The officially official Devuan Forum!

You are not logged in.

#1 2021-04-03 23:16:58

Micronaut
Member
Registered: 2019-07-04
Posts: 108  

Devuan and Secure Boot

After literally years of trying to accommodate a Windows 10 install on a second hand laptop, I finally took the plunge and purged the beast, replacing it with Devuan Beowulf. In order to do that, I had to enable 'legacy' booting, as it would not recognize anything but its originally imprinted Win 10 otherwise. So now I've got a system new enough to have UEFI, but still booting from a disk using ancient MBR.

Now I am wondering, as I tweak my new and actually usable laptop, do Debian/Devuan  have 'keys' to be allowed to use this 'secure boot' feature? Or does it have to always be disabled to install Linux on a system that has it? Is it possible to use UEFI/GFT without secure boot? Would I have to dig further into the BIOS and figure out how to remove the existing keys to allow that?

Offline

#2 2021-04-04 10:49:39

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 1,542  
Website

Re: Devuan and Secure Boot

Micronaut wrote:

it would not recognize anything but its originally imprinted Win 10 otherwise.

What does that mean, exactly?

Some UEFI firmware implementations are so broken that they will only start Windows' bootmgfw.efi loader. There are workarounds for that though.

See also https://www.rodsbooks.com/efi-bootloade … ive-naming

Micronaut wrote:

do Debian/Devuan  have 'keys' to be allowed to use this 'secure boot' feature?

Yes: https://www.debian.org/releases/stable/ … ecure-boot

Micronaut wrote:

Is it possible to use UEFI/GFT without secure boot?

Yes. EDIT: but some UEFI firmware implementations won't allow it even though it is part of the official specification.

Micronaut wrote:

Would I have to dig further into the BIOS and figure out how to remove the existing keys to allow that?

No.

Last edited by Head_on_a_Stick (2021-04-04 10:50:21)


Black Lives Matter

Offline

#3 2021-04-04 14:06:47

rolfie
Member
Registered: 2017-11-25
Posts: 485  

Re: Devuan and Secure Boot

Beowulf itself is not the issue. I have got 4 mainboards running EFI mode, GPT partitioning and no Secure Boot, 3 of them pure EFI/no CSM. But they are all no laptops.

Give it a try. Maybe we can help.

rolfie

Offline

#4 2021-04-04 21:00:15

Micronaut
Member
Registered: 2019-07-04
Posts: 108  

Re: Devuan and Secure Boot

The system is an HP 15-f272wm, just about 5 years old. I got it second-hand, didn't actually buy it myself. It's got a 4-core Pentium N3540 CPU and an Atom Z36xxx GPU. I didn't even know it had a GPU until I installed Devuan with Cinnamon and the System Info panel told me. smile It was originally 4 GB of RAM, but I upgraded it to 8 GB trying to improve the performance of Wind'ohs.

Poking around in the BIOS again, I find there is a setting specifically for secure boot, which I had disabled. But it still wouldn't boot until I enabled legacy support, so I guess I chose MBR when I installed. The menus can be confusing, and I just wanted to get it running something else. Win 10 is a nightmare, spending more time 'updating' itself than I spend actually using the system. And most of the time I had spent using the system was struggling with Win 10 settings and quirks. I also enabled virtualization, which is disabled by default for some reason and I kept seeing error messages about kvm being disabled by BIOS at every boot.

Since everything 'just works' now I am reluctant to re-install just to get the UEFI/GPT. Are there any huge advantages to it? If I need to re-install at some future point, I'll remember to deliberately try GPT.

All I am wondering now is how to get OpenVPN working, so I will post a new thread in the system config forum about that.

Offline

#5 2021-04-05 10:55:24

Andre4freedom
Member
Registered: 2017-11-15
Posts: 49  

Re: Devuan and Secure Boot

Micronaut, do yourself a favour:
Either leave your system in classic BIOS-mode and your disk in MBR mode, and you will have no negative consequences. (My own experience with a 10 years old HP elitebook pro).
If yours is enough recent, you may re-initialize your laptop, Set BIOS settings to factory defaults, then enable EFI/UEFI-boot, your Intel Virtualisation options to your needs and DISABLE SECURE BOOT (=disable TPM). Then wipe the disk and initialize the disk with a GPT label. When you now install Devuan, it will be in UEFI/EFI mode and it should work.
But if your PC works well in your current setup, there is no harm in using it that way.

Offline

Board footer