I want to understand why, was invented UEFI Secure Boot and how it affects the use of my beloved Linux Mint.
The Unified Extensible Firmware Interface (UEFI, pronounced as an initialism U-E-F-I or like “unify” without the n[a]) is a specification that defines a software interface between an operating system and platform firmware. UEFI is meant to replace the Basic Input/Output System (BIOS) firmware interface, originally present in all IBM PC-compatible personal computers. In practice, most UEFI firmware images provide legacy support for BIOS services. UEFI can support remote diagnostics and repair of computers, even without another operating system.
Almost all people have got new motherboards and now people are owners of motherboards UEFI. Accordingly, Secure Boot is supported. The question on security: do I need to use UEFI Secure Boot or not?
While the BIOS is essentially extremely hard and virtually unchanged in content code special firmware BIOS-chip, UEFI system is rather flexible, programmable interface. And this is the interface over all hardware components of the computer to their own devices, the microcode. Unlike BIOS boot code, which is always hard-coded in the corresponding chip on the motherboard, much more extensive in size codes UEFI are in a special directory /EFI/, the place of physical location which can be quite varied — from memory chips on the motherboard, or a partition on the hard disk of the computer and to external network storage.
As a result of this flexibility, the system UEFI becomes something much smaller, but quite independent of the operating system. That is, in fact, in the computer first loads the UEFI, under her management is essentially an arbitrary set of desired actions, and then starts loading the actual operating system.
Linux definitely supports UEFI, but it is rather superficial acquaintance than an effective partnership. Mac OS X has advanced somewhat further, and partly uses UEFI with boot Manager Bootcamp. In the line Microsoft support UEFI was introduced in Windows 8, this operating system became the first of the “main” OS, where intensively involved the benefits of UEFI, including restore, update, secure boot and quite possibly something else.
Meanwhile about any unfair competition speech would come out. Official Microsoft already quite reasonably parried the attacks of those Linux users that on their part it is solely about improving security in the work Windows. And they in no way trying to influence the way in which manufacturers of hardware to dispose of their cryptographic keys. Microsoft does not preclude the issuance of keys for other operating systems.
In the world of desktop systems, where now nearly no OEM does not sell computers with Linux preinstalled, it is not clear what incentives can be the manufacturers for distribution of their cryptographic keys these various Linux distributions. The only thing we can predict for sure — Microsoft solution to this problem will not be engaged exactly.
Now try to answer the question in the title.
My opinion: No, do not use UEFI Secure Boot. Obviously. When they created this UEFI, we were informed that it was solely for the sake of our security, they say, malware a thing of the past. Let’s look at the results: if in Windows less viruses? No, they became more. Maybe Kaspersky Lab sits without work and are about to go bankrupt? No, with Kaspersky all right. Consequently, UEFI does not care about our safety.
What then? Here’s what: Microsoft will make it harder to install Linux on a new PC with Windows 10. Actually, just for that UEFI was created.
You can now rephrase my question so: whether to use the feature, created solely to deceive the buyer and unfair competition? Probably better not. At least until then, until it will include force, with no option to disable. And this, apparently, is heading.