Page 1 of 2 12 LastLast
Results 1 to 10 of 55

Thread: [SOLVED] Booting install CD when uefi and secure boot are enabled

Hybrid View

  1. #1
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    [SOLVED] Booting install CD when uefi and secure boot are enabled

    I had a previous post asking about installing Ubuntu on a new laptop with Windows 8, and was given some pointers and some things to read. With the reading and research I've done, I felt it was more appropriate to open a new thread.

    My understanding, put in simple terms, is that the problem comes in with secure boot enabled in the BIOS. Microsoft wanted to try to cover some of the security holes, so with secure boot it requires a key in a database that says it's ok to use the binary - in this case the boot loader. In this way malware attempts at modifying the boot will not "take" in that the computer will not boot.The argument is legitimately there that is also Microsoft trying to restrict what OS is being installed. It appears that Fedora and Canonical have 2 different approaches to this, with Canonical's still being questionable in terms of needing the key to be secure versus the Free Software Foundation's GPLv3 usage saying the source must be available - and in this case the argument is about the key. Everything I have read so far hasn't indicated if that issue has been resolved yet. This is being attempted so that the normal user doesn't have to have any knowledge of or any interfacing to the secure boot technology.

    I have read that 64-bit Ubuntu 12.04.03(?) and 12.10 have had the ability to detect uefi and secure boot and work around it to some degree.

    So, with that in mind, and given that I have a new Dell laptop with Windows 8, uefi, and secure boot enabled and that I don't want to do something to that would effect my warranty, will the Ubuntu 12.10 64-bit install CD actually boot when uefi and secure boot is enabled? What I've tried so far has not been allowed to boot.

    Sorry if this sounds sort of technical - I've tried to dumb it down as best I can. I also hope that my understanding and how I have worded it here are accurate. My concern is for myself, for current users who buy a new PC and for those people with newer hardware (uefi with secure boot enabled) to be able to boot the install CD, install Ubuntu and still be able to boot everything on the system okay when all is done.

    I believe this applies to systems with Windows 8, but I may be in error there.

    In looking at the forum, it appears there are a lot of people who have been having problems with uefi and Windows 8 - and I believe some of those are related to secure boot being enabled in the BIOS. So obviously it is a "big" deal. I'm just looking at the simplest usage - just trying to boot the install CD, while I recognize that this "simplest usage" also goes right to the heart of the matter.
    Last edited by squakie; March 13th, 2013 at 02:26 AM.

  2. #2
    Join Date
    Jun 2010
    Location
    London, England
    Beans
    Hidden!
    Distro
    Ubuntu Development Release

    Re: Booting install CD when uefi and secure boot are enabled

    I have read that 64-bit Ubuntu 12.04.03(?) and 12.10 have had the ability to detect uefi and secure boot and work around it to some degree.
    To be accurate that is 64 bit Ubuntu 12.04.2. This second point release of Ubuntu 12.04 now has the kernel from 12.10 = Linux 3.5.0 kernel. It is this kernel that has been signed by a key validated by Microsoft. So, there are now 2 versions Ubuntu that should load and install (all things being equal) on a secure boot enabled motherboard. That is 12.04.2 and 12.10.

    You say that the live session is not loading? Is there any message or signs and symptoms to indicate what the reason is? The issue might not be anything to do with Secure boot but something else - such as the need to use one of the F10 options.

    From my browsing of the forums I see more than just an issue with secure boot being enabled. That should not be an issue at all. I do see issues with Fast boot being enabled and Windows dynamic disks and Windows using up all 4 allowed primary partitions. Then there is a failure to defrag the Windows partitions before moving/resizing them and not using Windows utilities to remove/resize Windows partitions. And do not forget the failure of users to do the research.

    Linux has been able to deal with UEFI and GPT for years now. The present the complications come from OEMs deviating from the specifications (such as Samsung) and users having, what I think of, as the unreasonable expectation that they should be able to install Linux on any hardware, even the very latest hardware, with any operating system already installed.

    As regards this comment

    with Canonical's still being questionable in terms of needing the key to be secure versus the Free Software Foundation's GPLv3 usage saying the source must be available
    Read this and you will see that the Linux Foundation has taken the same approach as Canonical.

    http://blog.hansenpartnership.com/li...stem-released/

    As regards the Fedora approach, read this

    http://mjg59.dreamwidth.org/19448.html?thread=724984

    And note this:

    As originally envisaged it would do nothing other than load and execute appropriately signed binaries, but it's got a little more complicated than that now. It is, however, basically feature complete at this point - I don't expect it to grow significantly further.
    I do not know of any way to install a Linux distribution without getting a kernel key from Microsoft so that appropriately signed binaries will be recognised as valid. And then there is this comment:

    the Free Software Foundation's GPLv3 usage saying the source must be available -
    That has been resolved long ago. Canonical was not going to use Grub in 12.10 because of the FSF's lack of clarity on this matter. Then the FSF cleared things up (indicated that they would not take Canonical to court for not revealing the secure boot key) and so Grub was put back as the boot loader for 12.10 and is still the boot loader for 13.04.

    Regards.
    Last edited by grahammechanical; February 18th, 2013 at 04:52 PM.
    It is a machine. It is more stupid than we are. It will not stop us from doing stupid things.
    Ubuntu user #33,200. Linux user #530,530


  3. #3
    Join Date
    Jun 2009
    Location
    SW Forida
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Booting install CD when uefi and secure boot are enabled

    From what I have seen a few systems just work, a few have issues and some just do not work.

    But the issue is the vendors implementation of UEFI. The Microsoft spec says that the user must be able to turn off secure boot. And some users have posted that they can dual boot with secure boot on or off.

    Some Toshiba's will not boot.
    they managed to leave the signing key out of the database that's used to validate binaries

    Lenovo ThinkCentre M92p only boots Windows or Redhat. Hard coded into UEFI.
    http://www.phoronix.com/scan.php?pag...tem&px=MTIyOTg
    http://mjg59.dreamwidth.org/20187.html?thread=774619


    UEFI boot live-usb bricks SAMSUNG 530U3C,np700z5c laptop - fix released
    https://bugs.launchpad.net/ubuntu-cdimage/+bug/1040557
    http://www.h-online.com/open/news/it...s-1793958.html
    The problem also appears to affect Ubuntu 12.10 and other Samsung models. The Ubuntu bug report includes posts from users reporting that the problem also affects 300E5C, NP700Z5C, NP700Z7C and NP900X4C series laptops.


    Protection against Samsung UEFI bug merged into Linux kernel
    http://www.h-online.com/open/news/it...l-1795332.html
    Since these patches have not yet been integrated into the installation media for these distributions, users should always use the UEFI firmware's Compatibility Support Module (CSM), which emulates a BIOS mode, when booting on affected laptops.
    The current state of UEFI and Linux = Feb 1, 2013 - Matthew Garrett
    Samsung, Lenovo & Toshiba UEFI issues
    http://mjg59.dreamwidth.org/22028.html
    Matthew Garrett's Blog
    http://mjg59.dreamwidth.org/
    New Linux UEFI boot loader
    http://mjg59.dreamwidth.org/23113.html

    Even after some of the fixes in Ubuntu, it now turns out that Samsung can brick itself even with Windows.
    For more info on UEFI boot install & repair - Regularly Updated :
    http://ubuntuforums.org/showthread.php?t=2147295
    Please use Thread Tools above first post to change to [Solved] when/if answered completely.

  4. #4
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Thank you both for the information - it was helpful. I will try downloading 12.10 again and see if it will boot the livecd now. I accidently trashed (like in actually put in the trash!) the last one I had for 12.10 - perhaps it was too early a version? I remember I got a message - the text of which I don't recall - which basically said I was not allowed to boot the OS.

    I'll let you know what happens with a new download.

    I guess the information I read may have been somewhat out of date. I'm glad to see that the Linux community been able to to use a key without having to release it publicly.

    I have uefi on the Asus M5A97 motherboard on my desktop and it has always booted everything fine. When I built that a little over a year ago I did more than just overkill for me (16gb, 8 core 3.1ghz cpu 1.5tb hard drive 60gb SSD), so I ordered this new laptop (it's just a Dell 15R) to just use and not the desktop, so I just sold the desktop on Ebay.

    The laptop has uefi and also has secure boot enabled. The livecd boot failed with a message indicating it could not boot the OS - this happens almost immediately.

    I was looking to see what progress has been made (and apparently a lot) on Ubuntu loading without turning secure boot off in the BIOS. If I can get the livecd to run so I can check things out, then would I be able to have Ubuntu installed on an external USB hard disk and still have Windows 8 be able to boot without the drive plugged in, or will it still be dependent on where grub is installed? Not sure I'm stating that correctly but I think you understand.

    Thanks again!

  5. #5
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Ok, I downloaded the 64-bit 12.10 ISO and burned it - this time at the BIOS boot selection screen showed uefi with ubuntu 12.10 so that's different then what I had before. I'm guessing my old disk was 12.04 or 12.10 prior to the change for the key being included. So, the good news is that the Live disk booted fine, wireless works and I'm posting this while running off the Live disk. Now I guess I could use some pointers to either a how-to for installing (things like how to partition in Windows 8, actually installing - I assume no different from any other install) and being sure I haven't messed up the ability to boot Windows 8, all with the uefi and secure boot still enabled.

    I'm sure this has all been asked a zillion times by now, but I can't seem to find a document that says with uefi do this to partition and install, if Windows 8 is installed and uefi and secure boot do this to partition and install, etc.. I'm hoping someone can point me to one already in existence that hopefully also has comments regarding special things needed for certain PCs.

    I've tried my best to try to understand all of the things that have changed since I "worried" much about learning the details. Windows 8 is at least to me a PITA. I would assume with a new PC with Windows 8 preloaded it is using the "new" partitioning scheme - I think that may be the dynamic partitions but I don't know. So, some pointers to threads/docs that explain that in relation to making room for ubuntu partitions would be greatly appreciated.

    I'm sorry I sound so dumb - normally this wouldn't be a problem for me at all, but before I ordered the PC I read many horror stories on the forums about installing and trying to dual-boot ubuntu and Windows 8.

    If it would be ok, I would like to try to create some sort of "how-to" thread at least for my model of laptop - perhaps the majority, if not all, of the specifics would be generic enough for it to be a how-to to which everyone could add things - that is, of course, if no such thing exists. So far the things I've been reading aren't really the whole picture. One of them even talks about just "forcing" the installation. I want to do it so that I have the absolute best possibility of success before I start (like almost everyone, I fought those battles when I first started using linux, and I'd prefer not to make similar mistakes that render my PC useless until a lot of manual work is done).

    Thanks again!
    Last edited by squakie; February 19th, 2013 at 05:45 AM.

  6. #6
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Okay - the partitions were of basic layout, and there were 4 system/oem partitions and a primary partition that Windows is on. I ran the optimize and defrag tool in Windows 8, rebooted, then went in via Windows 8 disk management and shrank that partition by 50gb (it's a 1tb drive, so I have plenty of space). Then rebooted again to be sure Windows was ok.

    Booted the livecd for ubuntu 12.10 64-bit downloaded today, selected install, went to the manual partitioning (I believe it's always been called "Something Else"). I created a new swap partition (logical), a root partition (/) (logical) and a home partition (logical). I let the install continue from there.

    Upon reboot, no grub menu - boots straight into Ubuntu. I know I didn't wipe out the Windows partitions. Right now I don't understand why no grub menu. I'm going to try update grub and see what happens. I've seen mention of this in other threads when installing for dual boot with Windows 8, so I need to go back and re-read a ton of those to try to figure this out.

  7. #7
    Join Date
    Jun 2009
    Location
    SW Forida
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Booting install CD when uefi and secure boot are enabled

    Post the latest BootInfo report.

    You are the first Dell that I have seen with issues. In fact of all the UEFI systems those with Dells seem to be the easiest. But any of the high end systems with Ultrabook, dual video or Intel SRT complicate the process immensely.

    One user with a Dell 14 (?) just reported it could just install and it worked with UEFI. Not sure if he just turned secure boot off or not.

    Was this originally Windows 8? Microsoft has the vendors restricted on new drivers for Windows 7 for new Windows 8 systems. Any of the new features may not get new drivers for Windows 7. So only those systems with the same configuration as a Windows 7 system will work. They do not want users changing back like they did with Vista back to XP.

    Installing Ubuntu 12.10 x64 on Dell XPS 13 Alongside Windows from USB New user with Details
    http://ubuntuforums.org/showthread.php?t=2108450
    Dell XPS 14 Ultrabook what works
    http://ubuntuforums.org/showthread.php?t=2116597
    HOWTO Ubuntu 12.10 x64 Dell XPS 14 (UEFI + Intel Rapid Start Technology + Flashcache), bumblebee - Details
    http://ubuntuforums.org/showthread.php?t=2117166
    Dell XPS13 general info mega-thread
    http://ubuntuforums.org/showthread.php?t=1932965
    For more info on UEFI boot install & repair - Regularly Updated :
    http://ubuntuforums.org/showthread.php?t=2147295
    Please use Thread Tools above first post to change to [Solved] when/if answered completely.

  8. #8
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    I didn't see anything in the BIOS setup about rapid start, etc. It's just pretty basic in the BIOS setup. It does have a "Restore Factory Defaults" option and a "Delete All Security Boot Keys" option - I've never touched either.

    When I power on the system now I get the following (took several boots so I could catch it all):

    failed to open \EFI\Microsoft\Boot\grubx64.efi
    failed to load grub
    failed to open \EFI\BOOT\grubx64.efi
    failed to load grub
    checking media [Fail]
    checking media [Fail]
    Secure boot not enabled

    then I get a grub menu, Ubuntu at the top, a crap load of various Windows boot options, and finally the Windows option I added via 40_custom in \etc\grub.d

    Please note the messages (except for the Secure boot message) are the same at power up with Secure boot enabled or disabled.

    The link to the boot info (just ran fresh) is http://paste.ubuntu.com/5596684

    I'll try to look at all this stuff again. The laptop was new the 2nd week of February of this year. Dell 15R 5521. I have found no mention of rapid start, etc.. The only thing that appears to be from Intel in the BIOS setup is an option for cpu throttling (at least that's what it appears to be to me). It did come with Windows 8 pre-installed. Dell itself has no Windows 7 drivers listed for it that I could find. I did find references for Windows 7 drivers for it from other sources on the net. Dell also doesn't seem to want me to have any form of Windows 7 from them either unless you have Windows 8 Pro. I really hate the idea of getting another OEM Windows 8 at the wholesaler again - sent the previous one with the desktop I just sold. I was SO hoping that if I had Windows 7 I could turn all of this UEFI crap off, create a legacy partitioned disk, install Windows 7 and install Ubuntu as normal for dual boot. I hate to say it, so I'll preface it with it's just my opinion with my experience, but I absolutely HATE Windows 8. I mean REALLY hate. I'm not an OS bigot, and have always had Windows available on 1 of my PC's (down to 2 now, with 1 being for "supposedly" controlling my meager telescope.

    I don't know why this thing is being so difficult. Since Windows 8 currently won't boot from anywhere - including the F12 boot selection screen - I'm pretty sure I'm going to have to re-install the disk image again, which means it will be back to as-delivered condition. I can do that and then just leave it there, or I can do that, optiize the disk and shrink the disk to make room for Ubuntu and leave it there if preferred to start the Ubuntu installation all over again, in case there is anything I could have messed up that you might want me to try from that point.

    I also thought Dell would work the best - I researched this online and in the forum before I ordered it and it seemed people were having problems with other systems and even some Dell's, but not the model I ordered. It's nothing fancy like the XPS line, etc..

  9. #9
    Join Date
    Jun 2009
    Location
    SW Forida
    Beans
    Hidden!
    Distro
    Ubuntu 16.04 Xenial Xerus

    Re: Booting install CD when uefi and secure boot are enabled

    What makes a 15R different than the links I posted above that all worked to dual boot?

    But it may just be Windows 7 will not work on that system.
    For more info on UEFI boot install & repair - Regularly Updated :
    http://ubuntuforums.org/showthread.php?t=2147295
    Please use Thread Tools above first post to change to [Solved] when/if answered completely.

  10. #10
    squakie is offline I Ubuntu, Therefore, I Am
    Join Date
    Oct 2012
    Beans
    2,238
    Distro
    Ubuntu 14.04 Trusty Tahr

    Re: Booting install CD when uefi and secure boot are enabled

    Don't ask me. I've done some more reading elsewhere as well as re-re-reading the information and links you posted. What I have found is:

    only the grub menu entries that reference the backup files:

    menuentry "Windows UEFI recovery bkpbootmgfw.efi" {
    search --fs-uuid --no-floppy --set=root 5A35-6AF0
    chainloader (${root})/EFI/Microsoft/Boot/bkpbootmgfw.efi
    }

    menuentry "Windows Boot UEFI recovery" {
    search --fs-uuid --no-floppy --set=root 5A35-6AF0
    chainloader (${root})/EFI/Boot/bkpbootx64.efi
    }

    Will boot Windows. The rest either have root defined differently or they don't reference one of the backup files (bkp.......efi).

    Please note I have done EVERYTHING as mentioned in this thread and in the links you provided. I don't know why it doesn't work on a Dell Inspiron 15R 5521 - but it's not in the XPS series. It also doesn't have any options for Intel Smart Connect Technology or Intel Rapid Start Technology. The are only 3 things it has that have even remotely been mentioned in the various discussion of this problem:

    - Intel Speed Step - I thought this was only CPU automatic throttling, but I disabled it any way

    - UEFI - that's how it's set up. The install CD was the UEFI 64-bit 12.10 CD - had to boot it via the F12 boot selection menu (on this PC) and selecting the UEFI ubuntu dvd.

    - secure boot - it has made no difference whether this is enabled or disabled.

    So, to summarize again how things were installed (matches the links):

    - Windows 8 (not the Pro edition though) was pre-installed
    - using the Windows 8 tools, ran Optimize (crunches and defrags) 2 times
    - using the Windows 8 disk management tools I shrank the existing relavent partition
    - using the UEFI "enabled" 64-bit 12.10 CD, installed Ubuntu. Typical Windows boot problem from the bug. Ran boot-repair selecting the default.

    This was done with secure boot on and with secure boot off. It always behaved the same.

    This all matches everything I have read on how to do this. The "extras" have always involved Intel Smart Connect (I don't have it that I can find anywhere in the BIOS setup) and Intel Rapid Staart Technology (again, I don't have it that I can find anywhere in the BIOS setup).

    The grub menu entries, and apparently however they coexist with UEFI, don't work. Only the backup efi files work.

    So, I can get to Windows, but not by anything that closely resembles "normal" grub menu entries - these are all labeled something like recovery or backup - don't remember the exact words.

    What I need to do know is to stop grub-mkconfig and update-grub from finding anything but Ubuntu entries and rely solely on the 40_custom file in /etc/grub.d so I would only have 2 options for Ubuntu and 1 for Windows. I currently don't know how to override the searching and creating of grub menu entries for the various Windows as it does now. I'm sure I'll find that somewhere.

    So, without reloading the disk image and doing this all over again (as I have already done), the only thing I can do is have the grub menu reference the backup (bkp) .efi files so I can boot Windows.

    If you know another way to correct this, please let me know. boot-repair doesn't.
    Last edited by squakie; March 9th, 2013 at 04:45 AM.

Page 1 of 2 12 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •