

UEFI and Secure Boot: The Hell I Went Through - Tsiolkovsky
http://prismdragon.wordpress.com/2012/08/16/uefi-and-secure-boot/

======
zokier
> I didn’t need anything for gaming, just a workstation, so I picked out a
> cheap HP pavilion slimline (mistake 2) and a $100 Acer monitor

If you need a workstation, more specifically a linux workstation, maybe you
should have bought a workstation. Like HP z-series which support (and some
models even ship with) Linux.

> I did a first boot, and had an error come up that it couldn’t boot to
> Windows. “Well… Recovery media time!”

What error? If even first boot fails, I'd suspect hardware fault, which would
make the whole post moot. Instead of trying to force Fedora on a machine that
doesn't boot in the first place, more sensible solution would be to return the
machine to the store.

> “Feature Byte” The system was using Secure Boot

False conclusion. Idk what "Feature Byte" stuff is, but it seems completely
unrelated to UEFI and SecureBoot. Quick googling even reveals that some HP
BIOS have Feature Bytes too.

> Yes, I’m aware that OEMs are supposed to give an option to turn it off, but
> when has this ever happened?

Is there actually any SecureBoot enabled systems out there which do not allow
disabling SB?

> All this said, I refuse to support UEFI until some real standards are put
> into place and enforced. I’ll take something like OpenBIOS, but NOT UEFI

The UEFI standard is clearly at fault here, right? And the Windows Logo
program is exactly about laying out standards and enforcing them. I'd also
note that UEFI and the MS stuff are independent entities. UEFI is an industry
standard, and predates all this secure boot fuss by years.

This blog post is full of plain old FUD, and it's sad that open source
advocates spread such stuff. Especially in matters of such importance imho
posts like this only cloud the real issues and erodes the credibility of FOSS
camp.

------
ashleyblackmore
I have been through similar hell with UEFI. Problem with building your own
stuff is that you can't easily build tablets or laptops. Only OEMs do that.
Since mobile is on the increase, so too is the prevalence of OEM stuff (macs,
tablets, phones etc). On top of this, people are being forced into the cloud
on what basically amounts to disposable computers (Android tablets/Kindle) by
companies like google and amazon. Thus, it seems likely to me that DIY systems
are on the way out, as is the support and development for that kind of stuff.
Even gamers, who have long been a bastion of the DIY system market have cloud
options now (onlive/gametap).

It doesn't bode well for the future. Maybe there will be some kind of online
cataclysm that will end this madness. Who knows? In the meantime, check that
your motherboard has legacy boot options. Or just don't upgrade to Windows 8
and vote with your wallet

------
bcl
In general, if the OS pre-installed on your computer doesn't boot nothing else
will either. No Linux distribution can fix your broken computer and blaming
your problems on BIOS, UEFI or Secure Boot just to get attention won't fix
things either.

Secure Boot, when enabled, will not let you boot anything that isn't signed,
including removable media. Fedora 17 isn't signed so SB wasn't enabled.

Expecting GRUB2 to work when your Windows bootloader didn't work isn't
logical.

Like it or not PC's are designed for Windows. If Windows doesn't work on it,
take it back. Very likely the harddrive had problems, this would explain it
not booting and the install running slow as it retried when getting errors
from the drive.

------
zepolud
By far the worst thing about RMS is that his far-fetched, nightmarish
scenarios have the tendency to become reality in a few years.

~~~
rickmb
This is the one reason why I will always continue to take RMS very seriously,
no matter how annoying he gets.

Also, since he is not just a prophet of doom but has spend a major part of his
life trying to turn the tide, creating and inspiring stuff most of us have
profited from, he deserves a hell of a lot more respect than he usually gets.

------
rwmj
He buys a machine, takes it home, and it won't boot => Take it back and get an
immediate refund.

~~~
the_mitsuhiko
But you could not complain on your blog then!

------
mjg59
Secure boot would have prevented the system booting from the unsigned CD.
Whatever the problem is here, it's nothing to do with secure boot.

------
blinkingled
I wonder how Apple is going to deal with this Windows 8/UEFI situation w.r.t
Boot Camp. If they totally ditched Windows 8 support it would spell at least a
little bit of (well deserved, IMHO) trouble for Microsoft.

This really is getting out of hand Microsoft - this stupidity that Secure Boot
is - it isn't solving any real problem for the user. It is only creating
nuisance.

~~~
edandersen
Why is this utter shocking nonsense being voted up? Windows 8 boots and
installs on systems without UEFI. Does OSX?

~~~
Metrop0218
Yeah it's definitely rageworthy when that happens.

------
shawnz
> Yes, I’m aware that OEMs are supposed to give an option to turn it off, but
> when has this ever happened?

Not "supposed to". They must. Why would OEMs waste their time implementing
Secure Boot for the logo program, and then disqualify themselves by hiding the
option to disable it?

~~~
freehunter
The ramp-up to Windows 8 has shown more FUD from the community than Microsoft
would ever be capable of even with an unlimited marketing budget. This
argument gets thrown around in every W8 conversation, "you won't be able to
turn off secure boot!" The more it gets repeated, the more it might as well be
true because people are going to believe it.

I just ranted about this happening in the Apple community; don't think it
doesn't happen everywhere [1]. It's toxic, and I really wish there was more
critical thinking going on.

[1] <https://news.ycombinator.com/item?id=4377064>

~~~
kbolino
Microsoft requires that Secure Boot can be disabled by the user, but only on
x86. On ARM, the exact opposite is true: Microsoft requires that Secure Boot
_cannot_ be disabled by the user.

For now, this doesn't really matter, but the situation may change if/when
Windows on ARM becomes a serious platform.

~~~
freehunter
_Microsoft requires that Secure Boot can be disabled by the user, but only on
x86. On ARM, the exact opposite is true: Microsoft requires that Secure Boot
cannot be disabled by the user._

Yet it's completely accepted on the market leader's products. Funny how that
works.

~~~
kbolino
Plenty of people have voiced objection to the lockdown of mobile devices by
other vendors.

The reason for this particular fooferaw, I think, is the misconception that
this will apply to x86.

It was my goal to clear that up, not to specifically endorse Microsoft-
bashing.

------
keithpeter
"I didn’t need anything for gaming, just a workstation, so I picked out a
cheap HP pavilion slimline (mistake 2) and a $100 Acer monitor."

Market opportunity for people who assemble Linux capable PCs?

Market opportunity for people selling reliable slightly older technology
laptops? Plenty of sellers on UK ebay (their laptops are ex-corporate so a bit
too old for here I suppose)

[http://www.h-online.com/open/news/item/Fedora-18-to-
support-...](http://www.h-online.com/open/news/item/Fedora-18-to-support-UEFI-
Secure-Boot-1651014.html)

Opportunity for followup post trying a beta/testing install of Fedora 18?

------
noonespecial
I feel the trucks heading for the landfills with a tsunami of e-waste thanks
to "secure boot" like a tremor in the force.

------
guilloche
My solution: not bother to buying any machine with secure boot.

------
oinknotramen
Secure Boot is probably one of the lamest systems in place. It's clearly a
move by Microsoft to try to further their monopoly, and stifle migration to
other systems. That's why you should only buy laptops from
<https://www.system76.com/>, or <http://zareason.com/>, or
<http://www.emperorlinux.com/>. You wouldn't have to deal with Microsoft's BS,
and you would get a pretty kickass computer in the process.

~~~
tzs
So to further their monopoly, they are REQUIRING PC OEMs to let you turn
Secure Boot and add your own signing keys, and they are subsidizing the cost
of signing for other operating system vendors who would like to use
Microsoft's key instead of provide their own?

------
uslic001
I am glad I build all my own desktops. Too bad I can't do the same for my
laptop.

------
wmf
I see 20 comments saying this is wrong; instead of endlessly rehashing let's
flag this and get it off the front page.

------
armored_mammal
I built my latest PC on a mobo with UEFI and had 0 trouble at all with Mint.

FWIW.

