choice menu or Grub's.

We use Ubuntu to run VM's and Win 7 for Visual Studio, not my choice For some reason, managing these clowns includes being their IT in this company... whatever, it beats submitting purchase invoices and dealing with the lowest bitter in computer science.
--
Show off that hardware: join Team Discovery and Team Helix


sempergoofy
Premium
join:2001-07-06
Smyrna, GA
Reviews:
·AT&T Southeast

Good info. I had considered for my own future build going with Linux-only boot with windows 7 restricted to a virtual machine. However, I did like the Asus A.I. windows utility for the P8z77-V Pro mobo when I saw it. It was fairly easy to set the system to overclock (something I have no previous experience with). I used a core i7 3770k unlocked for the build with a Cooler Master Hyper 212 EVO chip cooler.
--
nohup rm -fr /&