I'm a bit surprised to see someone writing about secure boot now, given that it was implemented in Windows 8 which was released on October 26, 2012.

The author appears to be confused about secure boot and UEFI; secure boot is part of the UEFI specification but has only been implemented by Microsoft - and given that Microsoft has influence over all hardware manufacturers, it is turned on for evey machine that is pre-loaded with Windows 8.

Linux was ready for UEFI years and years ago. Not so for secure boot, as developers had to first see how it was implemented in order to develop methods of booting on machines that have it turned on. Fedora, Ubuntu, and openSUSE, to name three all boot easily on machines with secure boot turned on.

Once again someone who should know better conflating Microsoft's "SecureBoot" with UEFI.

Linux based Operating Systems will install on UEFI systems without the necessity of a key. It is only where those systems are using Microsoft's Proprietary Extension to UEFI... "SecureBoot", that a key is need to install any operating system be it Linux or Windows.

I work for a Retailer that sells pcs. I will not buy a pc from them because they all have win8/apple oses. Their tech does not know if I can install Slackware linux on them. So I am sourcing out motherboards that I hope can install a Linux distro on them, currently Asus P8Z77 Lga1155. I hope this board will work. I stopped trying to learn anything MS years ago. Its a waste of my time. To think that two people, Bill Gates and Steve Jobs have had so much control of the computing market is asinine in my mind. At work, we do not provide staff with PC's. They buy their own, but have to have a windows 7 in the cloud virtual environment. Most people choose macbook air. It is the epitome of contradictions, buy a mac, work in a windows virtual environment. Secure boot and UEFI should be completely open, not proprietary.

Before installing Fedora on my new Lenovo with Secure Boot and UEFI Bios, I asked on the Fedora Forums where the tutorial was for those issues. Eventually I was told, "no tutorial because it should just work."

We went back and forth a bit with my questions being mostly graciously answered. I also looked online because I wanted to shrink down the Windows 8 partition more than the Windows Disk Management tool wanted to give me (it wanted to stop at half the partition and I wanted 80+% for Fedora). Googling I got a recipe from a forum on how to eliminate the barriers that Windows sets up for shrinking the partition.

At first I had a bit of trouble getting Fedora to boot from CD. I disabled Secure Boot keeping UEFI and it booted and installed quite readily. Rebooting and I got Fedora but no Windows in grubs menu.

I went into the UEFI BIOS's boot manager and sure enough it found both Windows and Fedora. So, F12 on my Lenovo gave me access to boot either. I enabled SB and Fedora with its "shim" still booted. Ditto for Windows in its shrunken partition.

On the Fedora Forum Rod Smith told us about his rEFInd boot manager software. After I had fully set up my preferred apps in Fedora and gotten some business done I settled in to read up on rEFInd. Rod's documentation is in several web pages of his site. Some were too detailed on too many aspects that were unnecessary for my purposes but his quick install guide was great.

I downloaded the rEFInd CD iso, burned it and booted it. It found Windows and Fedora and also the UEFI Bios entry point. Slick. I installed the rpm from Fedora and booted and voila--I had all those choices from the rEFInd boot menu. Cool.

So, 1) it wasn't necessary to enable legacy boot and that would have made Windows unavailable. 2) With a version of Linux that is installable with a Secure Boot-registered shim, installation is pretty straightforward but grub being grub doesn't work too well in finding the Windows efi bootmanager. The rEFInd software is simple, straightforward for most situations and Rod knows how to help folks who have the more awkward issues.

I've been running each version of Ubuntu as they have come out for the last 5 years, starting with 8.10. I've installed Ubuntu on about 25 computers over these 5 years for friends, family, and coworkers, mostly dual boots with Windows. The installs were relatively simple. In the last 2 months, I've installed Ubuntu 13.10 on two new Lenovo desktops with Windows 8. This was also my first experience with Windows 8. On both systems, I did the Windows 8.1 update before installing Ubuntu. On one the update went fine. On the other, I had a terrible time because one Windows 8 file would not update, and Windows 8.1 would not update without that being done. Finally I managed to get that file updated. When I went to install Ubuntu, I turned off Secure Boot and Fast Boot before installing, as per recommendations on the web. Then I put the install disk in the DVD drive and started the Ubuntu install. Ubuntu would get to the point where normally you would partition the hard drive to install Ubuntu alongside Windows. No such option existed. From more research on the web, I found I needed to resize the Windows partition in Windows. The reason being windows has some non movable files on the hard drive. On both of these machines, there was a non movable file right in the middle of a 1 TB hard drive. The only reason I can figure Microsoft would do that is to thwart Linux installs, or greatly limit the amount of hard drive space Ubuntu could use. Anyway, once I shrank the hard drive, I had free space. Then I could go back to the Ubuntu install and when I would get to the screen where you would normally choose to install alongside Windows 8, there was still no option to install Ubumntu alongside Windows 8. I needed to create a swap partition and a partition for Ubuntu to be installed in with a mount point in the free space. Any new person like I was 5 years ago trying to do an install would certainly have given up at that point. When I was new to Ubuntu I knew nothing about partitioning a hard drive. I would never have made it that far. Anyway, the installs with that having been done, went perfectly fine. They finished. I removed the install disks from the DVD drives, and rebooted. On both machines all I had on the reboot was Windows 8 booting. There wasn't any option boot to Ubuntu. Upon further research on the web, it was recommended that I run the Boot-Repair utility. I did it from the live DVD and terminal. In both instances it took several minutes, and when finished, I had the Grub dual boot menu options show up on a re-start, and, on both machines, dual boot worked perfectly after that. But after doing those two Ubuntu installs on two Windows 8 computers, I decided that no person new to Ubuntu, or Linux, and with average, or maybe above average computer skills, would ever be able to do an Ubuntu install on a Windows 8 machine. All due to Microsoft!!!!!!!!!!!!!

I started the New Year with a new computer from ZaReason, which preloaded my system at purchase with my favorite spin of Fedora. This article gives me a bit of confidence that I could load linux onto a UEFI machine. I am still glad that I have a new machine in which this is not an issue.

Perhaps part of the Linux revolution will be for Linux users to buy pre-loaded linux from companies like Lini PC, emperorpenguin, ZaReason, System 76 or even the pre-loaded Ubuntu from ecollegepc.com or Dell. The way to create a market which supplies linux-install-friendly computers is to buy them.

You are one of two tech journalists I know of who have the knowledge and confidence to tackle a project such as this, and the calibre of writing which makes the reader feel as though (s)he is watching over your shoulder as you explain what has gone right, or wrong. You also share another attribute in common: calling a spade a spade.

If you, U-N (un-named), and James Bottomley can't get Linux to play nicely with UEFI/Secure Boot, what chance do we ignoramuses have?

I just must quote from your article for those who may have let it slip by:

"UEFI and Secure Boot are technologies that some Linux experts approach with a sense of curiosity. Take the case of James Bottomley, chair of the Linux Foundation's Technical Advisory Board.

He recently did an install of openSuse 13.1 on a Samsung 9 AT IV. He was curious to see if it would work out of the box. He installed it on the system as delivered in Secure Boot mode using the USB key image. The install went flawlessly except that openSuse could not resize the Windows partition to allow it to share the disk. So he just erased Windows.

"We were initially worried about the problem of installing Linux on Secure Boot hardware. But thanks to a fairly long lead time and lots of work done by Greg [Kroah-Hartman], me, Matthew Garrett and Peter Jones, any distribution that wants to can get it to work easily," Bottomley told LinuxInsider.

Installation can fail if you install a distro's older version, he agreed.

The only way out of this mess? DEMAND that hardware manufacturers provide a platform option which is totally and completely free of any taint of Microsoft.

With all the unsold Microsoft inventory gathering dust, now's the perfect time to be VERY strident with PC makers regarding selling you a no-OS PC with an "ancient" BIOS.

ps: heard the latest story of how HP is going to start moving its unsold Win8 PCs? Simple: it's going to wipe all those drives of ANY Win8 sh*t, and INSTALL WIN7! How's THAT for creativity?

Let's all start the negotiations!

I will buy a computer without any OS, or a ZaReason or System 76 computer. I will NOT support windows when I buy my next computer, no matter they try to lure me with a low price(cheap) computer. I hope others think and feel the same way.

Thank you for the update. I enjoyed reading your UEFI article.

I must agree with Jack, the solution is simple: Avoid a Winbox. It is asinine that Microsoft should dominate this discussion.

We must insist as a community that hardware vendors build OS neutral hardware allowing any OS to boot.

I'm not apposed to UEFI, but I am confused as to why the keys cannot be universally controlled by the end user; even on a Winbox--- the end user should be able to disable the keys/UEFI and use or not... reset the key, load whatever they want.

Microsoft must get out of our lives--- it is way past time for this.

Cheers

Thank you for update. My solution is very simple. Don't buy winbox. There are other makers like Systems76 with computers one can install anything on. After years paying MS ransom for, every so often, new version of the old trouble I will never again buy computer with pre-install Microsoft product. It is waist of time and money. Even very good products can be made useless by unnecessary demands and updates and unwanted automatic actions. To serve this demands one needs to learn about system anyway, so why not to have it my way from the beginning?