No Boot on UEFI box (Samsung 350V)
I've had a go at this, and sense I'm close, so I'm asking for help now.
I'm working with This Box
From these docs:
but I can't set usb boot capability, and
I have SAMSUNG 350V, AMI BIOS Version P03ABE, & MICOM Version P03ABE. Of the new crop of laptops, it's certainly one of the more stubborn to get linux onto, and I imagine Samsung have bent over backwards to facilitate m$ :-(.
in the EFI System Partition, I now have:
EFI/Boot/ with bootx64.efi, bzImage-3.6.10-dec.efi, elilo.conf, elilo.efi
EFI/Microsoft/ Who cares what's here?
EFI/Slackware/ Basically the same as Boot/
The default file is EFI/Boot/bootx64, which is now an elilo file, but there's no joy. Every helpful download that m$ had on it's site has vanished, and there's a massive number of broken links in all of this. On top of this, there's more developer packages than user ones. On the box, I have installed a lot of stuff. Elilo doesn't ship with filesystem drivers, so it relies on the start up software (Better words than BIOS) handling that stuff. So everything has to go right where it is. Elilo doesn't even have a 'make install' target. It makes elilo.so & elilo.efi. The elilo.efi I know what to do with - what about the lib?
image=bzImage-3.6.10-dec.efi #has the efi stub option set)
Do I have to run elilo in all boot changes, dangers, temptations & afflictions like one did with lilo??
I have secure boot disabled, and am running on a boot order of
2. Hard disk with no mention of secure boot
3. UEFI Secure Boot for windows.
If I take out the CD, & reboot, I get a generic error about "please insert
a disk in selected boot device and press any key" the UEFI equivalent of the middle finger. Ditto if I disable Secure boot while booting from hd. In the Microsoft directory, there's bootmgr.efi, memtest.efi, and bootmgfw.efi, which look promising, but I can't get to them. Samsung has no information _at_all_ available on this. There has to be a shell somewhere. I have a download and an EDK environment to build it with, but this is all a bit beyond the average luser.
Can anyone point me from their success?
Looking for articles that can help you-
Here is a PDF about Samsung and Windows 8 with UEFI that might help:
Using the Samsung Series 7 Slate (700T) with Windows 8 ...
Samsung Support can only respond to support issue with the version of ... Configure system firmware for UEFI Boot Install Windows 8 Customer Preview
More results from samsung.com »
How To Dual Boot Ubuntu and Windows 8
Windows + Slackware Dual Boot
Hope this helps and I wish you the best!;)
@Ztcoracat: Thanks for the docs. I'll go through them. I'm beginning to realize many of them are just plain WRONG as far as windows 8 is concerned, because m$ insists on windows 8 pcs having a DB of approved keys in nvram. This isn't a UEFI restriction, this is an M$ restriction.
Legacy Boot requires an MBR. I've just booted my windows 8 box on an MBR formatted disk. Secure boot is disabled and Legacy OS is set. I can (and have been) booting from the CD also. This is what some windows head says:
The GNU tools are out there, but the certificates registered with m$ (and consequently accepted by the system) are not. For me, the choice is simple. I can either
1. Keep the most unusable version of windows ever written for the foreseeable future. :banghead:
2. Clear the disk, and go to legacy boot with an mbr. :D
3. Fart about endlessly hacking into my own system trying to run under secure boot.:banghead:
For the benefit of anyone testing software in this area, I have 6 partitions:
1 - Recovery for EFI, 2 - ESP, 3 - 'm$ reserved' 128mb & unreadable, 4 - drive C, 5 - RecoveryImage for W8, 6 -data/ Backup/restore stuff.
I can access BIOS type setup to disable secure boot, and F4 & F5 bring me to an M$ recovery setup. That's it. No shell, except through windows. Adding Keys seems to pose a significant obstacle, where nothing is documented and it's like trying to crack a safe. I did find a shell for download, and the EDK environment needed around it to build, but they're windows stuff and I'm not into building windows software.
I got to some of those links. This may save others time.
For this to work there have to be 3 keys. A personal key, a platform key, and a private key (Manufacturer's and registered with m$). I have to lead the private key into the nvram database of such keys.
Another Catch-22 is this: The only way to boot with a GPT disk is secure boot. With Secure boot disabled, I'm down to the Slackware DVD, using the kernel-3.2.29. To get loading stuff into the db & boot order, the only shell I can use is efibootmgr. That requires the efi_vars module. Slackware's 3.2.29 doesn't ship with efi_vars :-(. I have 3.6.10 on disk with everything, but I can't get it to load. All that farting about, to keep the @$%£#-iest windows ever!
The only thing that stopped me wiping windows entirely tonight is that it's such a perfectly locked up and locked out system, it would be nice to keep it and have the disk there for developers to test their ideas on. If they get going on this one, they're good!
If it were me; Mate I Would Be really ticked off-
Thanks for saying I was kind to think of everything:hattip:
I certainly hope that your able to overcome this most undesirable nonsense-
I remember reading about a platform key but the personal key is news to me.
Think I better :study: some more.
I see; you have 3.6.10 Kernel on disc but can't get it to load-
I'm sorry that your frustrated; I feel for ya-
Wish I could help more-
If I find any other articles or a light bulb in this head of mine lights up I'll write ya another post-
Off to do more re-search and :study:
Reviewing the notes I wrote by hand I'm sharing what I found.
If your already aware; pardon me repeating what you are already educated on-
For Linux to access UEFI Runtime Services, the UEFI Firmware processor architecture and the Linux Kernel processor must match. It is independent of the bootloader used.
A man at Canonical was able to create his own securied binaries that will boot and work on a UEFI Linux Secured System. I think he achieved it by extracting the Operating System's Vendors key exchange key from it and installed it to the database. (These keys you already mentioned) This tool would be activated by the UEFI System as soon as it saw the un-autherised media inserted so the platform owner could decide whether they wished to accept the key for OS install and boot.
I tried going here 3 times and my browser didn't comply-(page was re-set)
And a PDF@
Here's something I didn't know:
UEFI application may launch another application (in case of UEFI shell or a boot MGR like rEFlnd) or the kernel and initramfs (in case of bootloader; Grub 2) Depending on how the UEFI application was configured.
Legacy mode is no-EFI mode; right?
Thanks Onebuck for the correction!:)
Good information to learn from in regard to taking control of all the keys!
I bought an ssd on ebay last night - a small one, but a new disk nevertheless. It's going in, formatted with an mbr, and secure boot is being disabled. That will work. I know it will work because I've already tried it. My HD I am keeping as is for the moment.
Onebuck, you being a moderator type, can you notify the various distro maintainers that they have the most awkward box imaginable sitting here in Ireland ready to test their attempts? I can shove the disc back in and they can ruin it - I don't care. It's backed up, and not in use.
And the box is bad: With Secure Boot on, it won't look at the CD/DVD unless I'm mistaken; It doesn't boot usb in any case. It will boot PXE with F12 pressed at boot. No shell is supplied that I can find - just a 'windows recovery' program. Grub2 just craps out on it (Does grub2 do anything else?). Fedora's grub-legacy & grub-efi say "Failed to embed stage1 ... failed to embed stage2). Elilo is ignored. There is a 'bootmgr.exe' buried somewhere in the windows stuff. No documentation :-(.
I wish things were that easy. Most active maintainers are doing their best to interact with their user base when necessary to keep things working for the distribution. Look at Slackware as an example, PV does lurk and interact at times on Slackware forums. Very receptive to the user base input. Not to say changes are made all the time but that the mood along with experiences do help to improve the distro.
'UEFI' is not new, 'Secure Boot' is Microsoft's way of implementing the protocol to insure their OS for the user base. Researching 'UEFI' protocol and how the future with OEM equipment that will or are using 'Secure boot' so I will know how or when things can be done too utilize hardware with Open Source. Every user needs to be aware of the abilities to use the hardware and how with open source on this same hardware. if at all. If the machine has a Microsoft Windows 8 logo you should be able to implement via disable or jump through the right hoops to get a install on the equipment by use of Key Exchange Keys (KEK) that can be added to a database stored in memory to allow other certificates to be used. But the KEK must be connected to the systems private part of the platform key. If not done properly then you will have errors.
Please be aware that their are to many rumors or just plain 'FUD' that conflicts the situation thus creating uncertain situation for those that are not fully aware of the what & how concerning 'UEFI' protocol and the feature use of 'Secure boot' protocol by Microsoft.
'UEFI' is necessary for the future of computing. 'BIOS" has been extended via hacks to implement newer abilities/capabilities for ever changing computer hardware. We need this expansion, 'UEFI' protocol is not a bad thing, just a necessity to extend capabilities for newer hardware & software.
Linux users will do everything to prevent root kits or other means to prevent unwanted access to their system. I look at 'UEFI' as means to improve the methods from a firmware perspective to allow full use of hardware instead of the BIOS way. BIOS has to many holes and hacks to get hardware to work thus vulnerable.
I should have made myself clearer.
If anyone wants to put a distro out, he is going to have to take UEFI on henceforth. Here is the toughest obstacle they are likely to meet. If nobody needs that, it's OK, and I'll reformat the drive sometime.
I personally feel pxe may be the way to do it - it seems easier than the other options.
My question to you is how 'PXE' is the way to do what? How do you expect to enable the 'PXE' via 'UEFI'? 'UEFI PXE' is available. You will still need to integrate KEK for that install. You could use 'iPXE' (work in progress) to do a standard install;
This is a good place to lay that stuff down, because people will search these threads for their own answers.
I spent the last week reading up on this stuff and while I wouldn't claim to be the world's expert, I did get an idea of what was involved. For me, windows is not worth it.
My experience on this box with Secure boot enabled:
No access to any shell, short of vandalizing the m$ boot. If you do that, it's recovery recreates the m$ boot, AFAICT. No usb boot; No CD boot. Only pxe, with which I haven't experimented. When windows 8 is booted, the ESP is examined and "Fixed" without any option to avoid it.
With Secure Boot disabled, I have cd boot. No GPT Boot, so the disk won't boot. Just mbr & CD boot works with secure boot disabled.
To my mind, that's a pretty wilful way of locking out competitor OSes in an attempt to prop up the worst version of windows ever. Installing isn't out of the question, but dual boot certainly seems to be.
However; I can't seem to wrap my mind around why this has become a normal practice and what exactly are the motives to repeat this over and over again.(Other than mass produce to provide a corporation profit) This is just my thoughts and opinions but I think that if one (meaning a individuial, group, corporation)does enough bad it comes back.
In my mind this practice of producing this Unified Extensible Firmware Interface is generating positive and negative energies and a hint of upheavel. The average folks that have PC may have extream difficulity trying to figure/configure this equation out-
I'll think twice before I purchase another PC in the future.
I wish you the best business_kidd and I hope that your distro is now functional on your new computer.
This is a great thread to learn from; I'll teach it to noobs if I'm asked-
Have a great weekend!
|All times are GMT -5. The time now is 07:30 AM.|