Starting Linux on UEFI
First you need to start Linux on UEFI. Because few PCs except Mac use UEFI instead of BIOS, everyone doesn't care much about booting Linux from UEFI.
Nowadays, many people who want to run Linux on Mac use compatible support module CSM to provide BIOS simulation on Mac. This method is very troublesome, and the effect is not good, and it may be worse on the safe boot Windows 8 PC.
There are other better ways. At present, the best way is Rod Smith's EFI-boot Ubuntu on the Mac guide. Others, such as the skills of Linux kernel developer Greg Kroah-Hartman, are also worth a try. The biggest problem is safe guidance.
Safe boot and Linux.
Ideally, Microsoft and its partners will deploy secure boot in the way the Linux Foundation said, which will be beneficial to the installation of Linux, but this will not happen.
So, we have three different options. I don't know which one will succeed at this time. May eventually be used. This is very unpleasant, but as Microsoft continues to dominate this field, Linux developers have to work hard under the most difficult circumstances.
First, Linux developers need to deal with this problem. James Bottomley of the Technical Advisory Committee of Linux Foundation released the startup code of Intel Tianocore UEFI and some codes that Linux programmers can use in order to eliminate the security boot restriction of Windows 8.
Intel Tianocore is an open source image of Intel UEFI. Until recently, this image did not have the verification code of Microsoft's secure boot, and now it has this function. Deliver this function to developers, greatly expanding the crowd using UEFI security boot.
This enables programmers who have no access to UEFI security boot hardware to have a "virtual platform" so that they can experience their own solutions. However, this is a dilemma. The Tianocore firmware that started safely has only appeared for a few weeks, and the signature tool has not yet appeared. There is still a long way to go.
Even so, developers use their own security accessories to lock the secure startup virtual platform, which is a great progress for developers who use their own keys to use UEFI security.
One way: Create UEFI security startup keys for some versions. This method is also Canonical's approach to Ubuntu. Some people, such as the Free Software Foundation, hate this method.
The community Linux versions of Fedora and Red Hat decided to use Microsoft's key signature service Verisign. Therefore, in Fedora's plan, Fedora will use Microsoft's system to create its own Windows 8 system, which is compatible with UEFI security startup key.
Of course, in many open source circles, this method is like a cloud. Matthew Garrett, the developer of Red Hat, defended it, saying, "This is cheaper than any existing scheme. It is compatible with a large number of hardware, and it also allows Fedora to avoid having privileges on other Linux.
Frankly speaking, as Mark Shuttleworth, the founder of Ubuntu, said, no plan can be perfect, but "the flaw of secure boot lies in its design, which will eventually authorize Microsoft keys on each PC. Secure Boot cannot support multiple signatures on key elements, which means that this option is limited, but we have been pursuing a good result. "
Of course, there is another way: use open source software and hardware. Of course, this is also the result that Linux PC open source vendors are happy to see.
With UEFI's secure boot, the Linux version does not need to sign a contract with Microsoft or use their secure boot. There is nothing wrong with the computer that started in open source boot mode. In fact, UEFI's secure boot is implemented at the OEM level, and all newly purchased PCs come with secure boot.
Therefore, open source vendors are definitely reluctant to disable or use Fedora and Ubuntu methods. It is ok to disable, but it is foolish to disable some functions that can protect security. In the long run, it is worrying that the keyboard of the machine running Linux after 20 12 is simple at first, but it will become more complicated later. It also has a great impact on OEM. People worry that desktop Linux is too difficult for new users and will gradually aggravate the decline of Linux.
To sum up, the following points are the situation of Linux on Windows 8 PC today:
You want the OEM to disable secure boot during pre-boot. If so, installing Linux on Windows 8 PC will not be as difficult as on Windows 7 system. However, this option is not available on Windows RT ARM systems.
Using Linux, such as Fedora, you can use Microsoft's own Windows 8 signature tool to provide a secure boot compatible key.
Using a Linux version, such as Ubuntu, itself can provide a secure boot compatibility key.
Abandon Windows 8 system and use open source hardware.
Some Linux distributions, such as openSUSE, don't know how to handle this situation.
So far, I don't know how to run Linux on a Windows 8 laptop or desktop. It depends on how the OEM handles the secure boot.