

Installing Linux on Windows 8 PCs: No easy answers - tanglesome
http://www.itworld.com/software/287946/there-will-be-no-easy-way-install-linux-windows-8-pcs

======
gvb
I bought a $300 eMachines EL1360G-UW11P for a home server to replace my 2001
vintage 800MHz P-III.

I installed linux but it wouldn't boot. Major bummer.

It wasn't clear that UEFI signing was at fault, but there was no other reason
for it to refuse to boot the image. The install went fine right through the
reboot. I re-installed linux trying several different things, all
unsuccessfully. I also booted a "rescue" image and verified the install looked
valid.

There was no way to turn off UEFI signing in the BIOS menus.

I went to the manufacturer's web site and found they had a "Linux BIOS" image.
[http://support.gateway.com/us/en/emac/product/default.aspx?t...](http://support.gateway.com/us/en/emac/product/default.aspx?tab=5&modelId=4021)
I was able to reflash the BIOS with the P01.C1L image, but I had to force it
by looking at their "flash.bat" file adding a /X flag to the flash command in
there.

With the "linux" BIOS image, the board booted linux just fine. Huh.

Lessons Learned:

* UEFI is a real risk. Most mainstream PCs nowadays boot linux out of the box. I lived through the times when I bought a new PC "at risk" because it might have chips that were not supported by linux. UEFI brings that risk back, but through _software_ , not hardware. Sucks!

* The hardware manufactures apparently are getting the "it must run linux" message, even for low end throw-away machines. Yeah!

* Reflashing BIOSes, especially when the user has to manually override "self protection" aborts, is _not_ something an unsophisticated user is going to be able to do. Sucks.

~~~
jiggy2011
To be fair: downloading a .iso file, burning the image onto a blank disk,
rebooting and entering bios setup, setting boot device order , inserting disk
and rebooting again, partitioning disks and doing install process isn't
something that an unsophisticated user is going to be able to do without
significant guidance though.

The BIOS flashing does add an extra risk factor though, prepare for many
"Linux fucked my PC!" rants from users who screwed up the flashing process.

~~~
darkstalker
You can skip most of those steps doing a network install with unetbootin, no
cds or usb drives needed

    
    
      http://unetbootin.sourceforge.net/

~~~
yoasif_
I've used UNetbootin, and as far as I know, there is no way to do a
netboot/install without any media.

I took a look at the site, and it doesn't appear to have any information about
that. Are you aware of some functionality that isn't listed on the site?

For what it's worth, UNetbootin is a really nice way to create liveUSB drives
that you can use to install Linux/BSD.

~~~
darkstalker
Select type "hard disk" (last row of options) instead of "usb drive". I've
used it do to full network installs of centOS

~~~
yoasif_
I think we have different notions of what "network install" means. Yes, you
can download packages from the web during the install (perhaps booting from a
minimal install, as most net work installs do).

I was really more interested in netboot installs, where the machine downloads
a boot image (via TFTP generally) and does the install from there.

In fact, no hard drive is needed in the machine if you want to just boot an
image from a network share.

Apple uses a technology like this to reimage boot drives:

<https://en.wikipedia.org/wiki/NetBoot>

This is how it works in Ubuntu:

<https://help.ubuntu.com/community/DisklessUbuntuHowto>

------
monkeyfacebag
> Every new PC sold with Windows 8 will be locked up tight with Microsoft's
> UEFI ... secure boot on

Not that I don't agree that there's a potentially dangerous precedent here,
but this is omitting a key detail. For x86 computers, MS's certification
requires that users can disable secure boot. Of course, this is not true for
ARM computers, hence the dangerous precedent.

~~~
cooldeal
I find it strange how people refer to a Windows RT tablet as an "ARM
computer", but the iPad, Kindle Fire, Nook and a zillion other Android
tablets(most of which have locked bootloaders, hello "Dangerous Precedent"!)
are not referred to as ARM PCs.

It just shows how the terminology is changed to have a higher impact for an
argument.

~~~
monkeyfacebag
I'd attribute it to the software. iOS and Android are clearly meant to coexist
with and not supplant a more traditional OS. To me, the dangerous precedent is
that this new ARM computer comes loaded with "Windows", a label which connotes
a more traditional OS, yet it can only run apps from MS's app store and cannot
be booted into Linux. Yes, this is a slippery slope argument given that MS
also provides the x86 version which can do all of those things, but I think
the distinction will be lost on the general public.

~~~
jiggy2011
I can't wait to hear all those stories of people who buy a "Windows" RT device
and then find out they can't actually run any Windows software on it.

~~~
wtracy
Microsoft has been through this already with the failed Alpha port of Windows.
It should be interesting to see what plans they have to mitigate this.

~~~
wmf
Actually, x86 software ran fine on NT/Alpha; at one point x86 apps ran faster
emulated on Alpha than natively on x86. (And emulated 68K on PPC was sometimes
faster than native 68K.)

~~~
wtracy
Was there an x86 emulator that shipped with NT/Alpha? I never heard about this
before, and Google isn't being helpful.

~~~
wmf
<http://en.wikipedia.org/wiki/FX!32>

------
csense
There should be an antitrust lawsuit against Microsoft.

"Secure boot" creates barriers to entry for operating system innovators. I
don't see how this isn't an abuse of monopoly power to tighten the screws on a
market threatened by disruptive competition; if antitrust laws can't help us
here, I don't know why we even bother to have them.

Does anyone know the process in the USA for lodging antitrust complaints with
the government?

~~~
tzs
Other operating system vendors are free to arrange with hardware manufacturers
to include certificates for their operating systems. It's not an antitrust
issue that other OS vendors were not able to get their act together in order
to do so.

On top of that, they have the option of piggybacking on Microsoft's
certificate. Microsoft will even subsidize the cost of getting a certificate
from Verisign to allow that.

Finally, Microsoft is using their market power to force OEMs of x86 computers
to include a way for users to disable Secure Boot and to add new certificates.

~~~
Tuna-Fish
> Other operating system vendors are free to arrange with hardware
> manufacturers to include certificates for their operating systems. It's not
> an antitrust issue that other OS vendors were not able to get their act
> together in order to do so.

For a lot of users, merely having the option of signing their images simply
won't be good enough. Unless the signing keys are available to everyone, you
cannot boot a self-compiled kernel on a secure boot system.

~~~
tzs
If you want to compile your own kernels and boot them without disabling Secure
Boot, make your own self-signed certificate, add that to the certificate list
the firmware maintains, and self-sign your kernel with your certificate.

------
tjoff
Why has this issue resurfaced? What has changed?

I thought that the windows 8 certification for x86 _required_ that users
should be able to disable secure boot.

~~~
tadfisher
Manufacturers might be satisfying that requirement by providing an unlocked
boot image for users to flash themselves.

~~~
tjoff
Then the problem is fraudulent manufacturers.

There can't be any universe in which that isn't a shortsighted and downright
ludicrous move.

If anything we should be happy for the manufacturers that does that, it means
we'd never have to consider them again.

~~~
mavrc
>Then the problem is fraudulent manufacturers.

Or a certification standard that mandated that vendors do _something_ , but
was highly nonspecific as to exactly how they were to do it.

~~~
tjoff
AND a certification standard...

This would never be a problem without both fraudulent manufacturers and an
unclear certification standard.

------
shawnz
Do people still believe this crap? It's not as if OEMs are being forced to
make Microsoft the sole CA of machines they sell. The requirement for the logo
is that the feature is _available_. Any OEM who doesn't provide options to
enable/disable the feature or adjust trust options is crazy. I mean, come on
-- what if your hard drive fails? These are desktop computers we're talking
about. It's an open platform.

To be honest, I'm very excited for Secure Boot. It, combined with TPMs and
disk encryption, will finally allow desktop computers to be a truly secure
platform (barring opening up the ICs on the motherboard, anyway).

~~~
bryanlarsen
_It's not as if OEMs are being forced to make Microsoft the sole CA of
machines they sell._

Here's Fedora's response (Matthew Garret mjg59):

"We explored the possibility of producing a Fedora key and encouraging
hardware vendors to incorporate it, but turned it down for a couple of
reasons. First, while we had a surprisingly positive response from the
vendors, there was no realistic chance that we could get all of them to carry
it. That would mean going back to the bad old days of scouring compatibility
lists before buying hardware, and that's fundamentally user-hostile. Secondly,
it would put Fedora in a privileged position. As one of the larger
distributions, we have more opportunity to talk to hardware manufacturers than
most distributions do. Systems with a Fedora key would boot Fedora fine, but
would they boot Mandriva? Arch? Mint? Mepis? Adopting a distribution-specific
key and encouraging hardware companies to adopt it would have been hostile to
other distributions. We want to compete on merit, not because we have better
links to OEMs."

~~~
ScottBurson
But couldn't they have just signed the other distros' keys? (Naive question)

~~~
jgeralnik
Yes, but that would make them responsible for any malicious code that any
other distro used. That would mean they would have to do security reviews of
every other distro if they wanted secure boot to remain secure, which is not
feasible at all.

------
tokenizer
I find this really stupid on Microsoft's part. I operate a dual boot solely
for the purpose of using Windows for gaming. With Steam potentially coming to
Linux, I'll just drop Lenovo as my vendor of choice as go with a vendor who
supports my OS of choice, Linux.

~~~
kevhsu
Unfortunately you'll still be missing out on lots of games, even with Steam
for Linux. Initially, Steam for Linux will only be good for a few Valve titles
and indie games.

~~~
Draiken
But if enough people start giving up from windows since they are using it as a
game only OS, game publishers will have to take action.

Yes it's a dream, but maybe one day... maybe one day...

~~~
Metrop0218
I really don't see it happening ever. I have a lot of trouble seeing Linux
distros be used by actual everyday consumers. I mean, it'd be cool if it
happened, but the quality just isn't there.

------
raintrees
"Secure Boot retains flaws in its design that will ultimately mandate that
Microsoft's key is on every PC (because of core UEFI driver signing)"

And if this Microsoft key were to be found being used as part of an exploit,
ala the previous Microsoft cert being used to sign Stuxnet?

Not that I am encouraging any specific behavior...

------
Spoom
"Most people today who want to run Linux on a Mac use the Compatibility
Support Module (CSM), which provides BIOS emulation on the Mac. This method is
messy, doesn't work that well, and I'm quite certain will fail miserably on
Secure Boot Windows 8 PCs."

Am I missing something here, as I post this from Debian running on my work
iMac? All I had to do was install rEFIt ( <http://refit.sourceforge.net/> ),
install Debian, and let rEFIt detect it (I forget if it involved manual
configuration, been a while.)

I think this is much ado about nothing, especially given that Microsoft seems
to be insisting that manufacturers leave in the option to turn off secure
boot. I also thought Linux had the capability to boot off of UEFI; is this not
true?

~~~
jiggy2011
It depends on the distribution. AFAIK you have to sign each version of the
bootloader and for GPL related reasons you cannot do this with GRUB2 so Ubuntu
are having to resort back to GRUB1.

This means that whilst you may be able to run big "brand name" distributions
like Ubuntu or RedHat on a secure boot PC more obscure distros might simply
not work at all (unless you turn secure boot off).

~~~
gizmo686
Actually you are allowed to use grub2. The issue would be if you sell a device
with grub2 pre-installed, and no way to install a user version.

Also, the other distributions could simply use Ubuntu's signed bootloader (So
could rootkits).

------
RexRollman
Keeping free OSes off computers in the name of security is the same, to me, as
censorship in the name of protecting children: stupid and unworkable.

------
lifeguard
Behold the power of monopoly.

edit (lol, microsofties down voting this comment)

~~~
freehunter
Behold, the power of oh shit Microsoft doesn't even have a presence in the ARM
tablet world, let alone a monopoly.

~~~
lifeguard
Samsung sells a lot of their hardware with MS software on it and are dependent
on favorable licensing terms. This business Samsung does with them overshadows
all their other partners in terms of revenue.

~~~
freehunter
And that's relevant to Microsoft ARM tablets how? x86 devices don't have
locked bootloaders, and Windows ARM tablets don't exist, so the reason you
were downvoted isn't Microsoft fanboys, it's that you're wrong and seemingly
quite proud to be so.

------
aubergene
So, what will happen with the millions of servers that run Linux? Also I would
think the EU wouldn't be happy to see Microsoft lock their operating system on
each laptop. Obviously some solution will be found.

On a related note, why don't Canonical start selling their own hardware? Most
laptops are pretty crappy, I'm sure they could do better and having official
support would be great.

~~~
freehunter
System76 is pretty close to being the official Ubuntu vendor. Full support,
custom hardware, and Canonical's nod of approval. They're the Lenovo (et al)
of the Ubuntu world.

------
joshlegs
I'm still new to the UEFI thing and don't really understand the issue totally
... but would doing something like getting a System32 box (or building your
own) and then installing Win8 do the trick? Obviously it still would have
Windows code on it, but wouldn't that sidestep the hardware manufacturer
issue? or something ...

~~~
takluyver
Yes - the requirement is for manufacturers who want to use the Windows logo to
indicate that their systems support Windows 8.

But many new Linux users start by installing Linux on a PC bought with
Windows, so we definitely want to make that as easy as possible.

------
wasd
There is a very simple way to install Linux on any Windows PC: a VM. I'm not
sure why more people don't do it. It gives you all the flexibility and
strength of command line while the battery life/drivers/software support of
Windows. Its easy to back up, transfer to other PCs, etc...

~~~
jwhitlark
This assumes you want windows at all, and all the problems that come with it.
Using a slow system that tends to decay as the base of your computing
experience isn't something I'm interested in.

It would make more sense to have Linux as the base, and windows in a VM.

~~~
jlgreco
Accidentally downvoted you, but I fully agree. Most of my computers running
Linux are not laptops and don't even have screens/keyboards attached. I can't
think of a single reason I would ever want windows on them even as just some
sort of ghetto hypervisor.

~~~
jasomill
Nor can I, but I presume gamers could come up with a few.

