D&C GLug - Home Page

[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]

Re: [LUG] UEFI _ a problem in Linux

 

On 18/04/13 17:10, Neil Winchurst wrote:
Now that UEFI has had a chance to settle down I am wondering about the state of play with Linux. I have not used Windows for years, so there will be no question of my wanting to dual boot Linux with Windows. No doubt there are some on the list who need/want to do just that. So can anyone help with these questions please?

My currents computers are two years old or more so they use the 'old-fashioned' BIOS system. Will any future versions of the various Linux distros expect UEFI and so not work with BIOS?

If I buy a new computer say in a year or so will it certainly be set up for UEFI?

If so, will that cause problems?

I think there is a lot of mis-information out there and a lot of scare stories. I have looked around the internet and am more that a little confused. Are there any experts on the list who can clear things up for me (and possibly for other members) please?

Thanks

Neil


As far as I understand it, a requirement of getting hardware 'certified' by Microsoft to be ready for Windows 8 manufacturers must have a UEFI firmware on the machines with Secure Boot enabled. I also gather that it should be possible for the end user to disable secure boot to be able to boot other operating systems.

However it's down to the manufacturer to make it possible to disable it. I've not really looked into the whole thing about what individual distros are doing, I gather that RedHat/Fedora have a solution as does Canonical with Ubuntu, but I don't have a Windows 8 machine to hand to test it out on, possibly when I buy a new machine it might come with Windows 8 pre-installed (not sure yet, really depends on what hardware is available when I decide to upgrade my laptop... if I go for a desktop machine I'll build one from scratch).

I was reading something recently about UEFI and how the source to the AMI UEFI firmware was released online. This got me thinking about another factor for secure boot... it could be used as an anti-piracy feature.

Basically to cut a long story short, manufacturers activate Windows automatically by inserting a key or string (depending on the version of Windows) into the BIOS. Then the copy of Windows also has a certificate and specific product key installed. If they all match Windows is activated. If not, it isn't. Now some folks have worked out how modifiy bioses to put these keys in, so for instance it can fool Windows into thinking it's running on different hardware... an example would be to modify a Gigabyte motherboard with the key for a Dell system. Windows sees the Dell key and activates Windows with the Dell certificate and product key.

I'm guessing here, but if a UEFI firmware can't be modified by anyone other than the manufacturer, then it might not be possible to insert the keys in the firmware (if it's modified in any way it won't appear secure anymore so it won't boot), hence this stops the practice of modifying the firmware or BIOS to activate Windows.

I'm sure as machines come out thousands of Linux users will be testing hardware and we'll soon find out which manufacturers are allowing Secure Boot to be disabled or not.

Rob

--
The Mailing List for the Devon & Cornwall LUG
http://mailman.dclug.org.uk/listinfo/list
FAQ: http://www.dcglug.org.uk/listfaq