Dual-Booting with Linux and windows 8:
Virtualization is a popular option for accessing two different systems from the same hardware. You’ll learn more about VMware Workstation virtualization in the next article, but what about those old-school people who still want to dual-boot Linux rather than simply virtualize? Dual-booting is possible if you’re buying new hardware, and it’s very easy if you’re not. The issues with dual-booting on new hardware are related to a universal change that’s taking place in how system BIOS works.
Way back in the 1990s, Intel realized that the time-honored BIOS and firmware setup wasn’t particularly stable or secure. Over the years, we’ve seen the havoc that viruses and trojans have wreaked on unsecured BIOS-run systems.
Intel proposed to replace BIOS with a more sophisticated system called the Unified Extensible Firmware Interface (UEFI), which has finally reached adoption. UEFI is now managed by the Unified EFI Forum, rather than Intel. With Windows 8, original equipment manufacturers such as Dell, Asus, Acer, and others have combined with Microsoft and the Unified EFI Forum to make this new system a reality.
UEFI secure boot offers the following benefits:
- Faster input and output for attached devices
- Ability to boot disks larger than 2.1TB
- A unified protocol for developing and loading device drivers
- Better graphics support
- Secure Boot
The Secure Boot feature, officially known as the UEFI 2.2 specification, requires the use of digital signatures to allow – or prevent – the loading of device drivers and operating systems. This precaution helps fight malware, such as trojans and viruses. If an operating system or process does not have the proper digital signature, it can be excluded from the boot process.
Microsoft has made sure that it supports Secure Boot, and many manufacturers have combined to enable this feature. Supporters of UEFI like the additional capabilities and security it provides. However, others are skeptical of UEFI because restricting access to the BIOS tends to restrict user choice and block innovation.
If you purchase a new UEFI-enabled system, any new operating system you install will need to supply a digital signature, or Secure Boot (if enabled) will not allow it to load.
There’s no single answer about installing Linux on a Windows 8 system, because you have to consider two issues: the hardware and firmware (e.g., your new Asus system with UEFI) and the operating system (Windows 8). So, here are the two major scenarios to consider.
If you have updated an old PC to Windows 8 and it has an incomplete version of UEFI installed or uses standard BIOS, you can dual-boot any version of Linux to your heart’s content. There are no limitations or issues, other than the typical “Updating to Windows 8 erased the GRUB implementation”.
On the other hand, if you want to install Linux on a UEFI-enabled Windows 8 computer, you have the following choices:
1) Use a version of Linux that uses a signed key that Secure Boot recognizes. Red Hat, Fedora, and Linux Mint all have digital signatures that UEFI will recognize. Many individuals in the Linux community feel that it isn’t proper for open source systems to buckle to pressure from Microsoft and the original equipment manufacturers in this way. For many others, though, getting a Linux system up and running in a dual-boot environment is more important.
2) If you don’t want to have the operating system choice pushed on you, you might be able to deactivate the Secure Boot option in your firmware. Although you can’t disable UEFI altogether (because it’s a BIOS replacement), you can, on some systems, tell UEFI to disable Secure Boot features. Doing so will reduce your boot security, but it will allow other operating systems to boot.
3) Obtain a key from the Linux distribution you want to use and add the key yourself using the UEFI-supplied screens at boot time.
(source: Admin Magazine)
And this is how the Linux Foundation has a resolution for the problem:
In a nutshell, the Linux Foundation will obtain a Microsoft Key and sign a small pre-bootloader which will, in turn, chain load (without any form of signature check) a predesignated boot loader which will, in turn, boot Linux (or any other operating system). The pre-bootloader will employ a “present user” test to ensure that it cannot be used as a vector for any type of UEFI malware to target secure systems. This pre-bootloader can be used either to boot a CD/DVD installer or LiveCD distribution or even boot an installed operating system in secure mode for any distribution that chooses to use it. The process of obtaining a Microsoft signature will take a while, but once it is complete, the pre-bootloader will be placed on the Linux Foundation website for anyone to download and make use of.
For more information:
Drs. Albert Spijkers
DBA Consulting on Facebook