[SOLVED] Helping Me Decide Whether to Give Up Systems Where I Can't Figure Out How to Get Rid of Secure Boot Or Not
Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Helping Me Decide Whether to Give Up Systems Where I Can't Figure Out How to Get Rid of Secure Boot Or Not
I need some help deciding whether to give up using PCs with secure boot or not, when I can't figure out in UEFI/BIOS how to disable the secure boot, going forward. This decision will effect future purchasing decisions on my part. I'm essentailly trying to reduce windows use and replace it with Linux use. I have known a lot about Linux for some time, as shown by my encounters with it on this site. However, I'm now going mostly Linux for use. At least for home, and personal use. Besides possible servers, I'll still need a copy or two for hardware and software that doesn't work with Linux, that I must use.
If it's ever possible to use them with Linux, or perhaps reactos (but reactos must at least be at 1.0 by then), I will probably switch them to it. But for now, those things just don't work. I'm using a mini PC for my main copy of windows for now. I still have some dual boot systems too, which I almost don't need.
The question now, is a piece of software called Easy 2 boot. I have tested Ventoy, and found that I can easily create flash drives with multiple ISOs. What I have found though, is they do not seem to support booting with secure boot enabled. My previous Easy 2 boot, does. I have researched creating them in Linux, and while possible, it IS a bit more difficult. If I chose to continue supporting that as main way to install things, I could make it easier with my own stuff. Even if I need a little practive with "expect" to make it work, I should be advanced enough I'm capable of doing it. Perhaps expect was replaced, I don't know, but for those who know what I'm talking about, you get the idea. I remember messing with it vaguely before. It was a great open source tool for automating the command line on Linux. Probably, in fact, I believe it was FOSS.
However, I'm deciding now between just using ventoy, and declaring that for my Linux systems, i do not support secure boot, and only support machines for which I know how to disable it, or for which it doesn't even exist. That's choice number 1. Choice number 2, is that I could make installing it easier for easy 2 boot, and continue to support it. Yet another, choice number 3, is I could support creating it from my windows PC ONLY, and just use that to create it.
I'm leaning towards choice number 1, but I need some advice on it. I hate the general philosophy of windows licenses and a bunch of other sutff, but we live in a world where sometimes we don't have other options. Also when learning to license, I may not always be able to license under what I'd prefer, though I rarely need to get as strict and stuff as microsoft does. It's all about strategy vs beliefs on how to license stuff. Of course as a user, I gravitate towards FOSS, when possible and for something which is not FOSS, I really do want to see FOSS win most of the time.
But you also have to balance ease of use, where sometimes FOSS is not as easy to use. Also I will have to check easy 2 boot's license in the first place, because I would like whichever choice I make to be compatible with businesses I may run in the future too. By the way, I may also need windows and mac for creating software, as I go on.
As far as businesses or schools I may go to, or work at in the future, once the switch is made, I would really like to adopt a policy where I either make them provide me with a machine, just to use for that, or if really needed, buy another machine, just for that use. As far as my network goes, I will allow running those OSs, but there may be additional rules to follow when others do it.
Please help me decide which choice to make about the Easy 2 boot and secure boot. I'll keep it open a reasonable amount of time after all the helpful replies. But even when helpful, not forever.
For all those Major OEMs, how would you find out how to disable it, in a google search? I know of the obvious:
Code:
<Brand> <Model> turn off secure boot
But either I forgot to do it that way with my current PC (but figured it out since), or for some other reason, it was just extremely hard to figure out. I still don't remember which option it is. But I was finally able to do it. It is a major OEM, HP.
Also, any plans for discontinuing to have the option so far? I know why it could be a good idea, but for me, it's hardly a good idea. And then, I hate to say it, but I know windows 10 will boot without it, but what about 11, or the rumors so far about 12? As I said before, pretty much switching away from those, but some strange need could arise, and I just want to know generally if they have plans for not booting at all without it.
While we're at it, finding model numbers, I could use a quick overview on. As well as knowing if it's a major manufaturer. I know HP and Dell are though. I think. These issues will factor into my decisions. Thanks!
So almost every system I've ever used Secure Boot is either under Security in the BIOS, or BOOT in the BIOS. However, I have mostly only experience with business line of systems from HP, Dell, and Lenovo, and very little experience outside that scope.
While I do not know for certain, i have not read that there is any plans to discontinue the option. Many of the major OEM's have at least a DECENT level of Linux support, and so until Linux users can by and large be swayed to accept secure boot, I can't imagine the manufacturers being overly enthusiastic to support removing the ability to disable it. Secure boot is NOT part of the UEFI specification, it is essentially an extension that Microsoft added.
All you need is to do is google/ddg the hotkey to load into the bios / efi system during boot. That is hidden from view on most oem systems these days during the boot process. They don't want people mucking about in there. Once you know how to get into it just dig around. They aren't huge mazes of complication. They are usually quite simple. Won't take long to find what you are looking for. Just don't mess with other settings unless you fully know what you are doing or are capable of reverting them.
Last edited by jmgibson1981; 11-13-2023 at 03:37 PM.
I have never bought a Windows license. I have never used secure boot. I never heard of Easy 2 boot until I read this thread. I have always used GRUB to boot since GRUB 2 was released. Before that I used LILO. I currently have two desktop computers. I boot one desktop from a SSD using GRUB. I boot the other desktop from a USB thumb drive using GRUB.
As to the future I will disable secure boot in the BIOS of any computer that I buy and continue to ignore secure boot. I agree with Timothy Miller's statements:
Quote:
Originally Posted by Timothy Miller
There has (yet) to be a laptop made from a major OEM that doesn't have the ability to turn off secure boot.
Quote:
Originally Posted by Timothy Miller
Many of the major OEM's have at least a DECENT level of Linux support, and so until Linux users can by and large be swayed to accept secure boot, I can't imagine the manufacturers being overly enthusiastic to support removing the ability to disable it. Secure boot is NOT part of the UEFI specification, it is essentially an extension that Microsoft added.
I should explain a little more about what easy 2 boot is, it is NOT a replacement for GRUB/GRUB2 or LILO, in any case I'm talking about. What it is, is the basic boot code to install on a USB, (and possibly CD/DVD if desired?), which will then at booting it, give you a menu, to choose a real boot file, usually from an .ISO that will either be a CD/DVD, or a flash drive image. Then with the options you give it, it boots that from it's disk.
From there, you would typically install whatever it is you're trying to install. The advantage, is, that you don't have to have 1 USB per image. That's why for me, one or the other is necessary. Ventoy does the same, and they may be partially related. I'm guessing Ventoy makes use of a version of the Linux kernel.
I would NOT think of replacing GRUB/GRUB2. But what it does, I need that functionallity. Maybe there's something else to also use? But with both, save the secure boot concept, I've had good experience with them.
You can use it to install both Windows and Linux, any flavor, pretty much. That abillity is necessary for me on my network. Like I said, I'm on my way to much more Linux, and as few Windows as possible. However, the basic tech is needed.
I'm talking (mostly) about laptops, by the way. Also, I know how to google the hotkey for opening BIOS pretty well. The laptop I'm now on, I almost didn't find secure boot, as it was under a weird setting I've never seen before. I will try to find it and tell you what it was under. Here goes. Then, I will reboot again, and continue here.
I should explain a little more about what easy 2 boot is, it is NOT a replacement for GRUB/GRUB2 or LILO, in any case I'm talking about. What it is, is the basic boot code to install on a USB, (and possibly CD/DVD if desired?), which will then at booting it, give you a menu, to choose a real boot file, usually from an .ISO that will either be a CD/DVD, or a flash drive image. Then with the options you give it, it boots that from it's disk.
From there, you would typically install whatever it is you're trying to install. The advantage, is, that you don't have to have 1 USB per image. That's why for me, one or the other is necessary. Ventoy does the same, and they may be partially related. I'm guessing Ventoy makes use of a version of the Linux kernel.
I would NOT think of replacing GRUB/GRUB2. But what it does, I need that functionallity. Maybe there's something else to also use? But with both, save the secure boot concept, I've had good experience with them.
You can use it to install both Windows and Linux, any flavor, pretty much. That abillity is necessary for me on my network. Like I said, I'm on my way to much more Linux, and as few Windows as possible. However, the basic tech is needed.
It looks like it was under boot options->secure boot, on this machine. I didn't try to enable it, and then disable it again (I know I have it disabled). But it was in fact, greyed totally out, by this point, that's part of it's weirdness. Mostly, systems seem to let me enable and disable it without turning grey. For some reason, I thought this place was weird. I don't remember whether for some reason it jumped around or not. I just remember that I had a really hard time with it. At first, I'd assumed it couldn't be disabled. Finally, I found out it could, and that's when it became suitable for my main machine. I don't really know how to get Mint to boot with secure boot on, regardless of whether I use it for installing.
I just thought that I might want to support installing Windows on a system with secure boot on. I suppose I could disable it, install, and re-enable it? Once I know a policy, I should document it in my network docs, I think. Most of my life, I've only dealt with BIOS without UEFI even existing!
I started to use them when I was doing school, and was also trying to boot when I thought secure boot could not be disabled on this machine. For school, I was needing to install windows and windows server a bit. Licenses weren't often required. During school was when I began to make my switch. There is a lot of work to do to make it, but I'll get there.
I've almost got enough information to make a decision.
Because of the licensing, which I have studied, and ease of use, in Linux, when secure boot is disabled, I have decided to go with Ventoy as my new goto tool for these things. I will come back to this site, if I find myself on a machine that is needing to disable secure boot, and don't know how. The last part, for which I'll keep it open for a bit, now that I've made that decision, and now that I know that most major manufacturers support disabling secure boot, is these three things:
* What are the major manufacturers, list the ones I know about too. We're talking mainly about laptops in most cases, or mini pcs. I know manufacturers, but I may not know the major ones.
* How do I better know how to disable it.
* What are manufacturers for this reason, I should stay away from?
In all honesty, with the way things are going, my next PC, will probably be one (possibly) from Tuxedo. However, that may be years now.
My preferred vendor was Zareason, because they let you choose your distro (within reason, of course), but they went under during the pandemic. I now have two ThinkPenguin laptops that I'm quite happy with, and one Zareason desktop that's still going strong. (ThinkPenguin also lets you choose your distro.)
My preferred vendor was Zareason, because they let you choose your distro (within reason, of course), but they went under during the pandemic. I now have two ThinkPenguin laptops that I'm quite happy with, and one Zareason desktop that's still going strong. (ThinkPenguin also lets you choose your distro.)
I really wish there was a Linux-native manufacturer that made laptops I could stand. I'd love to find a manufacturer to support. Sadly, no Linux-native OEM wants my business.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.