Home opinion-and-analysis Open Sauce Ubuntu 12.10 and Windows 8: an uneasy marriage
Ubuntu 12.10 and Windows 8: an uneasy marriage Featured

It is difficult to recall, in the recent past, a new technology about which there has such an avalanche of uninformed writing, misinformation or secrecy than secure boot.

Secure boot is one feature of the Unified Extensible Firmware Interface, or UEFI, the replacement for the BIOS on common hardware devices like PCs and laptops. (This is commonly referred to as the UEFI BIOS and I shall use this term right through this article).

Microsoft has implemented secure boot in a certain manner and since all hardware manufacturers will be following suit, any vendor of an operating system other than Windows has to follow Microsoft's system to get their operating systems to boot on machines on which secure boot is in operation. All devices that come with Windows 8 pre-installed have secure boot turned on.

PC motherboards that sell in retail come with secure boot off. You can turn it on after building your machine. The boards available in Australia at the moment need a UEFI BIOS upgrade before they will support secure boot.

When secure boot is turned on, the firmware on a motherboard will check, at boot time, to see if the operating system that is trying to boot is genuine; this check is done by means of cryptographic keys. It is ostensibly meant to prevent boot-time malware from infecting Windows 8; coincidentally, it also serves to make it pretty hard for a user to boot any other operating system on said machine.

Microsoft controls the key signing authority and has outsourced the job to Verisign; thus any keys purchased have to be bought from Verisign. Each key costs $US99.

On the x86 platform, Microsoft has mandated that there needs to be a way for secure boot to be turned off. This is not due to a sudden bout of kindness; if Microsoft did not do so, then there would probably be another anti-trust lawsuit given the dominance that Microsoft enjoys on this platform. Vendors are thus required to provide a means of turning off secure boot. However, on the ARM platform, there is no requirement for such a mechanism; there is no fear of an anti-trust suit, at least not yet, as no operating system vendor has a near monopoly of the platform.

Linux (the kernel) has been able to boot on UEFI systems for quite some time. But that does not mean a Linux distribution can boot on a system which is locked down using secure boot. And here is where there is much confusion; one of the most confusing documents I found over the last few days is this, where the reader will come away with the impression that UEFI and secure boot are one and the same thing.

The best way to understand the new technology is to get hands-on and that is what I have done: I have installed Windows 8 without secure boot, and then done an install with secure boot turned on. I built a machine with an MSI Z77A-G41 motherboard for these experiments; given that the layout for the UEFI BIOS differs from one major manufacturer to the next, my conclusions are for this hardware only. Your mileage may vary.


Now to Ubuntu. The 64-bit version of the last release of Ubuntu, 12.10, will boot on a machine which has Windows 8 installed with secure boot turned on. But Canonical never made mention of this in its release notes. You can find out by snooping around on mailing lists and reading comments by people who belong to the FOSS community but treat this kind of information like a trade secret.

Getting a medium like a DVD or USB to boot on a system running Windows 8 with secure boot is painful; you have to pop in your Ubuntu DVD while either within the system or at the start-up screen, move your mouse to the lower right-hand corner of the screen, click on Settings and then on the power icon (from within Windows) or on the power button (at the start-up screen - above). Then hold down the shift key and click on Restart. You will then get a choice of choosing a device to boot from. After that you will have to go through at least one restart; repeat the process of shift-clicking and you will finally be presented with a screen where you can choose your DVD drive. Ubuntu will then boot.

But you cannot install Ubuntu 12.10 64-bit on a Windows 8 secure boot machine which has a single hard drive. This is the screen (above) that greets you soon after you begin the installation procedure. Ubuntu cannot recognise the fact that Windows 8 is installed on this system.

Ubuntu has a method of installing from within Windows; I tried this on the same system (Windows 8 with secure boot) but though the install ran to completion, and I was presented with a choice of operating systems to boot from (above), Ubuntu would not boot (below).

After some searching, I downloaded a copy of Ubuntu Secure Remix 12.10 (64-bit) and tried to install it. But it would not even boot on a Windows 8 machine with secure boot turned on.

I then added a second drive to my PC and went through the Ubuntu installation procedure manually. I was able to install Ubuntu on the second drive. But there is no choice of operating systems presented at boot-time; I have to go through the shift-click process I outlined above and then I can choose to boot into the drive running Ubuntu. For some strange reason, I get two icons named Ubuntu (below). Only the lower one works, though.

No other Linux distribution that I know of has implemented the ability to boot on a machine that has Windows 8 running with secure boot turned on. The recent beta of Fedora 18 cannot; Anna Eusebio of Red Hat confirmed this to iTWire. Once again, it would have been child's play to make mention of this in the release notes. But no, instead one has to go through a week of waiting to hear from a PR person. Nobody knows how to do media like people in free and open source software; they are a class apart.

The latest version of openSUSE, 12.2, does not support secure boot either; the next release is expected to offer full support.

As to the people involved in working on getting various Linux distributions to the stage where they can support secure boot, I have a word of advice: continue to post the information you have in your own secret corner of the web. Don't, just don't, issue it to the wider public. You never know, you just might get too many people starting to experiment with using GNU/Linux. And that would mean that it isn't an exclusive club any more.

47 REASONS TO ATTEND YOW! 2018

With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December

REGISTER NOW!

LEARN HOW TO REDUCE YOUR RISK OF A CYBER ATTACK

Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips

DOWNLOAD NOW!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

 

Popular News

 

Telecommunications

 

Sponsored News

 

 

 

 

Connect