It has been some time given we have created about installing Linux on systems with UEFI firmware, and we have recently gotten several questions about how to do this. So we consider this is a good time for a brief refresher on this topic.
In my opinion, a state of UEFI firmware pattern now is still flattering pell-mell – as distant as we can tell any OEM has their possess rare proceed of doing UEFI configuration, and a differences between them are anything though trivial.
I will uncover that it’s probable to install, configure, and use this Linux placement with positively no command-line access.
Even worse, in some cases in my possess proceed experience, opposite systems from a same OEM have totally opposite UEFI pattern procedures. So if we have come here looking for elementary answers and cookbook procedures, you’re going to be disappointed.
The initial turn of UEFI pattern is a elementary choice of possibly we wish UEFI Secure Boot enabled or not.
Secure Boot is ostensible to be one of a vital reasons for a existence of UEFI firmware – though in my opinion it is a ridiculously formidable resolution for a problem that a immeasurable infancy of PC users would never be faced with. The thought is to plead a foot image(s) on your computer, so that evil-doers can not hurtful or reinstate them, and thereby dig your system.
What this means is that if we have UEFI Secure Boot enabled, we can customarily foot a approved sealed picture – and during slightest in a strange UEFI specification, a customarily signing government was Microsoft. we will leave a discuss about a knowledge of that preference to others. All we will contend here is that this preference had a outcome of creation installing Linux on UEFI firmware systems many some-more difficult.
Some OEMs (and their firmware suppliers) have put substantial bid into providing an swap means for installing keys, certificates and sealed images so that their users have during slightest some slim wish of convalescent control of their computers. But in my opinion so distant these have been formidable to know and formidable to use, during best.
On a other hand, some Linux distributions have attempted to adjust to UEFI firmware with Secure Boot by including a sealed picture in their installation. Off a tip of my head, we consider openSUSE and Ubuntu do this, and we suspect there are some others. They can do it possibly by removing their possess foot images sealed by Microsoft, or by producing a finish swap signing authority, and removing a UEFI firmware to accept that government and a sealed images.
Although this competence yield an adequate resolution for a few distributions that are peaceful and have a resources to do it, it doesn’t assistance a immeasurable infancy of distributions who don’t have a time, resources or seductiveness to get it done.
Therefore my personal choice is to simply invalidate UEFI Secure Boot. Note carefully, we am observant we invalidate Secure Boot customarily – not invalidate UEFI foot entirely, or lapse to Legacy (MBR) boot. we indeed like operative with a doing of UEFI foot in general, we find it to be some-more stretchable and extremely some-more strong than a aged MBR foot process.
So a initial doubt that we wish to residence here is how to invalidate Secure Boot in a UEFI firmware configuration. Unfortunately, as we alluded to above, a answer to this doubt is conjunction elementary nor consistent.
The initial step is sincerely easy, and is roughly always a same on all systems. To get into UEFI firmware configuration, we press F2 (or infrequently ESC) during a foot sequence. This is a same as it has generally been for Legacy BIOS configuration.
Once we get into UEFI/BIOS configuration, we will see a menu with a series of options such as “Main Advanced Boot Security Save Exit”. Following are dual examples of such menus, from systems that we have here on hand:
Other OEMs will positively have rather opposite pattern menus, so keep an open mind when looking during these.
Within these menus, we wish to find something about “Secure Boot”, “Secure Boot Processing” or something identical to that. It is typically in possibly a Boot menu or a Security menu. When we find it, we wish to name it and set it to Disabled or Off.
If we have an Acer computer, when we try to do this we will substantially get your initial surprise. You can’t change a Secure Boot setting, during slightest during initial — it simply won’t be probable to name it for editing. It turns out that we must have a “Supervisor Password” set in a UEFI pattern in method to change a Secure Boot mode. But it doesn’t indeed tell we this anywhere. Sigh. In this case, once we set a cue we will afterwards be means to change Secure Boot from Enabled to Disabled.
Once we have infirm Secure Boot, we are median home in removing Linux commissioned and working. You should now be means to foot a designation media for any Linux placement that supports UEFI firmware (which is usually about all of them now).
Although we mentioned this fast above, we didn’t explain it in many detail.
Most Linux distributions now support UEFI installation, though not Secure Boot. What that means in unsentimental terms is that if we have a UEFI firmware complement with Secure Boot enabled, and we try to foot a designation CD/DVD/USB media of a Linux distributions that does not support Secure Boot, what will occur is that your designation media will simply not be listed in a foot menu. Once we invalidate Secure Boot in a UEFI configuration, your designation media will afterwards be listed.
Once your designation media is famous and listed in a foot menu, we should be means to go by a designation routine for whatever placement we are regulating though many trouble. The subsequent pretence comes when we try to reboot to a commissioned system.
The problem here relates to how a foot method list gets modified. That list specifies what method a several foot objects should be tried, until one that meets a foot mandate is found and is successfully booted. we have seen 3 opposite situations in this area:
- The foot priority list can be mutated by software, as it should be, and all usually works with no fuss. Current Linux installers assume that this is a case, and they do what is required to set adult a commissioned Linux complement as a primary foot object, and any other commissioned handling systems (such as Windows or other Linux distributions) as dual-boot / multi-boot options.
- The UEFI firmware ignores attempts during modifying a foot priority list by software. In this case, a Linux designation appears to work normally, though when we have finished and we try to reboot to a commissioned system, it usually foot Windows again, a same as it always has. There is customarily a proxy work-around for this, we can try dire a “boot selection” pivotal – if we can figure out that one it is. On my Acer systems it is F12; on my ASUS systems it is ESC, and we trust on a HP systems we used to have it was something like F9 or F10. Whatever. If we find a scold key, we should be presented with a list of bootable objects on your computer; if a problem is simply that Linux wasn’t means to change a foot sequence, afterwards we will see a Linux designation listed there, and we can name it in method to foot Linux.
- The foot priority list can be mutated by software, so it appears that a designation works and we competence even be means to foot a commissioned Linux complement a initial time we try. But during some indicate after that, a OEMs foot program will confirm to “help you”, by editing a “mistake” that we done in changing a default foot to anything other than Windows. When this happens your mechanism will unexpected start booting Windows by default, for no apparent reason, and we will have to go behind to indicate 2 above for a proxy resolution to foot Linux again. we have seen HP laptops do this many, many times, and this is a categorical reason (almost a customarily reason) that we quit shopping HP computers altogether.
If we have conditions series 1 above, we are a happy chairman and a universe is a smashing place, so we can stop reading this extensively essay now. If we have conditions dual or 3 (or some other that we haven’t seen yet, though that also is causing Linux installation/boot not to work), afterwards we need a solution. Read on.
The many common solution/work-around for possibly box dual or 3 is that a OEM and/or UEFI firmware retailer have supposing a means in a UEFI pattern menus for we to manually discuss a foot objects, priorities and/or sequence. To accomplish this, we have to get to a UEFI/BIOS pattern menu again, by dire F2 during boot.
In a Configuration menus, demeanour for a BOOT page, where we should find a list of foot intent something like these:
The critical thing to notice in these cinema is that there is a list of foot objects, that will be attempted in a method that they are listed, and that there are instructions on a right side of a shade about how to cgange this list.
These dual systems illustrate a many common methods we have seen so far.
On a ASUS, it lists any bootable handling complement that is now tangible and present, and we can simply pierce equipment adult and down a list to change a priority, or to change that one will be booted by default.
On a Acer it customarily lists one “object” of any form – something to foot from a tough drive, a built-in CD/DVD, a Network, a USB ports and so on. To change a priority of opposite handling systems on a tough drive, we have to initial name Hard Drive Priority, that will afterwards move adult a new perspective that shows all of a famous handling systems commissioned on a tough drive:
In this shade we can change a method of a handling systems, that afterwards sets to method in that they will be attempted until one of them boots.
The final thing we wish to mention, briefly, is that there is also a Linux CLI authority that should be means to set a UEFI foot sequence, called efibootmgr. First, for those who are possibly allergic to or shocked of a authority line, we wish to highlight that it is not necessary to use this command, this is an discretionary approach.
If we have a complement that matches box 1 above, definition that a UEFI foot list and method can be successfully and henceforth set by software, afterwards this authority can be utterly useful – generally if we are environment adult a dual-boot or multi-boot system. Using it, we can fast and simply change what handling complement boots by default, for example.
If we have a complement that is box dual or 3 above, we still competence be means to use this authority to configure your UEFI foot method – though we would suggest perplexing to do it around a UEFI pattern menu as we usually described.
we can tell we from knowledge that it is unequivocally frustrating to spend a time removing a foot list usually a proceed we wish it with this command, and afterwards reboot a complement and find that zero we did unequivocally had any outcome anyway.
There is one final box that we should mention. When we are installing a Linux placement as a only handling complement on your UEFI-firmware system, in my knowledge it is unequivocally expected to work properly, a initial time, though requiring any additional primer configuration.
So, that’s a brief overview of UEFI and Linux as we understanding with it today. we apologize again for it being so vague, though that is accurately a proceed things are on my computers today.
If we are unequivocally lucky, when we implement Linux a UEFI foot method will usually work as it should, and we won’t have to worry about any of this. If we are not lucky, afterwards a many critical thing when we try to solve a problem is to keep an open mind, demeanour delicately during a UEFI pattern options, and review a Help/Information content found during a right side of many equipment carefully.
Previous and associated coverage
My Lenovo T400 was already aged when we bought it as a refurb 4 years ago. It’s still ticking along easily with a accumulation of Linux distributions. Here are a details.
Linux is ideal for bland tasks like browsing, emailing, print management, financial management, and many more. Here’s an overview.
Read some-more of Jamie’s Mostly Linux Stuff blog
- Roughing it, with Linux
- Hands-on with Raspbian GNU/Linux Stretch for Raspberry Pi
- Dumping Windows and installing Linux Mint, in usually 10 minutes