Page 1 of 6 123 ... LastLast
Results 1 to 10 of 55

Thread: [SOLVED] Booting install CD when uefi and secure boot are enabled

  1. #1
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    [SOLVED] Booting install CD when uefi and secure boot are enabled

    I had a previous post asking about installing Ubuntu on a new laptop with Windows 8, and was given some pointers and some things to read. With the reading and research I've done, I felt it was more appropriate to open a new thread.

    My understanding, put in simple terms, is that the problem comes in with secure boot enabled in the BIOS. Microsoft wanted to try to cover some of the security holes, so with secure boot it requires a key in a database that says it's ok to use the binary - in this case the boot loader. In this way malware attempts at modifying the boot will not "take" in that the computer will not boot.The argument is legitimately there that is also Microsoft trying to restrict what OS is being installed. It appears that Fedora and Canonical have 2 different approaches to this, with Canonical's still being questionable in terms of needing the key to be secure versus the Free Software Foundation's GPLv3 usage saying the source must be available - and in this case the argument is about the key. Everything I have read so far hasn't indicated if that issue has been resolved yet. This is being attempted so that the normal user doesn't have to have any knowledge of or any interfacing to the secure boot technology.

    I have read that 64-bit Ubuntu 12.04.03(?) and 12.10 have had the ability to detect uefi and secure boot and work around it to some degree.

    So, with that in mind, and given that I have a new Dell laptop with Windows 8, uefi, and secure boot enabled and that I don't want to do something to that would effect my warranty, will the Ubuntu 12.10 64-bit install CD actually boot when uefi and secure boot is enabled? What I've tried so far has not been allowed to boot.

    Sorry if this sounds sort of technical - I've tried to dumb it down as best I can. I also hope that my understanding and how I have worded it here are accurate. My concern is for myself, for current users who buy a new PC and for those people with newer hardware (uefi with secure boot enabled) to be able to boot the install CD, install Ubuntu and still be able to boot everything on the system okay when all is done.

    I believe this applies to systems with Windows 8, but I may be in error there.

    In looking at the forum, it appears there are a lot of people who have been having problems with uefi and Windows 8 - and I believe some of those are related to secure boot being enabled in the BIOS. So obviously it is a "big" deal. I'm just looking at the simplest usage - just trying to boot the install CD, while I recognize that this "simplest usage" also goes right to the heart of the matter.
    Last edited by squakie; March 13th, 2013 at 02:26 AM.

  2. #2
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Booting install CD when uefi and secure boot are enabled

    I have read that 64-bit Ubuntu 12.04.03(?) and 12.10 have had the ability to detect uefi and secure boot and work around it to some degree.
    To be accurate that is 64 bit Ubuntu 12.04.2. This second point release of Ubuntu 12.04 now has the kernel from 12.10 = Linux 3.5.0 kernel. It is this kernel that has been signed by a key validated by Microsoft. So, there are now 2 versions Ubuntu that should load and install (all things being equal) on a secure boot enabled motherboard. That is 12.04.2 and 12.10.

    You say that the live session is not loading? Is there any message or signs and symptoms to indicate what the reason is? The issue might not be anything to do with Secure boot but something else - such as the need to use one of the F10 options.

    From my browsing of the forums I see more than just an issue with secure boot being enabled. That should not be an issue at all. I do see issues with Fast boot being enabled and Windows dynamic disks and Windows using up all 4 allowed primary partitions. Then there is a failure to defrag the Windows partitions before moving/resizing them and not using Windows utilities to remove/resize Windows partitions. And do not forget the failure of users to do the research.

    Linux has been able to deal with UEFI and GPT for years now. The present the complications come from OEMs deviating from the specifications (such as Samsung) and users having, what I think of, as the unreasonable expectation that they should be able to install Linux on any hardware, even the very latest hardware, with any operating system already installed.

    As regards this comment

    with Canonical's still being questionable in terms of needing the key to be secure versus the Free Software Foundation's GPLv3 usage saying the source must be available
    Read this and you will see that the Linux Foundation has taken the same approach as Canonical.

    http://blog.hansenpartnership.com/li...stem-released/

    As regards the Fedora approach, read this

    http://mjg59.dreamwidth.org/19448.html?thread=724984

    And note this:

    As originally envisaged it would do nothing other than load and execute appropriately signed binaries, but it's got a little more complicated than that now. It is, however, basically feature complete at this point - I don't expect it to grow significantly further.
    I do not know of any way to install a Linux distribution without getting a kernel key from Microsoft so that appropriately signed binaries will be recognised as valid. And then there is this comment:

    the Free Software Foundation's GPLv3 usage saying the source must be available -
    That has been resolved long ago. Canonical was not going to use Grub in 12.10 because of the FSF's lack of clarity on this matter. Then the FSF cleared things up (indicated that they would not take Canonical to court for not revealing the secure boot key) and so Grub was put back as the boot loader for 12.10 and is still the boot loader for 13.04.

    Regards.
    Last edited by grahammechanical; February 18th, 2013 at 04:52 PM.
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  3. #3
    Join Date
    Jun 2009
    Location
    SW Forida
    Beans
    Hidden!
    Distro
    Kubuntu

    Re: Booting install CD when uefi and secure boot are enabled

    From what I have seen a few systems just work, a few have issues and some just do not work.

    But the issue is the vendors implementation of UEFI. The Microsoft spec says that the user must be able to turn off secure boot. And some users have posted that they can dual boot with secure boot on or off.

    Some Toshiba's will not boot.
    they managed to leave the signing key out of the database that's used to validate binaries

    Lenovo ThinkCentre M92p only boots Windows or Redhat. Hard coded into UEFI.
    http://www.phoronix.com/scan.php?pag...tem&px=MTIyOTg
    http://mjg59.dreamwidth.org/20187.html?thread=774619


    UEFI boot live-usb bricks SAMSUNG 530U3C,np700z5c laptop - fix released
    https://bugs.launchpad.net/ubuntu-cdimage/+bug/1040557
    http://www.h-online.com/open/news/it...s-1793958.html
    The problem also appears to affect Ubuntu 12.10 and other Samsung models. The Ubuntu bug report includes posts from users reporting that the problem also affects 300E5C, NP700Z5C, NP700Z7C and NP900X4C series laptops.


    Protection against Samsung UEFI bug merged into Linux kernel
    http://www.h-online.com/open/news/it...l-1795332.html
    Since these patches have not yet been integrated into the installation media for these distributions, users should always use the UEFI firmware's Compatibility Support Module (CSM), which emulates a BIOS mode, when booting on affected laptops.
    The current state of UEFI and Linux = Feb 1, 2013 - Matthew Garrett
    Samsung, Lenovo & Toshiba UEFI issues
    http://mjg59.dreamwidth.org/22028.html
    Matthew Garrett's Blog
    http://mjg59.dreamwidth.org/
    New Linux UEFI boot loader
    http://mjg59.dreamwidth.org/23113.html

    Even after some of the fixes in Ubuntu, it now turns out that Samsung can brick itself even with Windows.
    UEFI boot install & repair info - Regularly Updated :
    https://ubuntuforums.org/showthread.php?t=2147295
    Please use Thread Tools above first post to change to [Solved] when/if answered completely.

  4. #4
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Thank you both for the information - it was helpful. I will try downloading 12.10 again and see if it will boot the livecd now. I accidently trashed (like in actually put in the trash!) the last one I had for 12.10 - perhaps it was too early a version? I remember I got a message - the text of which I don't recall - which basically said I was not allowed to boot the OS.

    I'll let you know what happens with a new download.

    I guess the information I read may have been somewhat out of date. I'm glad to see that the Linux community been able to to use a key without having to release it publicly.

    I have uefi on the Asus M5A97 motherboard on my desktop and it has always booted everything fine. When I built that a little over a year ago I did more than just overkill for me (16gb, 8 core 3.1ghz cpu 1.5tb hard drive 60gb SSD), so I ordered this new laptop (it's just a Dell 15R) to just use and not the desktop, so I just sold the desktop on Ebay.

    The laptop has uefi and also has secure boot enabled. The livecd boot failed with a message indicating it could not boot the OS - this happens almost immediately.

    I was looking to see what progress has been made (and apparently a lot) on Ubuntu loading without turning secure boot off in the BIOS. If I can get the livecd to run so I can check things out, then would I be able to have Ubuntu installed on an external USB hard disk and still have Windows 8 be able to boot without the drive plugged in, or will it still be dependent on where grub is installed? Not sure I'm stating that correctly but I think you understand.

    Thanks again!

  5. #5
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Ok, I downloaded the 64-bit 12.10 ISO and burned it - this time at the BIOS boot selection screen showed uefi with ubuntu 12.10 so that's different then what I had before. I'm guessing my old disk was 12.04 or 12.10 prior to the change for the key being included. So, the good news is that the Live disk booted fine, wireless works and I'm posting this while running off the Live disk. Now I guess I could use some pointers to either a how-to for installing (things like how to partition in Windows 8, actually installing - I assume no different from any other install) and being sure I haven't messed up the ability to boot Windows 8, all with the uefi and secure boot still enabled.

    I'm sure this has all been asked a zillion times by now, but I can't seem to find a document that says with uefi do this to partition and install, if Windows 8 is installed and uefi and secure boot do this to partition and install, etc.. I'm hoping someone can point me to one already in existence that hopefully also has comments regarding special things needed for certain PCs.

    I've tried my best to try to understand all of the things that have changed since I "worried" much about learning the details. Windows 8 is at least to me a PITA. I would assume with a new PC with Windows 8 preloaded it is using the "new" partitioning scheme - I think that may be the dynamic partitions but I don't know. So, some pointers to threads/docs that explain that in relation to making room for ubuntu partitions would be greatly appreciated.

    I'm sorry I sound so dumb - normally this wouldn't be a problem for me at all, but before I ordered the PC I read many horror stories on the forums about installing and trying to dual-boot ubuntu and Windows 8.

    If it would be ok, I would like to try to create some sort of "how-to" thread at least for my model of laptop - perhaps the majority, if not all, of the specifics would be generic enough for it to be a how-to to which everyone could add things - that is, of course, if no such thing exists. So far the things I've been reading aren't really the whole picture. One of them even talks about just "forcing" the installation. I want to do it so that I have the absolute best possibility of success before I start (like almost everyone, I fought those battles when I first started using linux, and I'd prefer not to make similar mistakes that render my PC useless until a lot of manual work is done).

    Thanks again!
    Last edited by squakie; February 19th, 2013 at 05:45 AM.

  6. #6
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Okay - the partitions were of basic layout, and there were 4 system/oem partitions and a primary partition that Windows is on. I ran the optimize and defrag tool in Windows 8, rebooted, then went in via Windows 8 disk management and shrank that partition by 50gb (it's a 1tb drive, so I have plenty of space). Then rebooted again to be sure Windows was ok.

    Booted the livecd for ubuntu 12.10 64-bit downloaded today, selected install, went to the manual partitioning (I believe it's always been called "Something Else"). I created a new swap partition (logical), a root partition (/) (logical) and a home partition (logical). I let the install continue from there.

    Upon reboot, no grub menu - boots straight into Ubuntu. I know I didn't wipe out the Windows partitions. Right now I don't understand why no grub menu. I'm going to try update grub and see what happens. I've seen mention of this in other threads when installing for dual boot with Windows 8, so I need to go back and re-read a ton of those to try to figure this out.

  7. #7
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Just trying to document every step I am taking so others can see if they are experiencing similar problems.

    I restarted the PC and (on my PC it's press F12) went to the boot selection menu. Windows 8 is still there and boots fine when I select it there.

    Ubuntu is the first OS on the boot selection menu (not grub - it never gets there). Windows 8 is 2nd. If I select Ubuntu, it boots fine as well - but no grub menu.

    I ran update-grub and it only found the Ubuntu installation. It said it was updating grub so that it included EFI boot.

    So, now it's back out to try to find something else to try.

  8. #8
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Found posts saying to run the boot-repair disk. Downloaded and burned it, but it's not uefi so it doesn't show in the boot options.

    Which also leaves me a little confused: I thought secure boot is what said you needed a key, and while it is against my aim (installing this without needing to know much - like a new user!) I did turn secure boot off. However the CD doesn't show in the BIOS boot menu - so this must be something with uefi, and I didn't think uefi was supposed to lock you out of anything - just provide a means to extend the BIOS on board.

    Going to try installing boot-repair directly in my running Ubuntu and see what happens then.

  9. #9
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Well, it is working, but not the way intended. I now have to leave secure boot disabled in the BIOS in order to boot ANY OS.

    I assume it has something to do with this sequence of events:

    - when I couldn't find the boot-repair disk in the BIOS boot selection menu, I thought "well, it probably doesn't have a key, so I should disable secure boot" - and that's what I did.

    - still ended up having to install boot-repair in Ubuntu - and here is where I think I made my mistake:

    • I installed it to my RUNNING ubuntu installation
    • I ran it from my RUNNING ubuntu installation but had forgotten to re-enable secure boot. I can only assume (don't have a clue) that this resulted in something in the boot repair not building something somewhere (a EFI table?) with the secure boot key for windows and for ubuntu since secure boot was off.

    To me, and I'm not saying this is ubuntu's fault - I think it's more of a matter of a combination of EFI/UEFI, my PC, and yes - the secure boot option and the signing keys. Any way you cut it, there's no way to expect a new user with a new PC with Windows 8 to be able to install ubuntu and get things dual booting, at least by my experience. I had to try some things a newbie both wouldn't know and SHOULDN'T need to know. That's why I'm not putting details here - because I ended up with my PC saying that neither Windows or Ubuntu could boot because they didn't meet the current security. I had to turn off secure boot to get around that, and personally I'd rather leave secure boot on.


    So, since things are already messed up, I'm going to try the following and see if it works or not:

    • enable secure boot in the BIOS
    • boot using the ubuntu 12.10 to the desktop via "Try Ubuntu"
    • reconfigure and update grub

    If that doesn't work, I'll have to add boot-repair to the mix when running off the livecd.


    Just shooting in the dark right now, and feeling both extremely stupid and extremely frustrated that there don't appear clear instructions for a novice to install ubuntu in dual-boot with Windows 8, UEFI and secure boot. Like I mentioned, the user shouldn't have to know squat about UEFI and secure boot, and shouldn't need to try to understand boot repair - a lot of the users aren't engineers - myself included. Those days are long in the past for me and I really hadn't planned on being that again on something new.


    So excuse my rant, but I am frustrated. I'm not a new user. I'm not a big-time expert, but I am far from a beginner. At least in the "old" days the frustrations were things like wireless not working and graphics drivers. Right now I have a PC I can't even boot with secure boot on - and I shouldn't have to know anything about any of those things in the background.


    I'll post back after I try the latest. It may be that I'll have to recover my PC (sure hope the "Factory Restore" disks I created in the Dell menu work!) back to as-delivered and skip ubuntu for now (and that would make me frown).

  10. #10
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Wink Re: Booting install CD when uefi and secure boot are enabled

    Well, that got me back to secure boot for Ubuntu, however selecting any of the Windows entries results in an error about cannot load - not a security issue like before - it almost looks like it can't FIND something - a boot loader? - I have no idea.

    Time for me to backup a few things via ubuntu, then use the restore disks and put my system back where it was.

    I really just don't have an interest in "fighting" an install again - I thought we were past that.

Page 1 of 6 123 ... LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •