I have only just come across this excellent posting after having being driven mad by trying to get precise to boot after a grub update on the 20th March damaged my UEFI partition. I tried numerous ways to get my system back and it was only after the precise CD for the 22nd March that I was successful. During that process after deleting all partitions before my sacred /home directory did I get a message that I needed to creat a UEFI partition. This was not successful and I kept finding that the partition was formated as ext2! I also found that the option to creat a UEFI partition never occurred as an option after that one occasion.

After much trial and error, I ended up getting my system working by defining a /dos partition as the first partition and formated it with FAT-16. To my surprise, this partition is completely empty.

The problems that I experienced have made me cautious and I will try a complete re-installation a day or two before the beta 2 release to see if this problem has been fixed by Canonical. I think that they have made some progress based on what I was able to achieve with the 22nd March build.

So, if you have a desktop PC (towers or iMac-style all-in-ones), you realy wouldn't need it, since it's you with the physical access and may want to replace or upgrade the OS whenever you want.

Live reporting here: http://www.kubuntuforums.net/showthr...g-build-tablet

If you don't shut it off, the "security" it provides is a way to root the boot process into the hardware. In effect, it prevents someone from maliciously replacing your operating system.

If you shut it off, which requires physical access to the computer, then yeah, the "security" is gone.

----

Guess what? Gparted Live is now booted on my Samsung 700T //build tablet! Woo frickin' hoo! I'm examining the partitioning layout right now. I'd perfer to preserve the Windows 8 on this thing and install Ubuntu alongside it. But if I can't do that, then Windows is gonna go bye-bye.

Which means that Secure Boot may not have been designed with real security in mind, as GG and others have alluded to

If it's an x86 or x86_64 architecture computer, then the OEM has the option of presenting a mechanism by which you can switch off secure boot. If that's available to you, then when you disable it, you'll be able to do anything you want. You can even leave it switched off, and Windows 8 will still boot, along with any other UEFI-aware operating system that you choose to install. You can switch the UEFI into BIOS compatibility mode -- but then you might have to alter certain elements of the installed operating systems.

However, if the OEM has disabled the ability to switch off secure boot, then you're pretty much hosed. You'll need a signed boot loader for whatever rescue thing you try to use.

If you remove the hard drive from a secure-boot enabled machine and attach the drive to another machine, you can access the drive's contents freely (unless it was encrypted with BitLocker, of course). But you can't boot that copy of Windows on another machine. You first have to switch off secure boot on the original PC and reboot Windows to remove its secure UEFI settings before you move the drive to another computer.

In sum, UEFI can actually make PC maintenance easier. It's the secure-boot function that will cause no end of grief. As someone who's spent most of his career studying threats and vulnerabilities and implementing compensating controls and designing secure architectures, I can say with a certain degree of confidence that UEFI secure-boot is one of the dumbest controls I've ever seen.

noone will be able to help them, and the point is not to fix laptops, but buy new ones.

That, IMO, is the whole point of UEFI.

In a nutshell from my viewpoint as a person who makes a few dollars repairing computers an no money promoting Linux. If I get a client with a Win 8 computer, and Secure-boot enabled and locked, I am not going to be able to help them. So who can? Will I still be able to remove a hard drive and mount it in my computer and run malware checks and removal on that drive? I won't be able to boot it from a live CD or USB, so no more conversions to Linux. My only option would be to tell the customer that I have to replace the motherboard to repair their computer. Would I then be able to reinstall Win 8 assuming the customer has a Win 8 disk? Repairing laptops or mobile devices will be out of the scope of my abilities.

More important, did you remember her number?

Always feels kind of weird to promote my own stuff, don't want to be mistakenly viewed as abusing my admin rights. But OK, I'll promote this one.

That's not the only previous past-time I've allowed to languish; it's been about a decade since I allowed myself to forget where I was for a weekend

That's why I think you should promote your OP to an Article, or at least pin it.

Face it, you're getting too old to do levitation tricks with a mountain bike!

Cool, I'm glad people have found this info useful.

Despite raising two teenagers, playing in three symphonic bands, and occasionally traveling for my job, I manage to find the time somewhere to dig into this stuff. Alas, some things I used to enjoy don't get the same attention now...

Thanks Steve for the post. If I had a UEFI deviced I think I'd like to do the same. Alas I don't and time doesn't permit so I appreciate this post.

Still shows up empty. Apparently the whole thing is crammed into the El Torito boot portion of the ISO, which requires something that's aware of El Torito in order to extract the image. That Perl script is actually part of Debian's genisoimage utility.