Secure Boot for Linux?

0

Is the "esp boot partition" as secure as an ext2 partition. If the secure boot feature is not enabled.

My current research reveals contradictory opinions among the leading OSes, with choice being limited to Ubuntu, CentOS, Fedora and openSUSE, that will achieve a UEFI/Secure Boot.

Original Question below

Secure Boot for Linux, is it relevant

How subjective is the secure boot feature for a Linux install?

The reason I'm querying this, I'm collecting my new computer soon, and considering a UEFI install with Secure Boot, because the esp boot partition is formatted to fat 32.

This is a twin SSD, i7 rig, could I encounter difficulty booting the second SSD, if the OS on the first SSD utilised the secure boot feature?

I'm nonplussed as my current research reveals contradictory opinions among the leading OSes, with choice, limited to Ubuntu 14.04, CentOS 7, Fedora 22 and openSUSE 13.2, to achieve UEFI/secure boot install.

Cheers :)<

Tony

Posted 2015-06-18T17:16:11.813

Reputation: 23

Answers

2

At this stage, this is still a debated matter, and there is much risk of landing into the dreaded primarily based on opinion territory.

Most likely, the safest approach is to quote directly the Linux foundation:

"Secure boot" is a technology described by recent revisions of the UEFI specification; it offers the prospect of a hardware-verified, malware-free operating system bootstrap process that can improve the security of many system deployments. Linux and other open operating systems will be able to take advantage of secure boot if it is implemented properly in the hardware. This document is intended to describe how the UEFI secure boot specification can be implemented to interoperate well with open systems and to avoid adversely affecting the rights of the owners of those systems while providing compliance with proprietary software vendors' requirements.

They also provide a more amply reasoned document in pdf.format.

As for the exact versions of the OSes to mount, I am sure I installed Ubuntu 15.04 in UEFI/SecureBoot mode, so there appear to be more possibilities than you mention. But then again, to me the advantage of using OpenBSD/Arch Linux/Debian/Kubuntu (my favorite distros) far outweigh the advantages of Secure Boot (but here once again we are in primarily opinion-based territory).

MariusMatutiae

Posted 2015-06-18T17:16:11.813

Reputation: 41 321

Cheers for the pdf link, Marius. 15.04 or 14.04 both Ubuntu, lol...! Maybe I should had asked is the "esp boot partition" as secure as an ext2 partition. If secure boot is not implemented. – Tony – 2015-06-18T17:45:01.317

@Tony - Update your question. Of course try and not invalidate Marius's answer in doing so. As of right now all Windows OEM machines are required to provide an option to allow you to disable Secure Boot. After April 29 2015 Microsoft got rid of the requirement. OEM motherboards ( Gigabyte, ASUS, ect. ) will still offer the capability though. Secure Boot is a non-issue in my eyes, Windows 10 does not require it, you are looking at the next 3-4 years before any possible hardware change with regards to Windows ( which lets be honest ) drives all hardware changes. – Ramhound – 2015-06-18T18:09:36.473

@ Ramhound, thanks for your input. I have edited my question, keeping Marius's answer as a valid original response. Hardware duly noted. In my case, do I continue using Legacy Mode on a new machine, where I now have the option to properly utilise the UEFI/Secure Boot features. Cheers :) – Tony – 2015-06-18T20:09:40.287

Asked: 2015-06-18T17:16:11.813

Viewed: 456 times

Active: 2015-06-18T20:11:25.297