Re: Laptops, UEFI, Secure Boot and Debian
On Sat, 23 May 2015, Petter Adsen wrote:
> On Sat, 23 May 2015 09:04:55 -0700
> Patrick Bartek <nemommxiv@gmail.com> wrote:
>
> > On Sat, 23 May 2015, Petter Adsen wrote:
> >
> > > On Fri, 22 May 2015 23:53:14 -0700
> > > Patrick Bartek <nemommxiv@gmail.com> wrote:
> > >
> > > >
> > > > Researching a laptop purchase (within the next 6 months or so)
> > > > to replace my aging Desktop (1 to 8.5 years depending on which
> > > > parts). Going to abandoned the Big Box forever. Need to be very
> > > > portable in the next year or two. Two questions to begin:
> > > >
> > > > 1. Many laptops seem to only be able to turn off Secure Boot
> > > > through the OS, Windows 8.x, or so I've researched. However,
> > > > I've read some makes (Asus, Lenovo, Dell and HP) can do it
> > > > directly through "BIOS" without needing to boot Windows? True?
> > > > Any others?
> > >
> > > I don't have a laptop myself (don't like them), but every one I've
> > > seen so far has had a switch to disable Secure Boot in the BIOS.
> > > AFAIK, that switch is mandatory to adhere to the "Built For
> > > Windows 8" MS program, although it is only optional for the
> > > coming Windows 10 program. That might be something to watch out
> > > for.
> >
> > I've read about that, but right now until W10 in its final form is
> > release, nobody really knows for sure.
>
> Well, yes and no. We *do* know that the status has changed from
> "mandatory" to "optional", but whether hardware manufacturers will
> actually remove the ability to turn Secure Boot off remains to be
> seen.
Yes. I read that. Wonder what Microsoft has up its sleeve?
Maybe, this is indicative of W10 being even more insecure than previous
Windows' OSes.
> > > If this is going to become a real problem or not, we will just
> > > have to wait and see.
> > >
> > > > 2. How UEFI compatible is Debian Wheezy? What I'm running on
> > > > the Desktop. Or is Jessie the better choice. Or something else
> > > > entirely? Except Ubuntu variants (Hate it!). I don't want to
> > > > run in Legacy mode for future compatibility. I won't be
> > > > installing a desktop, just a window manager. Probably Openbox.
> > >
> > > You can find details here:
> > >
> > > https://www.debian.org/releases/stable/amd64/ch03s06.html.en#UEFI
> >
> > Yes, I read that during my initial research.
> >
> > > I believe the Canonical people have put some effort into becoming
> > > fully Secure Boot-compliant, but if you do not like them, then
> > > that is not an option. There are also others (RedHat?) but I can't
> > > remember who.
> >
> > That compatibility comes from the Linux manufacturer buying a
> > Microsoft Secure Boot key which Canonical and RH have. SUSE, too, I
> > think. Don't know how much that costs them. I prefer not to have
> > Linux under Microsoft's thumb that way.
>
> I absolutely agree.
>
> > I have no problems with turning Secure Boot off and leaving it off.
> > It's just that I fear that in the future one won't be able to turn
> > it off. And that will really throw a wrench in the Linux community.
> > We'll see.
>
> The Linux Foundation is also examining the possibility of obtaining a
> key that can be used to sign images for distributions (free of
> charge), and there is also work being done on signing a shim that
> will launch a "real" bootloader. As the Perl people lovingly remind
> us, there's more than one way to do it :)
Where there's a will, there's a way I suppose. Although, instead of a
patch or shim, the threat of a class action lawsuit by Linux developers
might be more effective.
B
Reply to: