SCIENTIFIC-LINUX-USERS Archives

September 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: UEFI SL 6x boot
From:
Mark Stodola <[log in to unmask]>
Reply To:
Mark Stodola <[log in to unmask]>
Date:
Tue, 24 Sep 2013 11:52:31 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (94 lines) 
That is correct, SL and TUV do not support secure boot at this time.

This link is a year old, and I am sure more support it by now, but:
http://mjg59.dreamwidth.org/20522.html

I'm sure a more up to date list can be found with moderate searching.


On 09/24/2013 11:46 AM, Yasha Karant wrote:
> This thread started because my colleague is using SuSE and tried Ubuntu
> -- and both failed to secure boot properly from the generic hardware to
> which he upgraded. This failure prompted a question about SL (as a
> no-fee option for a TUV enterprise, commercial, supported, production
> Linux base).
>
> Evidently, the current answer for SL is that it is not UEFI Secure Boot
> enabled, and SL 6x cannot reliably be installed upon such systems --
> depending upon the quirks (or proprietary generosity) of the actual BIOS
> supplier.
>
> Yasha Karant
>
> On 09/24/2013 09:04 AM, Connie Sieh wrote:
>> On Tue, 24 Sep 2013, Yasha Karant wrote:
>>
>>> Secure boot is enabled. Evidently, the only means to disable secure
>>> boot requires that a secure boot loader/configuration program be running
>>> -- e.g., the MS proprietary boot loader (typically, supplied as part of
>>> MS Windows 8) must be used to disable secure boat if the UEFI actually
>>> permits this to be disabled (I have heard of some UEFI implementations
>>> that do not permit secure boot truly to be disabled).
>>
>> If the system is Windows 8 logo compatible and is x86_4 then a way to
>> disable "secure boot" must be provided by the hardware vendor. This is
>> commonly done via a option in the "bios". This requirement is part of
>> the "microsoft windows 8 logo requirements". Note the method of
>> disabling is not defined by the UEFI spec. So each vendor may do it
>> differently.
>>
>> The only hardware that does not permit "secure boot" to be disabled is
>> arm based Windows. The Windows logo requirements at at work here.
>>
>> >
>>> If Linux cannot handle this issue, then Linux is finished on all generic
>>> (e.g., not Apple that supplies both the hardware and operating
>>> environment software under a restrictive proprietary for-profit
>>> intellectual property license) X86-64 hardware, as (almost?) all current
>>> such hardware is MS 8 (UEFI secure boot) compliant.
>>>
>>
>> At the moment Fedora, SuSE , Ubuntu all can handle "secure boot". It is
>> expected that RHEL 7 will also handle it. It is also possible to "sign"
>> your own kernel and place your keys in the "bios".
>>
>> -connie
>>
>>> Yasha Karant
>>>
>>> On 09/23/2013 10:29 PM, Connie Sieh wrote:
>>>> On Mon, 23 Sep 2013, Yasha Karant wrote:
>>>>
>>>>> A colleague who uses SuSE non-enterprise for his professional
>>>>> (enterprise) workstations has now attempted to load the latest SuSE
>>>>> on a
>>>>> machine with a new generic (aftermarket) "gamer" UEFI X86-64
>>>>> motherboard. It does not properly boot. I do not have any UEFI
>>>>> motherboards, and thus no experience with SL6x on such motherboards.
>>>>
>>>> Is "secure boot" enabled in the UEFI ?
>>>>
>>>>>
>>>>> Does anyone? Does SL6x boot correctly (and easily) on a UEFI
>>>>> motherboard? If so, he may switch to SL.
>>>>
>>>> Yes as long as "secure boot" is disabled .
>>>>
>>>>>
>>>>> Yasha Karant
>>>>>
>>>>
>>>> -connie sieh
>>>


-- 
Mr. Mark V. Stodola
Senior Control Systems Engineer

National Electrostatics Corp.
P.O. Box 620310
Middleton, WI 53562-0310 USA
Phone: (608) 831-7600
Fax: (608) 831-9591

ATOM RSS1 RSS2