Linux and secure boot
Welcome, Guest.
We're BACK! Some users will need to upload new avatars to their profile, sorry about that! Registrations are temporarily closed. -Spat

Author Topic: Linux and secure boot  (Read 733 times)

Offline Challene

  • Jr. Member
  • ***
  • Posts: 89
Linux and secure boot
« on: February 15, 2020, 11:05:54 AM »
Hello everyone!
I've bought a new laptop and the only linux distros I had installed successfully are Antix19 and Lubuntu 18.04. I've tried to find any info about that and found that many of linux distros don't like secure boot. So I believe that I have to disable it. But is it a right decision? ???

Offline eronis

  • Full Member
  • ****
  • Posts: 133
Re: Linux and secure boot
« Reply #1 on: February 15, 2020, 12:17:31 PM »
If you got a distro installed on your device and got it working properly, then why would you mess with BIOS settings? It could only mess your system up meaninglessly.

If it's working, don't fix it.
The Linux philosophy is 'Laugh in the face of danger'. Oops. Wrong One. 'Do it yourself'. Yes, that's it. --Linus Torvalds

Offline Challene

  • Jr. Member
  • ***
  • Posts: 89
Linux and secure boot
« Reply #2 on: February 15, 2020, 12:25:24 PM »
If you got a distro installed on your device and got it working properly, then why would you mess with BIOS settings? It could only mess your system up meaninglessly.

If it's working, don't fix it.

The only reason why, because I was using Slackware for years and I want to continue to use it. Yes, I do have a distro installed and it working properly, but it's not the distro I want :( Hmm, I was thinking that I told about this in the first post :o Seems like I forgot to add about Slackware  :-\ I'm sorry for that.

Offline Kalthrix

  • Staff Member
  • ********
  • Posts: 1284
Re: Linux and secure boot
« Reply #3 on: February 15, 2020, 03:34:56 PM »
It won't hurt anything if you disable secure boot. I personally don't use it on my Linux rig. The only thing that it does is prevent the system from booting if a bootkit or other malicious code was inserted into the EFI binary. We're a bit less vulnerable to these on Linux, so I'd honestly just shut it off and use your preferred distro. :)

Offline Challene

  • Jr. Member
  • ***
  • Posts: 89
Re: Linux and secure boot
« Reply #4 on: February 15, 2020, 04:06:38 PM »
It won't hurt anything if you disable secure boot. I personally don't use it on my Linux rig. The only thing that it does is prevent the system from booting if a bootkit or other malicious code was inserted into the EFI binary. We're a bit less vulnerable to these on Linux, so I'd honestly just shut it off and use your preferred distro. :)

Thanks, for the info, Kalthrix. I'll install then Slackware again tomorrow. Yay :D

Offline Ironclaw

  • Terminal Multiplexer
  • Staff Member
  • ********
  • Posts: 357
Re: Linux and secure boot
« Reply #5 on: February 21, 2020, 01:10:17 AM »
I've never hesitated to disable secure boot, it's not like it's really a security feature anyhow.  If something manages to write to your boot sector, you're way more screwed than you know and there is nothing short of a restore from a good backup that will fix it.  It's more of a lock-in feature from Microshaft.

I even had to disable the secure boot feature on my mom's new PC last weekend, which unfortunately is running windows 10, so that I could boot linux from a flash drive and copy the contents of the old drive into a directory on the new one.
If you must persist, I will be forced to tar you, then gzip you and finally umount you.

Offline Spatry

  • Benevolent Dictator
  • Administrator - Sysop
  • **********
  • Posts: 5583
  • Cup of Linux Founder
    • Cup of Linux
Re: Linux and secure boot
« Reply #6 on: February 21, 2020, 06:50:35 AM »
I am with Ironclaw on that one... Secure boot was made by M$ to prevent people from switching to another OS. When they saw the rise in popularity some distributions were getting, they saw that as a threat and wanted to do something about it.
Windows assumes the user is an idiot... Linux DEMANDS Proof!

Offline Challene

  • Jr. Member
  • ***
  • Posts: 89
Linux and secure boot
« Reply #7 on: April 27, 2020, 03:09:37 AM »
Hello everyone!
Thanks to all of you for help! Here's one more interesting thing that I want to ask:

My friend need to use w!nd0ws for studying, but he want to use linux. Because it will be his first attempt with linux(VMs are not good choice for laptop with ~4 GB of RAM and windows 10 on board), I recommended to try Antix or any other live CD distros on his USB stick, but the boot menu don't see any other devices(Except HDD). As I already know from your answers, that's because of secure boot. I told my friend that he need to turn it off, but the strangest thing for us was this one:

If you want to disable secure boot on acer laptop, you need to create a bios password for some reason. I do understand that this password will not affect to the boot process and it will only needed if you'll try to change something in BIOS. But still I decided to ask you about this, because I'm not that good at this.
If he will set BIOS secure password, will this affect somehow on boot process? for example ->

1. It will ask password on boot
2. w!nd0ws will not boot
3. Anything else?

Super sorry for disturbing you :(

Offline Ironclaw

  • Terminal Multiplexer
  • Staff Member
  • ********
  • Posts: 357
Re: Linux and secure boot
« Reply #8 on: April 28, 2020, 12:39:15 AM »
Sometimes it depends on the laptop and it's firmware.  On this Lenovo you can't simply boot from a USB stick, it will always default to the optical drive, then the hard drive.  To get around this they have the "boot button" that's a recessed power switch that brings up the boot menu.  Very strange feature but it was documented in the manual at least.

As for the password, never seen where that needed to be set to disable the secure boot, but it's not overly surprising.  They sold secure boot as a security feature.
If you must persist, I will be forced to tar you, then gzip you and finally umount you.

Offline Kalthrix

  • Staff Member
  • ********
  • Posts: 1284
Re: Linux and secure boot
« Reply #9 on: April 28, 2020, 11:42:17 AM »
Some laptops, like my old ASUS Transformerbook T100 are Secure Boot locked. It's still possible to boot Linux, although requires modifying the Windows boot loader. Not possible to run it by itself. I think Acer does this on their more budget laptops.

https://www.asus.com/us/2-in-1-PCs/ASUS_Transformer_Book_T100_Chi/

Offline Ironclaw

  • Terminal Multiplexer
  • Staff Member
  • ********
  • Posts: 357
Re: Linux and secure boot
« Reply #10 on: April 29, 2020, 02:15:35 AM »
I think I would refer to that as a piece of crap.
If you must persist, I will be forced to tar you, then gzip you and finally umount you.

Offline Crimson

  • Contributor
  • *******
  • Posts: 557
  • Defeating a sandwich only makes it tastier.
    • «FC» FunHouse Clan
Re: Linux and secure boot
« Reply #11 on: April 29, 2020, 05:17:38 AM »
Fascinating read about Secure Boot on WiKi...



https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Secure_boot_criticism



https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#SECURE-BOOT


Personally, I haven't had any issues disabling secure boot, IMO it's useless and only serves to get in the way. I keep EFI on with Legacy/CSM disabled.

Custom PC Intel® Core™ i7-4790K Radeon™ RX 5700 XT 16GB DDR3 256GB M.2 NVMe 5.5TB Storage

Offline Challene

  • Jr. Member
  • ***
  • Posts: 89
Re: Linux and secure boot
« Reply #12 on: April 29, 2020, 05:11:28 PM »
Thanks for the info and links to Wiki! :) We'll try to boot linux on his laptop :D

Offline Kalthrix

  • Staff Member
  • ********
  • Posts: 1284
Re: Linux and secure boot
« Reply #13 on: April 29, 2020, 06:24:22 PM »
I think I would refer to that as a piece of crap.

It really was. Ran on an 64-bit Atom processor and 2GB RAM on Windows 10 32-bit (although it originally shipped with Windows 8 ). It could barely manage to load the OS, let alone anything else. Couldn't even properly stream YouTube at 720p. So, essentially it was utterly useless. Sold it to someone else who had recently damaged theirs for dirt cheap. I think I parted with it for only $20.