Why is it that W8 still boots with secure boot disabled in BIOS?


I just bought an HP Pavilion 14 ultrabook (or sleekbook), very similar to Dayfinger’s in his excellent dual boot HowTo https://forums.opensuse.org/showthread.php/487837-How-to-Dual-boot-(preinstalled)-Windows-8-and-Linux-UEFI-etc (thanks a lot, Dayfinger!).
The only difference in hardware is the 32GB SSD with what seems to be a fake RAID to make it work part as cache for the HDD and part as something else I didn’t figure out yet.

With secureboot enabled, my USB DVD is not recognized in the boot options, but it is, as a UEFI device, if secureboot is disabled.

Anyway, my doubt is: I understood that with secureboot disabled W8 wouldn’t boot, but after disabling it in BIOS - but keeping UEFI boot mode on - Windows 8 still boots OK. Is that normal?

Also, if I keep secureboot disabled so I can install oS 11.3 64-bit from the DVD, will it be OK?


Yes, that’s normal. There was never a problem with Win8 booting without secure boot. I’m not sure, but maybe it complains. I don’t use Win8 often enough to have noticed any complaint. But then I have secure-boot enabled most of the time.

That would be the hibernate-fast startup cache thing…

Thanks, Nickert. I’m still in doubt about installing oS with it disabled so I can use the DVD. I think I’ll try, anyway.

oS 13.1 DVD is recognized with secureboot enabled. With Partition Magic it wasn’t. At startup, the BIOS reads the DVD, and if there’s no disk inserted the drive won’t appear in the boot options. So I’m presuming the BIOS checks the disk on the DVD and only enable it if the boot record (or whatever) is certified, as I understand openSUSE 13.1 is.

I always use a USB (write the iso to a USB). That’s also recognized as secure-boot.

If I disable secure-boot, and hit F12 while booting, my BIOS gives two lists of boot possibilities. The first list is of UEFI bootable systems, while the second is of MBR bootable systems. The “partition magic” CD would show up only as MBR bootable. I do have a CD with “Acronis True Image” (the 2013) version. It shows up in both UEFI and MBR lists, as does the 13.1 DVD image on USB. However, the Acronis CD does not show up if I enable “secure-boot”, because they did not do the extra magic needed for that.

For a hard driver or USB, in order to be UEFI bootable, there must be an EFI partition containing an efi executable in the right location in that partition. For secure boot, that efi executable must, in addition, be digitally signed with a key known to the BIOS.

I’m not fully sure of what is required for a CD or DVD. My understanding is that the UEFI bootable CD or DVD typically contains two floppy disk images. One of those has the EFI stuff, and the other has the code to boot the operating system, perhaps as called from efi executable on the EFI floppy image.

More or less. EFI bootable CD contains El Torito boot image with special type (it is not floppy emulation) which is basically image of EFI System Partition. Inside this El Torito image you have standard ESP directory layout with \EFI\BOOT\BOOTX64.EFI (or BOOTIA32.EFI) and any other files required by bootloader. This El Torito image is exposed by EFI firmware later as media device (you can e.g. list content of it in EFI shell), but grub2 does not use it and expects all other files to be present on CD in normal iso9660/UDF/whatever filesystem.

You can not install 11.3 in EFI mode. I think that there is a way do a hybrid install ie both MBR and EFI but it looks complicated and may or may not be supported by your version of UEFI.