UEFI On Linux Is Like A Pathogen

[Qaridarium]

It is completely outdated to use boot partitions.

why? i know many computer systems with ugly bugs if you don't use boot partitions my old opteron system for example 128gb limit or my system right now if you use a bigger hard-drive than 2gb

i "feel" no negativ side effect using a boot partition.

outdated means: runs bugfree on all hardware `? LOL

grub2 has got even raid support. If you use a partition for /home it would be more logical. But your 8/128 gb bios bugs should not happen with efi (even in the high tb range).

you don't need efi at all if you use a boot pardition even if your bios only support only 8gb for /boot.

First of all it does not only solve the 2tb boot problem. When you start the efi shell (some boards have it included, most can run it from usb) you have got a dos like interface including text/hexeditor.

LOL! do you mean MICROSOFT DOS ?

what a pain in the ass

You can start efi apps just like running dos executeables (identified by .efi extension), just you use fs0: or fs1: and so on instead of a: or b:. It is just like a mini os and has got scripting features.

Features you don't want and you don't need are not "Features"

You can try that with vbox in efi mode as well when you don't have got a new board. Basically all 2012 launched boards should have got full efi support. Before some vendors like gigabyte really ductaped an uefi addon onto an old bios - but even there beginning with the intel 7 series the boards should be using native uefi.

LOL what GOOD news... i can't wait to bridge my system a friend of my just lose his notebook by "uefi" bugs.

I do not own amd boards, but most likely there is uefi as well. It seems you have got wet dreams of good old bios systems, but the remaining ones without uefi support are just legacy hardware today.

sure but my system works well without UEFI crap!

AND! all amd chipssets support coreboot! this means you can just rip out this crap!

Also you are NOT forced to use uefi mode, basically every board has got a bios emulation layer on top. This is called CSM or Compatibility Support Module and allows you to boot from your old hds/dvds. The problem is however if you use that mode you don't have got access to uefi features.

LOL there is no usefull UEFI feature.

You can for example add a boot entry called "Qaridarium OS" which you could select as boot choice. I did not try the Linux 3.3 feature yet to add an efi stub to the kernel, but most likely you could boot without grub as well (your kernel should not need an initrd of course). There are lots of things you can try with it, so just do it instead of praising some legacy system that was invented 1981...

not useful they only do it to kill anti-patent GPL-v3 software like GRUB

only stupid people think this is not a part of the WAR against open and FREE software.

its the apple way of thinking opensource is only good if you can rape it and sue it with patents.

all other "strong" Free systems must be punished and because of this they build UEFI!

[Kano]

I never heard about breaking desktop systems with efi. There you can use cmos clear if needed - thats usually a bit complicated with mobile systems but most likely not impossible. Btw. i found a video with direct linux 3.3 boot:

http://www.youtube.com/watch?v=Mi_XZocjoIA

I definitely will try that as you dont need the time to load grub. Best get rid of your old amd hardware - an opteron system with 128 gb bug must be a real joke.

Btw. coreboot pure does nothing useful, you always need a payload. The payload could be a linux kernel of course but would be a bit stupid to flash it all the time for every bios update. Other payloads could be grub2, seabios and others:

http://www.coreboot.org/Payloads

But i doubt that you can use coreboot on YOUR funny amd systems. It seems to be more likely that you can use it with snb/ivb systems. If your chipset is really supported then flash it! But get replacement chips before. Btw. it was not fully correct that i do not own amd hardware at all, i have got an old Athlon XP system with sis chipset. Coreboot does not support this chipset, but Flashrom does, pretty useful as testbed for hotswap bios flash and bios mods. For Asrock K7S41GX i made several mods like:

* iPXE instead of Intel PXE - which is even so bad that a chainload to iPXE fails...
* Plop instead of Intel PXE - the board itself only supports superfloppy format to boot from usb, but i prefer usb hd/key
* Via Raid Option ROM added - you can combine that with Plop as there was enough free space after removing the VGA rom - needed to boot from sata harddisks from a controller WITHOUT flash chip

But most likely you never did a hotflash, replaced a flash chip, used flashrom and coreboot you only know the name but did absolutely nothing with it. You can play with coreboot using kvm/qemu as well - you dont have to buy hardware. For beginners: you can flash of course iPXE or Plop onto nics as well, tried that with a 3c905 pci card with flash chip (about 4€ used). In order to activate it disable onboard lan, but enable lan boot...

[AdamW]

The only linux distro I were able painlessly install on UEFI is Fedora 16. Ubuntu and Arch just plainly failed to install correct boot loader.
Win 7 64 installed flawlessly, which were pretty much surprising given that it have been out for 2 years already (at the date of installation).
Most Linux distros ignored possibility of UEFI install though.

Frankly, I wouldn't guarantee a trouble-free UEFI install with any distro, including Fedora. We more or less work on quite a lot of UEFI implementations. With a following wind, and a favourable moon. It's just too new, too complex and too fragile (see Matt's slides...) for things to be otherwise.

grub2 is *terrible* at UEFI, which is a bit of a problem. Fedora still uses grub for UEFI installs.

Macs tend to have quite incredibly poor UEFI implementations; they're significantly more difficult to get working than most PC UEFI implementations.

[Kano]

So you think that uefi with grub 2 is so bad? acritox managed to create even grub2 hybrid images which boot on standard pc and have got a special mac partition as well. Look there:

http://kanotix.acritox.com

Just do never try to name the partition used for efi as EFI, that will fail...

[AdamW]

Yes. Yes it is. I'm not sure why you think that's anything particularly revolutionary, Fedora can build live images with the same capabilities.

[Kano]

Well they add one extra feature: you can enable persitent mode on a hybrid live image. That trick requires some patching of libparted however because it does not really like to parse that kind of mac partition table first.

[ack006]

(Just to light up an old thread and throw some kerosene on the fire...)

Any tool can be used and changed for good or evil, it depends entirely on the user.

"First they came for the BIOS,
and I didn't speak out, because I can still boot my OS.[1]
Then they came with Secure boot,
and I didn't speak out, because I don't use unsigned device drivers.[2]
Then they came with Secure boot Next Generation,
and I didn't speak out, because I don't use pirated or 'alternative' OSes.[3]
Then they came for me,
and there wasn't anyone left to speak out for me.[4]"

[1]: Yeah, Linux can boot fine from UEFI, so let's lean back and relax.
[2]: Well, Fedora has a signing key, so if you really wanna Linux, just use 'The Hat', then. Anyway, I can still disable Secure boot, so why should I care?
[3]: Who would want to run Linux, anyway? Windows rulezz!
[4]: Ow Sh*t, now my friends can't voice their dissent on the intarwebs, 'cause that's all being automatically muffled and/or reported to Big Brother by the Gov't-mandated FSG (Free Speech Gagging) monitoring and filtering tools mandatorily installed on their computers. Damn!

/sarcasm off

[Kano]

Do you have got a system with uefi support? I have got 2 now and i really like it, you can get rid of grub, now i even know that you can boot with an initrd - you can specify that via efibootmgr like this:

Code:

efibootmgr -c -d /dev/md126 -p 1 -l '\EFI\KANOTIX\linux.efi' -L 'Kanotix 64 GFX' -u 'initrd=EFI\KANOTIX\initrd.img root=/dev/md126p4 rw gfx=on quiet splash'

As you see this example is not just using a single drive but an intel raid (raid 0 with 2x200 gb for testing) via mdadm and it works. With kernel 3.5 there is a problem that you can not use rdev anymore to force the root partition. So the minimal entry without initrd (you can not use uuid without) is now like this:

Code:

efibootmgr -c -d /dev/sda -p 3 -l '\EFI\KANOTIX\linux.efi' -L 'Kanotix 64 Pure' -u 'root=/dev/sda2'

Of course you can use grub 2 too, but i experienced problems with grub 1.99, which is still in debian. It was not possible to install grub 1.99 onto my raid0. Then i compiled grub2 bzr (will be grub 2.00 later) and it worked, but basically you dont need grub at all. You can directly copy a kernel with efi stub support and if needed an initrd to a primary fat partition (if you use mbr) or just any fat partition (if you use gpt) and use efibootmgr to add a menu entry for the integrated boot selection menu in the uefi setup. This is a very tricky way to get dual boot when you have got a win 7/8 uefi install onto the same hd. You can of course reuse the efi partition which is already there, but it is pretty small if win 7 was installed. I had size problems when i compiled a custom kernel until i disabled debugging, the partition is only 100 mb in that case.

Of course using uefi to boot does not enhance security - you can not change boot options until you change the boot manager entry but you can often run the efishell even from external usb storage devices - for debugging i would even add it to the efi partition. The fat partition is certainly unprotected as it can not be encrypted. Basically even if it would be possible to use secure booting for Linux i do not think it will enhance security at all. Not even for win (until you use encryption maybe) - when you think about it it will be clear. You can at least boot official ms boot media with win8, but that allows you to use a console (shift-f10). A console is enough to manipulate files on the hd and therefore you could change whatever you like or just copy what you want without removing the hd from the system (and without any valid login). I dont think that it matters if the live media used is Linux or win based...

[hoohoo]

Do you have got a system with uefi support? I have got 2 now and i really like it, you can get rid of grub, now i even know that you can boot with an initrd - you can specify that via efibootmgr like this:

Code:

efibootmgr -c -d /dev/md126 -p 1 -l '\EFI\KANOTIX\linux.efi' -L 'Kanotix 64 GFX' -u 'initrd=EFI\KANOTIX\initrd.img root=/dev/md126p4 rw gfx=on quiet splash'

As you see this example is not just using a single drive but an intel raid (raid 0 with 2x200 gb for testing) via mdadm and it works. With kernel 3.5 there is a problem that you can not use rdev anymore to force the root partition. So the minimal entry without initrd (you can not use uuid without) is now like this:

Code:

efibootmgr -c -d /dev/sda -p 3 -l '\EFI\KANOTIX\linux.efi' -L 'Kanotix 64 Pure' -u 'root=/dev/sda2'

Of course you can use grub 2 too, but i experienced problems with grub 1.99, which is still in debian. It was not possible to install grub 1.99 onto my raid0. Then i compiled grub2 bzr (will be grub 2.00 later) and it worked, but basically you dont need grub at all. You can directly copy a kernel with efi stub support and if needed an initrd to a primary fat partition (if you use mbr) or just any fat partition (if you use gpt) and use efibootmgr to add a menu entry for the integrated boot selection menu in the uefi setup. This is a very tricky way to get dual boot when you have got a win 7/8 uefi install onto the same hd. You can of course reuse the efi partition which is already there, but it is pretty small if win 7 was installed. I had size problems when i compiled a custom kernel until i disabled debugging, the partition is only 100 mb in that case.

Of course using uefi to boot does not enhance security - you can not change boot options until you change the boot manager entry but you can often run the efishell even from external usb storage devices - for debugging i would even add it to the efi partition. The fat partition is certainly unprotected as it can not be encrypted. Basically even if it would be possible to use secure booting for Linux i do not think it will enhance security at all. Not even for win (until you use encryption maybe) - when you think about it it will be clear. You can at least boot official ms boot media with win8, but that allows you to use a console (shift-f10). A console is enough to manipulate files on the hd and therefore you could change whatever you like or just copy what you want without removing the hd from the system (and without any valid login). I dont think that it matters if the live media used is Linux or win based...

Wow, cool! I've learned some stuff about EFI, not this much though. So thanks very much!

I think part of the frustration some people have with EFI stems from stupid design of the control of EFI vs legacy BIOS in some mainboards.

Example: I have an ASUS miniITX socket 1155 board with UEFI and a legacy BIOS mode, and I have an ASUS uATX socket 2011 board with UEFI and a legacy BIOS mode.

On the miniITX board if I set the boot to be a UEFI device then the board retains that setting - when I was learning about dual booting Lin+Win using UEFI on that board I made lots of mistakes and got lots of bad installs and boot fails but the board stayed in UEFI mode.

With the socket 2011 board if set to BIOS boot, and boot fails then it flips to UEFI mode. *Silently flips to UEFI mode!* Under some circumstances if a UEFI boot fails it flips to BIOS mode, under other circumstances it does not flip. So each successive OS installer would think the disk had a GPT table but was BIOS booted, or the opposite, or had a GPT table with missing fake-FAT table, or might be perfectly happy! Further, the way to tell it to operate in BIOS mode is very very obscure: the manual does not call it "Legacy BIOS mode", but some euphemism, and in the firmware screens the legacy BIOS mode is named using a different euphemism. It's firmware behaves as if it contains a random-number based BIOS to/from UEFI mode flipper. Ultimately I figured out how to BIOS boot the thing and I use GRUB on the MBR. Life is great.

The socket 2011 board is a high end board, expensive, and I know a thing or two about dual booting on UEFI, but it was unworkable in UEFI mode.

I've only used two UEFI boards so far. If there are only 10 percent of boards that act like my second, schizophrenic, board - well that's enough to give UEFI a bad name through the grapevine.

[Kano]

Maybe you think too complicated. If you only want to boot in bios mode without a raid setup you could even force grub installed in the protective mbr (of a gpt disk). That's not the nice way and requires an override switch but it would work. Then a disk was used in gpt mode and you want to use mbr mode you should know that some tools still detect gpt as it is stored twice, at the beginning and the end of the disk and give out a warning. if you use an ssd the fastest way is to use secure erase to destroy all data. I only installed kanotix and no other distribution but as grub 1.99 has got serious issues in my testcase (ok raid is not that simple) i just added the bootcode manually later. Best: do NOT rely on os installers. I guess i know your mistake. You partitioned your disk in gpt mode and booted your os (which might have got efi support) in mbr mode. That leads to the use of grub in bios mode, but as i wrote first that would require a force mode to install and that usually fails. Basically it is simple to boot a boot media in efi mode, you use quick boot selection and select the one with UEFI: prefix. kanotix has got no automatic grub-efi installer support, therefore i prefer the manual way