Am 12.09.2014 um 17:51 schrieb Bruce Dubbs:
Ken Moffat wrote:
ĸen, lucky enough to have avoided UEFI for the moment, but
suspecting that any new machine might use it.
On that note, I'd like to share a recent story about a student of mine
who bought a laptop specifically for LFS. We tried to disable secure
boot and were able to install Debian as a host, but when he rebooted,
it said there were not any OSes to boot from. We tried to find an
option in the BIOS interface to disable secure boot, but didn't find
it if it existed.
There are many terribly broken UEFI implementations that work with
Windows if you do not touch any settings - and with Linux just if you
check step by step if you succeeded in the last step. In your case
debootstrapping Debian from an Ubuntu Live CD (!) would have done the
job. You might have needed to put the UEFI to platform setup mode with
disabled secure boot. You'd probably even would have had to manually
install the bootloader in some standard path (bootloader named
/EFI/BOOT/BOOTX64.EFI on an partition with the "efi boot" flag set and
some obscure limitations on geometry and size.
Basically, Microsoft defines a set of rules for devices sold with
Windows 8.x. These specifications include that the UEFI must allow
secure boot to be disabled. However this often hidden under very obscure
settings. Who would think that "OS compatibility - Windows 7 64 bit"
means that secure boot is disabled, but CSM stays deactivated? And "OS
compatibility - Windows 7 32 bit and earlier" means that CSM is enabled?
There are also some UEFIs violating Microsofts specifications in a way
that they prefer CSM (aka BIOS) bootloaders on external media even with
secure boot enabled. I could write some 10000 words on those violations
based on my experiences with building various cover mount Live CDs and
rescue systems, but there are funnier things to do.
It's just a terrible mess. But with large hard disks and more than four
partitions UEFI with disabled CSM just is the better way. I hope the
UEFI implementations will settle to useful in the next two years.
He then took the laptop back to the store and exchanged it for a
Lenovo laptop that did have a way to bypass secure boot.
Sometimes it's better to punish vendors or manufacturers for not
providing a usable interface to settings that must be there by
specification.
So I am gonna write a hint on UEFI booting with secure boot disabled,
and maybe a hint on the hint with secure boot enabled. I will add build
recipes for gnu-efi and gummiboot for BLFS and reference those in the
hint. I think this is a good interim solution. I will try to keep it
simple. I will probably take a look at lfs-support since I found some
mentions on UEFI there (well thought notices, but sometimes a bit too
verbose) - I guess if some of the original authors there has some
objectives, he/she probably just will tell me here.
Yours,
Mattias
--
Mattias Schlenker - Freier IT-Fachredakteur und -autor
redakt...@mattiasschlenker.de
Mattias Schlenker - IT-Consulting, Softwareentwicklung
consult...@mattiasschlenker.de
Address__ August-Bebel-Str. 74 - D-04275 LEIPZIG - GERMANY
Call me! (VoIP)__________________________ +49 341 39290767
Call me! (PoTS + Faksimile)______________ +49 341 30393578
Call me if it's urgent! (Mobile)_________ +49 163 6953657
VATIN_________________________________________ DE240998538
Fork me!____________________ https://github.com/mschlenker
Website.__________________ http://www.mattiasschlenker.de/
My books!___________ http://www.arduino-hausautomation.de/
Google+_________ https://www.google.com/+MattiasSchlenker1
Xing_______ https://www.xing.com/profile/Mattias_Schlenker
--
http://lists.linuxfromscratch.org/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
