After upgrading my hard disk on my Laptop I planned to switch to a GPT (GUID Partition Table). But since I’ve a Windows 7 installation as well I had to switch to UEFI boot mode because Windows 7 does not support booting from GPT using the old BIOS/MBR bootmanager/bootloader (You can find a good Q&A about GPT support of Windows at MSDN). Luckily my old HP Elitebook 8530w already includes an UEFI enabled BIOS (without Secure Boot). It supports (like many others) the old boot mode as well as the new UEFI boot mode. By selecting the “UEFI” entry in the boot menu one can make sure that the UEFI boot mode is enabled. After reading some documentation (especially the once from Roderick W. Smith) I decided to use the rEFInd boot manager and the kernel provided EFI stub bootloader (part of the mainline kernel since 3.3.0). I’m using Ubuntu 12.10 which comes with Linux 3.5 and enabled EFI stub bootloader in the stock kernel…
Tag Archives: uefi
Ubuntu 12.10 supports UEFI secure boot. I did some research in order to understand the actual implementation on Ubuntu and would like to share my findings. Since Windows 8 requires secure boot, most new Computer contain Microsoft’s Platform Key. Microsoft allows to sign own binaries with this Platform Key. As outlined in the Canonical blog post Ubuntu 12.10 uses a signed version of the EFI application Shim (to maintain the chain of trust) and Grub2 as its default boot manager.
Canonicals version of the Shim EFI application
Ubuntu’s 12.10 Shim EFI application is a early version of Shim which don’t has any support for MOKs (Machine Owner Keys). Shim was made by Matthew Garrett. He wrote two blog posts how Shim works, but because Ubuntu uses an older version not all of his description apply to Ubuntu’s Shim. Matthew Garrett also published its own Microsoft-signed version of Shim. Ubuntu however doesn’t use this signed version.