PC 21C & Secure Boot

From Info Wiki
Revision as of 03:01, 14 September 2016 by Rpeters (talk | contribs) (added outline for AF drives & GPT partitioning)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigationJump to search

The new technologies being introduced with PC & disk drives manufactured in 2011 and later include the core technology of UEFI firmware and its related technologies:

  • AF disk drives
  • GPT disk partitioning
  • EFI boot routine
  • Secure Boot (within the UEFI firmware)

More detailed guidelines, help and recommendations are available from:

http://rodsbooks.com

Many mainboards that were manufactured by Intel from 2006 include (U)EFI, but are likely to require upgrading to the latest available firmware release, in order to work reliably with the first three technologies above. Intel provide an ISO image of a bootable CD, which allows the upgrade to be done without Windows.

EFI Boot

The EFI bootloader within UEFI is capable of booting a kernel image directly, provided that the image has an extension of .efi. Getting this working, directly, requires being able to add to the boot entries in the mainboard's setup and this feature is not implemented on all mainboards. After entering the mainboard's setup, folllow the trail:

Boot tab -> Boot Priority -> Add entry

Workarounds include:

  1. many current Linux installer routines will place an entry for a bootloader (eg grub.efi, although it is likely to be named after the distro) in the mainboard's boot priority list
  2. the rEFInd boot manager from the above site will place an entry for itself in the mainboard's list.
    • rEFInd is more flexible, being able to select various boot devices:
      • a bootloader such as grub.efi
      • a CD or USB boot device or
      • a kernel file having .efi extension
    • rEFInd also presents an attractive boot menu, having icon-interface

EFI boot looks for FAT32 partitions having type code ef00 (type ESP). Contemporary kernel + initrd occupy > 20 MB. An ESP of several hundred MB is advisable if many OS will be installed on the PC or if older kernels are being retained.

Secure Boot

The situation in early 2015 is:

  • most "mainstream" Linux can be installed and booted with secure boot enabled
  • less popular distribution might work only if secure boot has been set to DISABLED
    • UEFI settings routine might require that a password be set for UEFI before disabling secure boot
    • if such password were forgotten then it might not be possible to later change settings.

The UEFI specification does provide for Secure Boot to be able to be disabled

  • AMI provide this feature in their UEFI (although hardware makers might not implement it)
  • Award/Phoenix ?

Linux users are advised not to purchase a new computer (desktop or laptop) without first confirming that it will boot Linux (eg from CD Live CD or installed to USB stick) Secure boot can be disabled on the following models:

Acer Notebooks

  1. Completely shut down your computer
  2. power up/reboot and press F2
  3. Use the right arrow key to select Security
  4. Use the down arrow key to highlight Set Supervisor Password and press Enter.
  5. Create a password and press Enter. Retype the password to confirm and press Enter again.
  6. Use the right arrow key to select Boot.
  7. Press the down arrow key to select Secure Boot and press Enter.
  8. With the arrow key, highlight Disabled and press Enter.
  9. Press the F10 key and select Yes to save the changes and exit the BIOS.

Samsung Notebooks

  1. Restart the computer and press 'F2' key 4-5 times to access ‘BIOS Setup’.
  2. Press 'F9' key to initialize the 'BIOS' settings.
  3. Press 'F10' key to save 'BIOS' settings then restart the system.
  4. Restart the computer and immediately begin pressing 'F2' key 4-5 times to access ‘BIOS Setup’.
  5. Go to 'Boot' menu.
  6. Set the 'Secure Boot' option to [Disabled], and set the 'OS Mode Selection' menu to [CSM OS].
  7. Set the ‘Fast BIOS Mode’ in the ’Advanced’ menu to [Disabled].
  8. Press 'F10' key to save 'BIOS' settings then restart the system.
  9. Select the 'Boot Device Priority' in the 'Boot' menu then press 'F5' or 'F6' key to move the DVD to top position.
  10. Press 'F10' key to save 'BIOS' settings then restart the system.

http://www.jbhifi.com.au/computers/samsung/15-notebook-sku-90670/


AF Drives

  • are compatible with Linux kernels 3.n.n and later
  • improve capacity and performance of spinning media eg HDD
  • is generally not implemented on SSD
    • no performance benefit
    • not required for capacity #> 2 TB
    • inadvisable to apply to SSD - contemporary partitioning utilities such as gparted, gdisk etc take account of SSD


GPT Partitioning

  • is compatible with Linux kernels 3.n.n and later
  • more robust partition table, less likely to be corrupted
  • can also be used on HDD/SSD << 2 TB
  • requires a simple work-around of a "BIOS boot partition" (type ef02) when used on a bootable drive with a mainboard utilising a BIOS (as opposed to UEFI)
    • also requires a patched verion of Grub-legacy. Compatible with Grub 2

Rod14:03, 18 Freruary 2014 (EST)