Home » Tips & Tricks » How to Boot and Install Linux on a UEFI PC With Secure Boot

How to Boot and Install Linux on a UEFI PC With Secure Boot



New Home windows PCs include UEFI firmware and Stable Boot enabled. Steady Boot prevents working techniques from booting until they’re signed via a key loaded into UEFI – out of the field, best Microsoft-signed software can boot.

Microsoft mandates that PC carriers permit customers to disable Steady Boot, so that you may disable Stable Boot or add your personal customized key to get round this hassle. Steady Boot can’t be disabled on ARM devices working Home windows RT.

How Steady Boot Works

PCs that include Home windows eight and Home windows eight.1 embrace UEFI firmware as an alternative of the normal BIOS. By means of default, the desktop’s UEFI firmware will handiest boot boot loaders signed via a key embedded within the UEFI firmware. This selection is often called “Steady Boot” or “Relied on Boot.” On conventional PCs with out this safety function, a rootkit may set up itself and turn out to be the boot loader. The pc’s BIOS would then load the rootkit at boot time, which might boot and cargo Home windows, hiding itself from the working gadget and embedding itself at a deep degree.

Stable Boot blocks this — the pc will handiest boot relied on software, so malicious boot loaders gained’t be capable of infect the machine.

On an Intel x86 PC (no longer ARM PCs), you’ve gotten regulate over Stable Boot. That you can select to disable it and even add your personal signing key. Businesses might use their very own keys to make sure best licensed Linux working programs might boot, for instance.


Choices for Putting in Linux

You have got a number of choices for putting in Linux on a PC with Steady Boot:

  • Select a Linux Distribution That Helps Stable Boot: Brand new variations of Ubuntu — beginning with Ubuntu 12.04.2 LTS and 12.10 — will boot and set up typically on most PCs with Stable Boot enabled. It is because Ubuntu’s first-stage EFI boot loader is signed through Microsoft. On the other hand, a Ubuntu developer notes that Ubuntu’s boot loader isn’t signed with a key that’s required by Microsoft’s certification process, but simply a key Microsoft says is “recommended.” This means that Ubuntu may not boot on all UEFI PCs. Users may have to disable Secure Boot to to use Ubuntu on some PCs.
  • Disable Secure Boot: Secure Boot can be disabled, which will exchange its security benefits for the ability to have your PC boot anything, just as older PCs with the traditional BIOS do. This is also necessary if you want to install an older version of Windows that wasn’t developed with Secure Boot in mind, such as Windows 7.
  • Add a Signing Key to the UEFI Firmware: Some Linux distributions may sign their boot loaders with their own key, which you can add to your UEFI firmware. This doesn’t seem to be a common at the moment.

You should check to see which process your Linux distribution of choice recommends. If you need to boot an older Linux distribution that doesn’t provide any information about this, you’ll just need to disable Secure Boot.

You should be able to install current versions of Ubuntu — either the LTS release or the latest release — without any trouble on most new PCs. See the last section for instructions on booting from a removable device.

How to Disable Secure Boot

You can control Secure Boot from your UEFI Firmware Settings screen. To access this screen, you’ll need to access the boot options menu in Windows 8. To do this, open the Settings charm — press Windows Key + I to open it — click the Power button, then press and hold the Shift key as you click Restart.


Your computer will restart into the advanced boot options screen. Select the Troubleshoot option, select Advanced options, and then select UEFI Settings. (You may not see the UEFI Settings option on a few Windows 8 PCs, even if they come with UEFI — consult your manufacturer’s documentation for information on getting to its UEFI settings screen in this case.)


You’ll be taken to the UEFI Settings screen, where you can choose to disable Secure Boot or add your own key.


Boot From Removable Media

You can boot from removable media by accessing the boot options menu in the same way — hold Shift while you click the Restart option. Insert your boot device of choice, select Use a device, and select the device you want to boot from.

After booting from the removable device, you can install Linux as you normally would or just use the live environment from the removable device without installing it.


Bear in mind that Secure Boot is a useful security feature. You should leave it enabled unless you need to run operating systems that won’t boot with Secure Boot enabled.


Incoming search terms:

  • linux on nokia 2520
  • lumia2520 linux
, , ,