Re: [PLUG] Cheap x86 Windows tablet?

Gavin W. Burris on 10 Sep 2015 05:33:08 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Cheap x86 Windows tablet?

From: "Gavin W. Burris" <bug@wharton.upenn.edu>
To: "Philadelphia Linux User's Group Discussion List" <plug@lists.phillylinux.org>
Subject: Re: [PLUG] Cheap x86 Windows tablet?
Date: Thu, 10 Sep 2015 08:33:00 -0400
Dkim-signature: v=1; a=rsa-sha256; c=simple/simple; d=wharton.upenn.edu; s=smtp-relay; t=1441888383; bh=WPDDe7TJz7h7OBqtV+UbLNjQzd2WXbpPz+fcr1uPCmc=; h=Date:From:To:Subject:Message-ID:References:MIME-Version: Content-Type:In-Reply-To; b=jvvJY8voYZCae4YEPIZIaZ1tkVc91aBb/27NujQLtO/HCGWdD4euBq+UUDjF/7HYa DrYNiUZ/Eat3UwxIGw1QH/5oclRbipMGZabXIk1RT7fCfqagX2oQnX2dtQViP1/xYB vg/HuhnIQQcUjiroWU+6uDnmKRDklRd3nT0jC8Rs=
Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
Sender: "plug" <plug-bounces@lists.phillylinux.org>
User-agent: Mutt/1.5.23 (2014-03-12)

Hi, All.

While investigating Secure Boot before a recent OS refresh, a few teasing details showed up.  It looks like UEFI has been supported for some time now by Red Hat et al.

Here is an interesting blog post from the guy that did the implementation for Fedora, and boot to Zork!:  
https://mjg59.dreamwidth.org/27881.html

It was hard to find any advice when googling how to install Linux with Secure Boot, mostly just people saying "turn it off."  The latest Fedora and Red Hat Enterprise Linux use a package called "shim" that facilitates Secure Boot with no additional effort:  
https://mjg59.dreamwidth.org/23400.html

I haven't tried it, but it looks like all you have to do with Fedora 22 or RHEL 7 is boot the install media without disabling the BIOS option, then it will install as secure bootable.

Cheers.


On Wed 09/09/15 08:53PM -0400, Rich Mingin (PLUG) wrote:
> I'm well aware. I was referring to 'teaching' the MS firmware about your
> shiny new key being the hard part.
> 
> http://blog.davidelner.com/dual-booting-ubuntu-14-10-on-the-surface-pro-3/
> 
> See that screenshot halfway down the page?
> http://cdn.delner.com/www/images/blog/surface-linux/05_secured_boot.jpg
> 
> It shows the firmware options (BIOS, in outdated terms). There are no other
> screens. That info is still up to date as of July 2015, when I owned a
> Surface 3 Pro briefly.
> 
> The sum total of all the Secure Boot options on the Surface 3 Pro are:
> 
> Secure Boot (Enable/Disable)
> Delete all secure boot keys? (y/n)
> 
> That's it. Where do I tell it about my KEK or PK?
> 
> 
> Sure, you can turn Secure Boot off and leave it off, but it seems a shame
> to disable a valid security tool, and you'll be treated to a very bright
> red startup screen on every boot, with a little nag message.
> 
> You can, sure, but why swim upstream? It's clear MS doesn't want anyone
> else swimming in their pool, and when they start actively pissing in it,
> why not go to someone else's pool? The Acers I listed are much, much more
> affordable, the "works under linux" feature set is nearly identical, where
> it doesn't flat out favor the Acers (they COME with keyboards that work,
> instead of MS charging an extra 150$ for theirs....).
> 
> 
> 
> On Wed, Sep 9, 2015 at 8:41 PM, brent saner <brent.saner@gmail.com> wrote:
> 
> >
> > https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface#Secure_Boot
> >
> > It's definitely possible to use your own keys on Linux.
> >
> > On Wed, Sep 9, 2015, 20:34 Rich Mingin (PLUG) <plug@frags.us> wrote:
> >
> >> Oh, you can disable Secure Boot on S3Pro. It just makes the boot splash a
> >> white "Microsoft" on a screaming red background instead of a black one, and
> >> it prints an informative little scare lecture about how you're letting the
> >> evil hackers in. I don't know that you can self-register keys, but it's
> >> possible. I returned mine after a week or so, since it kept giving me a
> >> hard time no matter what OS I was running.
> >>
> >> More important than the awkwardness and obstinacy of the firmware, IMO,
> >> is the dodgy and not-quite-standard hardware that will give you all sorts
> >> of fits.
> >>
> >> For a discussion, we can go on, but for someone considering buying one of
> >> those things, I hope enough ill has been said already.
> >>
> >> On Wed, Sep 9, 2015 at 8:09 PM, Rich Freeman <r-plug@thefreemanclan.net>
> >> wrote:
> >>
> >>> On Wed, Sep 9, 2015 at 7:13 PM, Rich Mingin (PLUG) <plug@frags.us>
> >>> wrote:
> >>> > Surface 3 Pro is a somewhat-standard-ish Core i5/i5/i7 PC, and while
> >>> it's
> >>> > possible to put Linux on it (there's an arch-surface3 mailing list I
> >>> > follow), it's far from issue-free, there are long lists of gotchas and
> >>> > sorta-working items. It's also actively hostile to booting non-MS
> >>> OSes, via
> >>> > the UEFI and the difficulties in disabling Secure Boot.
> >>> >
> >>>
> >>>
> >>> Interesting.  I believe MS's stated policy is to support disabling
> >>> secure boot or changing the key on x86, and to forbid this on ARM.
> >>> That largely agrees with your email, but this is the first that I've
> >>> heard that the Surface Pro has a bootloader which is hard to change
> >>> the key on.  Is that really the case, or is this just like any other
> >>> EFI motherboard out there now?
> >>>
> >>> --
> >>> Rich
> >>>
> >>> ___________________________________________________________________________
> >>> Philadelphia Linux Users Group         --
> >>> http://www.phillylinux.org
> >>> Announcements -
> >>> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> >>> General Discussion  --
> >>> http://lists.phillylinux.org/mailman/listinfo/plug
> >>>
> >>
> >>
> >> ___________________________________________________________________________
> >> Philadelphia Linux Users Group         --
> >> http://www.phillylinux.org
> >> Announcements -
> >> http://lists.phillylinux.org/mailman/listinfo/plug-announce
> >> General Discussion  --
> >> http://lists.phillylinux.org/mailman/listinfo/plug
> >>
> >
> > ___________________________________________________________________________
> > Philadelphia Linux Users Group         --
> > http://www.phillylinux.org
> > Announcements -
> > http://lists.phillylinux.org/mailman/listinfo/plug-announce
> > General Discussion  --
> > http://lists.phillylinux.org/mailman/listinfo/plug
> >
> >

> ___________________________________________________________________________
> Philadelphia Linux Users Group         --        http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug


-- 
Gavin W. Burris
Senior Project Leader for Research Computing
The Wharton School
University of Pennsylvania
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug

Follow-Ups:
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: "Gavin W. Burris" <bug@wharton.upenn.edu>

References:
- [PLUG] Cheap x86 Windows tablet?
  - From: Greg Helledy <gregsonh@gra-inc.com>
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: "Keith C. Perry" <kperry@daotechnologies.com>
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: Anthony Martin <anthony.j.martin142@gmail.com>
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: "Rich Mingin (PLUG)" <plug@frags.us>
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: Rich Freeman <r-plug@thefreemanclan.net>
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: "Rich Mingin (PLUG)" <plug@frags.us>
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: brent saner <brent.saner@gmail.com>
- Re: [PLUG] Cheap x86 Windows tablet?
  - From: "Rich Mingin (PLUG)" <plug@frags.us>

Prev by Date: Re: [PLUG] Fall 2015 presentation schedule
Next by Date: Re: [PLUG] Cheap x86 Windows tablet?
Previous by thread: Re: [PLUG] Cheap x86 Windows tablet?
Next by thread: Re: [PLUG] Cheap x86 Windows tablet?
Index(es):
- Date
- Thread