Circumventing UEFI/SecureBoot on a new PC

[40hz]

It's here. It's drear. Get over it.  

UEFI enabled PCs are now shipping.

Fine if you're a Win 8 fan. But if you want to boot anything else off them you're SOL unless you take additional steps.

Fortunately OSNews is on it with a short note and two links for how to work around UEFI if you want to use Lunux or another OS. (It's a little trickier than it looks.) Article here.

Yankee Rose!

[Edvard]

Very nice. My kudos to Mr. Smith for going through the trouble for us.  What's even more evil about the whole situation is that it was not sold as a UEFI-enabled machine (although with Win8 installed, should be a given...), thereby taking the user unsuspected.

Former Red Hat dev Matthew Garret has come up with an alternate way that's even more involved, but does allow key signing for unknown operating systems:
http://www.zdnet.com...00008246/?s_cid=e539
Mind you, the actual signed part is not open source and includes Microsoft's signature, and so, from what I gather, it is actually following Microsoft's Secure Boot implementation specs; that is, it's not so much circumvention as it is creative compliance.

Mr. Garrett's original report here: http://mjg59.dreamwidth.org/20303.html

So until MS gets over stalling for time until it can get Win8 into some semblance of market saturation (or at least that's my take on the situation), we soldier on...

[40hz]

So until MS gets over stalling for time until it can get Win8 into some semblance of market saturation (or at least that's my take on the situation), we soldier on...

-Edvard (December 06, 2012, 01:56 PM)

That does seem to be the informed consensus as to what the real problem is.

And Microsoft doesn't seem to be going out of its way to dispel that conclusion either. Unless you consider their near silence on the topic plus continued stonewalling a reply. Very "Steve Jobs" that bit, don't you think?

Microsoft seems to be getting more and more like Apple with each passing day.

[edbro]

I had to figure this out yesterday when I tried to boot Acronis True Image from a bootable USB drive. True Image boots into Linux. I finally got it to boot but the screen is all garbled (separate problem).

[Carol Haynes]

The only secure boot machines I have seen so far have had the option to turn it off and return to legacy BIOS mode.

[4wd]

I had to figure this out yesterday when I tried to boot Acronis True Image from a bootable USB drive. True Image boots into Linux. I finally got it to boot but the screen is all garbled (separate problem).

-edbro (December 06, 2012, 03:10 PM)

Following on from this - anyone know if the WinPE images offered by recovery software companies will still work, (eg. Paragon, Macrium) ?

I suspect possibly not and this is why Microsoft revoked the WinPE distribution licenses.

Yet another reason to carry around a LiveCD, (Linux/WinPE on Flash or optical), when looking at buying a computer, "I'll buy it if I can boot it."

[Carol Haynes]

If secure boot is on you cannot boot from an optical drive. Secure boot limits you to only booting from the Secure boot drive.

[barney]

If secure boot is on you cannot boot from an optical drive. Secure boot limits you to only booting from the Secure boot drive.

-Carol Haynes (December 07, 2012, 03:21 AM)

That sounds a maintenance nightmare ... drive dies, system bricked.

[Carol Haynes]

Yep - that's what MS seem to want!

Having said that the systems I have seen so far it is easy to revert to legacy BIOS mode and do what you like, but in theory a machine could be locked by the manufacturer without the option to disable.

[4wd]

That sounds a maintenance nightmare ... drive dies, system bricked.

-barney (December 07, 2012, 12:59 PM)

Client: "Is my data secure with Windows 8?"
Sales: "Certainly!  Rest assured that if your drive starts failing there'll be no way to boot your computer to recover it."
Client: "I'll take it!"

[Edvard]