To be specific, my colleague is using the licensed-for-free binary
download of current OpenSuSE that nominally supports UEFI Secure Boot --
and it does not work in fact on the hardware he has. He did experiment
with a licensed copy of MS Win 8, and it would install on the same
platform without this issue (but absolutely is not what he wants or is
willing to use as a primary -- non-Virtual-Box running under -- OS.
On 09/24/2013 09:55 AM, Connie Sieh wrote:
On Tue, 24 Sep 2013, Yasha Karant wrote:
This thread started because my colleague is using SuSE and tried Ubuntu
-- and both failed to secure boot properly from the generic hardware to
which he upgraded. This failure prompted a question about SL (as a
no-fee option for a TUV enterprise, commercial, supported, production
Linux base).
Evidently, the current answer for SL is that it is not UEFI Secure Boot
enabled, and SL 6x cannot reliably be installed upon such systems --
depending upon the quirks (or proprietary generosity) of the actual BIOS
supplier.
OpenSuSE supports "secure boot" not SuSE as I stated earlier.
I am sure it is only "recent" versions of OpenSuSE, Fedora and Ubuntu
that support 'secure boot".
See the following for more info. In particular pages 12 and 17. There
are references to youtube videos on page 18 showing Windows 8 dual
booting with Ubuntu 12.10 .
http://events.linuxfoundation.org/sites/events/files/slides/LinuxConUEFIandLinuxBresniker.pdf
It is efi compliant. If the bios vendor does not allow "secure boot" to
be turned off then one should "converse" with said vendor.
-connie sieh
Yasha Karant
On 09/24/2013 09:04 AM, Connie Sieh wrote:
On Tue, 24 Sep 2013, Yasha Karant wrote:
Secure boot is enabled. Evidently, the only means to disable secure
boot requires that a secure boot loader/configuration program be
running
-- e.g., the MS proprietary boot loader (typically, supplied as part of
MS Windows 8) must be used to disable secure boat if the UEFI actually
permits this to be disabled (I have heard of some UEFI implementations
that do not permit secure boot truly to be disabled).
If the system is Windows 8 logo compatible and is x86_4 then a way to
disable "secure boot" must be provided by the hardware vendor. This is
commonly done via a option in the "bios". This requirement is part of
the "microsoft windows 8 logo requirements". Note the method of
disabling is not defined by the UEFI spec. So each vendor may do it
differently.
The only hardware that does not permit "secure boot" to be disabled is
arm based Windows. The Windows logo requirements at at work here.
>
If Linux cannot handle this issue, then Linux is finished on all
generic
(e.g., not Apple that supplies both the hardware and operating
environment software under a restrictive proprietary for-profit
intellectual property license) X86-64 hardware, as (almost?) all
current
such hardware is MS 8 (UEFI secure boot) compliant.
At the moment Fedora, SuSE , Ubuntu all can handle "secure boot". It is
expected that RHEL 7 will also handle it. It is also possible to "sign"
your own kernel and place your keys in the "bios".
-connie
Yasha Karant
On 09/23/2013 10:29 PM, Connie Sieh wrote:
On Mon, 23 Sep 2013, Yasha Karant wrote:
A colleague who uses SuSE non-enterprise for his professional
(enterprise) workstations has now attempted to load the latest SuSE
on a
machine with a new generic (aftermarket) "gamer" UEFI X86-64
motherboard. It does not properly boot. I do not have any UEFI
motherboards, and thus no experience with SL6x on such motherboards.
Is "secure boot" enabled in the UEFI ?
Does anyone? Does SL6x boot correctly (and easily) on a UEFI
motherboard? If so, he may switch to SL.
Yes as long as "secure boot" is disabled .
Yasha Karant
-connie sieh
