Join us on our own very special Reddit: /r/Linuxers
Is SecureBoot/UEFI still a problem?
JSVRamirez 22 Jun

The time has come to buy my wife a new laptop and the last time I did this, (some time ago,) I had all kinds of hell getting around the secureboot stuff and actually being able to boot into Linux. I had a quick Google, but I'm actually at work now and never seem to find time to look properly when I'm not, and can't find much about it. I figure that means it's either not a problem any more, or people just aren't talking about it...

So which is it?

Am I pretty much safe to buy her something with the hardware she needs (gaming and intense GIMP) and stick Mint on top of it, or do I still need to keep away from places?

I know all of the usual issues with certain hardware drivers, but I can manage that part.

As an aside; does anyone know where still sells (beefy) laptops with Linux/FreeDOS from the start, in the UK? That would get around it completely!

Guppy 22 Jun

The only problems I've had with UEFI is when it boots the install USB in one and the tries to load the OS with the other - if you stay consistent there isn't an issue as far as I know. Though admittedly I tend to choose the non UEFI option though as I've no clue what benefits we are supposed to get from UEFI :|

as for laptops with FreeDOS you can choose it with lenovos laptop configurer for the models where that's available, I seem to recall an article here about dell selling ubuntu laptops - though the problem with choosing a laptop with Linux preinstalled is that it's never the distro you like :D so I'd choose freeDOS just to avoid the windows "tax"

damarrin 22 Jun

I just got a Lenovo with FreeDOS a couple of weeks ago and put Mint on it. No problems with SecureBoot at all. I had to get a newer kernel than what was in 19.3, as it was a Ryzen laptop and support was still spotty in 5.3.

JSVRamirez 22 Jun

I might not be looking in the right place, but I can't find any Lenovo laptops with FreeDOS on their UK website. I have followed links to the Ideapad 5 15, but it isn't available any more.

CatKiller 22 Jun

Quoting: JSVRamirezSo which is it?

UEFI is better than BIOS.

Secure Boot is fine. Most guides will say to disable it for the sake of clarity of the message, but you can use it if you want to. Distros will install OK with signed components. Things that the distros can't sign - Nvidia's kernel module, Oracle's VirtualBox module, stuff you've compiled yourself - you can sign yourself and enrol a Machine Owner's Key, which isn't hard but is a bit fiddly.

Jared 22 Jun

You would not see a difference between UEFI or BIOS unless your stirage capacity exceeds 4TB in which case UEFI would be the better (and only) option. Most mainstream distributions of Linux such as Ubuntu, Arch, Fedora, Gentoo, OpenSUSE, Debian and Slackware, can all be installed and booted from UEFI systems. Same can be said for having secure boot enabled. However when compiling or using a dkms kernel module, it is best to keep it disabled.

GustyGhost 23 Jun

Secure boot =/= efi

Secure boot is a problem when the vendor holds the keys [hostage].

Secure boot is not a problem when you manage the keys.

I have an Asus A5 laptop i bought recently in November for work related reasons. It ONLY has UEFI. I dual-boot windows 10 and kubuntu 20.04. I've had no issues with secure boot and signed Ubuntu kernels. I imagine your experience with mint will be the same.

HOWEVER, where i HAVE run into issues with secure boot has been at work. My boss recently purchased a small Asian grocery and purchased 2 new POS units. they are windows 10. I have been attempting to create some Linux rescue boot disks on spare SSDs I've lying about. Creating said rescue disk via USB Ubuntu install media and installing to the ssd causes the installer to write an entry in the UEFI boot entries of the laptop. This rescue disk is unbootable on either of the POS units because there is no entry in the UEFI boot lists. And of course the company from which we purchased the units has a password on the UEFI, so i can't add entries to the units. Essentially, I am locked out of systems I have been given charge of configuring and deploying. I'll be looking into how to "clear the cmos"(if you will) of these units so I have complete administrative control of them.(Hmmm.....thinking about it...I don't believe i've tried doing the rescue disk creation on a POS unit....the units will boot from the USB install media as i've used those to image the machines...maybe i'll have an update on that later as i have some parts coming to upgrade an old AIO unit that's been laying around and install win10 on it...i can run through a rescue disk creation while i'm at it)

I don't foresee too many issues with secure boot for your wife's personal use scenario. If you get an AMD Ryzen based laptop, with intel wifi, and AMD GPU, you really shouldn't have any issues. The only issue i have is: which bloody AMD video driver is the best one?

2020年06月26日:UPDATE: I was able to create the rescue disk on the POS unit and it worked. Essentially: a 120GB sata iii SSD attached to a sata-to-USB adapter for booting the system via USB and give me a full linux desktop(kubuntu 20.04) with various forensics and recovery tools installed. This also allows me a "business continuity" strategy as the POS software is cloud-based and can be run in a browser as a workaround should there be a disk failure in the system(and i expect one as it's a spinning platter hdd).

Last edited by iwantlinuxgames on 27 June 2020 at 1:42 am UTC

You need to Register and Login to comment, submit articles and more.

Or login with...