Tag Archives: grub2

Ubuntu 12.10 and Windows 8 with Secure Boot mode

Installing Ubuntu 12.10 on a Samsung Series 9 Notebook has some pitfalls. My goal was to install Ubuntu 12.10 along Windows 8 while using Secure Boot too.

The first challenge is booting from an USB flash drive. You need to enter your BIOS by pressing F2 while booting the system. Change to the “Boot” tab, enter the sub menu “Boot Device Priority”  and move “USB HDD” in front of “SATA HDD” (using F5). Then, curiously, you also need to disable the “Fast BIOS Mode” (tab “Advanced”). You can also use F10 to select the boot device, but “Fast BIOS Mode” still needs to be disabled. Installing Ubuntu should then work as usually.

Even thought Ubuntu 12.10 supports Secure Boot, on my system, the first boot after the installation failed with this Error:

Secure Boot

Image failed to verify with *ACCESS DENIED*.
Press any key to continue.

Read more »

Secure Boot implementation of Ubuntu 12.10 (Quantal Quetzal)

Ubuntu 12.10 supports UEFI secure boot. I did some research in order to understand the actual implementation on Ubuntu and would like to share my findings. Since Windows 8 requires secure boot, most new Computer contain Microsoft’s Platform Key. Microsoft allows to sign own binaries with this Platform Key. As outlined in the Canonical blog post Ubuntu 12.10 uses a signed version of the EFI application Shim (to maintain the chain of trust) and Grub2 as its default boot manager.

Canonicals version of the Shim EFI application

Ubuntu’s 12.10 Shim EFI application is a early version of Shim which don’t has any support for MOKs (Machine Owner Keys). Shim was made by Matthew Garrett. He wrote two blog posts how Shim works, but because Ubuntu uses an older version not all of his description apply to Ubuntu’s Shim. Matthew Garrett also published its own Microsoft-signed version of Shim. Ubuntu however doesn’t use this signed version. Read more »