Is there a new computer in your near- to mid-term future? If so, are you aware of the issues surrounding UEFI? In particular, will your new machine let you install and boot into Linux?
The Unified Extensible Firmware Interface (UEFI) is essentially a modern replacement for a computer’s Basic Input Output System (BIOS). This is the software (firmware) that initializes the system at boot time. While this low-level code is normally of little interest to an end user, UEFI has a new wrinkle that could change the entire ball game.
UEFI provides a “secure boot” mode that uses verified security keys to allow only authorized software to run in order to boot the machine. Now, while in principle such additional security is good, the questions are: who does the authorizing, and what is authorized?
The issue revolves around Microsoft and, in particular, how UEFI will be implemented by computer manufacturers in order to obtain Windows 8 certification for their products. Let’s face it, most of the machines running Linux, either in single- or dual-boot mode, started off life with some flavour of Windows installed. Since this trend is likely to continue, for those of us who wish to use Linux in the future, it’s important that we are not locked out of installing an operating system that is different from that originally used.
Much has already been written on the subject. The nay-sayers suggest that the “Evil Empire” will insist on UEFI being enabled, with Microsoft’s security keys implemented, and no possibility of the end user disabling secure boot in order to install Linux. Some Linux distros, notably Ubuntu (Canonical) and Fedora (Red Hat), are planning to use their own security keys in conjunction with UEFI as a way to work-around the “problem”. Moderate voices suggest that all that is needed is for hardware manufacturers to simply allow the owners of the computers (you and me!) to disable UEFI in order to install an operating system of their choice.
One of the best compilations of the issues on this topic that I have see to date is “Windows 8’s locked bootloaders: much ado about nothing, or the end of the world as we know it?” (Peter Bright, arstechnica). Of particular interest are his comments on Google’s Chromebook which uses a restricted bootloader, that can be disabled by the end user, and which has a recovery mode through which the secure boot process can be re-established. Now, that sounds like the best of all worlds!
Will Windows 8 block users from dual-booting Linux? Microsoft won’t say
Microsoft to stop Linux, older Windows, from running on Windows 8 PCs
Linux Foundation proposes to use UEFI to make PCs secure and free
Canonical details plans to deal with UEFI Secure Boot
Red Hat Linux paying to get past UEFI restrictions on Windows 8
Linus Torvalds on Windows 8, UEFI, and Fedora
Windows 8’s locked bootloaders: much ado about nothing, or the end of the world as we know it?
Will your computer’s “Secure Boot” turn out to be “Restricted Boot”?
Unified Extensible Firmware Interface Forum