http://www.zdnet.com/uks-security-branc ... 000025312/
Thanks!

mimosa wrote:One issue that the article touches on that is a real issue is (U)EFI boot, but it doesn't explain it well. New computers are starting to come with it, and it is designed to make you use windows. Linux distributions have to jump throgh hoops to get round it, which at this early stage might mean basically turning it off. I don't undertand the ins and outs of it, but I suppose you could argue that in that case, you are less secure (in that respect) than someone using WIndows 8 on that machine. But you will still be *less* secure on Windows for all the other reasons. Apart from to ensure Microsoft continued market dominance, if UEFI has an honest purpose, it is to make *Windows* more secure. But I bet it still won't be anywhere near as secure as an untweaked Linux running without UEFI.
You win the bet. Win 8 works fine with or without Secure Boot turned on.mimosa wrote:This may be completely wrong and is a separate point, but I remember reading that Windows 8 won't work if you turn off secure boot. If that is so, it forces new recruits to Linux to abandon Windows before becoming familiar with the alternative (and presumably, even before trying a Live CD). So virtualisation would have to fill that role.
I bet it isn't true though.
Yes, it will be harder; they will have to go into the system UEFI firmware menu and turn off Secure Boot. Getting into the UEFI setting is like getting in the BIOS menu; you just press the appropriate key during the initial boot up just after hitting the power button. Of course with so many different implementations of UEFI there many different ways to get into the setting menu. On my Dell laptop, I have to press the F10, on my Asus laptop it is F2 and on my MSI motherboard F11.mimosa wrote:I have never laid hands on actual UEFI hardware, but my impression remains that the typical Windows user who is thinking of trying Linux will find it harder and scarier with UEFI (and secure boot) than it was with BIOS.
Did you add a boot menu entry pointing to the the refind bootloader (refind_x86.efi) in the refind directory on the existing HDD ESP partition?mimosa wrote:I just got a new machine and put my existing HDD in it, which was booting Salix using EFI/rEFInd. It didn't boot!
If this is true then your firmware is not UEFI specification compliant.mimosa wrote:A little investigation with the BIOS showed that apparently, it's not possible to boot using EFI unless you have secure boot turned on. But this won't boot Salix because the OS isn't signed.