Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 21

Thread: Linux compatibility and security dangers of UEFI "BIOS" in Asus N550JV

  1. #11
    Senior Member otropogo's Avatar
    Join Date
    Jul 2008
    Posts
    109
    Quote Originally Posted by Werner P. Schulz View Post
    90% ("ninety" at position 1:45 within the video) not 99%.
    Thanks for the correction Werner.

    However, I think his 90% is just as much plucking numbers out of thin air as my "99%". In fact, my critique was letting Klaus off easy.

    If you recall the early days of Knoppix (and of Linux, to a great extent), one of the main goals was to make linux accessible and usable to those with old legacy PCs. I remember complaining to Klaus about this when he first stopped providing a floppy boot option, and again when he no longer allowed the creation of a persistent image except with the USBflash install.

    There are certainly still millions of PCs in use (I have two running here right now, half of my in use PCs) whose BIOS doesn't support booting from USBflash, or from USB at all, for that matter. Knoppix has become seriously crippled on these systems, since neither configurations nor installed applications can be saved when booting from the LiveDV or LiveCD.

    I wouldn't be in the least surprised if just these systems make up 10% of all PCs still in use today. And it is, for the most part, their users who particularly need access to a reliable, trustworthy, and free OS.

    UEFI has been around for a few years now, and it is so arcane that the top technical support person at a nearby Staples outlet (a major Canadian computer retailer) told me categorically that it would be impossible to boot from any external device on the ASUS laptop I had just bought from his company. He was dead wrong, of course, but I had brought the K7.2 LiveDVD, and his top computer savvy sales rep spent 45 minutes trying unsuccessfully to boot from it on an ASUS laptop with the UEFI BIOS (one version later than the one on my laptop).

    I haven't had time to listen to the second half of Klaus's lecture yet, and I hope he addresses this issue adequately. But it's a faint hope...

  2. #12
    Moderator Moderator
    Join Date
    Nov 2010
    Location
    Germany/ Dietzenbach
    Posts
    1,124
    There are certainly still millions of PCs in use (I have two running here right now, half of my in use PCs) whose BIOS doesn't support booting from USBflash, or from USB at all, for that matter. Knoppix has become seriously crippled on these systems, since neither configurations nor installed applications can be saved when booting from the LiveDV or LiveCD.
    In this case you can use the bootonly-CD from Knoppix.

    Your problem with UEFI is a problem with your Hardware and the used BIOS not of Knoppix. You have to find and use the propper settings to start other OS; there are enough descriptions available. If your computer refuse to boot with Knoppix CD or Knoppix USB-stick, Knoppix cannot solve this problem for you.

  3. #13
    Senior Member otropogo's Avatar
    Join Date
    Jul 2008
    Posts
    109
    Quote Originally Posted by Werner P. Schulz View Post
    In this case you can use the bootonly-CD from Knoppix.

    Your problem with UEFI is a problem with your Hardware and the used BIOS not of Knoppix. You have to find and use the propper settings to start other OS; there are enough descriptions available.
    Oh, I see. Knoppix is specifically designed for those PCs that happen to work with it right out of the box. No support needed that way. Very elegant...

    And as for there being "enough descriptions available" to "start other OS" (whatever that's supposed to mean), most of the English instructions about Linux that one can find on the Web are incorrect or incomplete, yet they live on, like the ghost of Christmas past.

    [snip]

    If your computer refuse to boot with Knoppix CD or Knoppix USB-stick, Knoppix cannot solve this problem for you.
    Oh, oh, now my PC is "refusing" to boot! Call the Polizei!

    As I tried to make clear in the previous post, booting from the LiveCD or the LiveDVD doesn't give your a working OS, only a demo system, since you can't save your configuration (as you immediately find out when you try to save your firewall settings) until and unless you've created a USBflash installation. At least, that's how I understand the situation, and Klaus certainly didn't correct me when I first pointed out the issue. His answer was IIRC that usbflash media are cheap and easily accessible.

    I can't think of any GOOD reason for denying users a persistent image file on flash media, hdd, CD-RW or DVD-RW that could be used to hold configuration files and user-installed apps by those who can only boot from optical media. Can you??

    I CAN think of those who benefit by this denial though - the vendors and manufacturers of PCs and flash media.

    As for your comment "Knoppix cannot solve this problem for you" - DUH! - Knoppix is just a Linux distro cooked up by Knopper. Of course it can't solve a problem if the programmer designed it that way. And since it had no such problem for years, it has to be a problem the designer specifically created for his own reasons, without regard to the difficulties created by it for the users.

    Unfortunately, the prevailing sentiment among vocal Linux users is that you can't complain about freeware, even if it stabs you in the back. The user's needlessly wasted time and trouble are, of course, worth nothing.
    Last edited by Werner P. Schulz; 05-18-2014 at 05:56 PM. Reason: Violation of forum rules

  4. #14
    Not sure why one would choose a LiveUSB over a Hard-drive install for running Linux on their own computers(and persistence doesn't seem like a necessity for a rescue environment), but if one can't even get the LiveUSB to boot on their own machines, what chance do they have of getting it to boot on public machines? If uefi is as prevalent on newer machines as implied, this sounds like a compatibility issue that could cripple if not outright destroy several use cases, especially if the problem extends to USB optical drives(required for booting optical media on most netbooks). Is there any easy(as in, can be done from the linux command-line) way of determining whether my machines are infected with uefi? I've never had any boot problems on my vintage 2011 HP desktop(pre-loaded with Win 7, wiped the drive and installed Deian within days of getting it, currently running a heavily stripped down knoppix 7.2) and the only boot isssues my ASUS e1015 DS-03(preloaded with Ubuntu, wiped the drive and installed Knoppix as soon as I got USB optical drives booting) is that you have to hold escape at boot to over-ride booting from hard disk and it doesn't allow enough time for my USB powered optical drive to come online to boot optical from a cold boot(requiring me to ctrl+alt+del for a hot reboot at the menu that gives me the option between booting from hard disc, booting from external(if detected) and entering BIOS), but it would be nice to know just in case uefi gives me problems in the future.

  5. #15

  6. #16
    Senior Member otropogo's Avatar
    Join Date
    Jul 2008
    Posts
    109
    [snip]

    Every one of these discussions confirmed my contention above that Linux advice online is more likely than not to be incorrect and misleading. That is why I expect essential functions such as booting the OS on current hardware to be authoritatively provided by the author or maintainers of the OS, not by user posts in various more or less related forums.

    Take the specific link on the ASUS N550JV - a simple and straightforward example.

    NO! you don't have to go through all of that rigmarole on the ASUS N550JV to access the UEFI, and disable "secure boot".

    All you have to do is to reset the PC while holding down the F2 key, and the UEFI interface will display.


    The boot device must also be suitably configured in order for the UEFI to recognize and list it in the boot priority list (after Windows Boot Manager)

    When these other bootable devices appear, you can then go into the Boot priority menu, and change the priority, which defaults to Windows Boot Manager, to make the external device first on the list.

    Unfortunately, I haven't found the simple instructions apparently needed to reconfigure installation not preconfigured for use with UEFI, or I'd be able to boot Puppy Linux on my Asus. But my guess is that the UEFI needs to find a folder in the device's root directory named EFI.

    On the Knoppix 7.2 install, /EFI/boot/ contains four files - bootx32.efi, bootx64.efi, ldlinex.e32 and ldlinux.e64, totalling 588KB.


    It appears that the UEFI searches attached devices for the EFI/boot/ folder, then runs one of the bootx...efi files, after which the linux loader takes over.



    NB: the actual bootable media (ie. flash card in reader, stick in usb port, DVD or CD) must stay inserted at EVERY bootup to keep their place in the boot priority list.

    This is a major change for previous BIOS fuction. For example, I run XP and Puppy Linux, and occasionally Knoppix, on an older Intel Desktop PC that supports USBflash booting.

    So long as I leave the USB card reader attached, I can boot from Windows on the hdd just by removing the flash card holding Puppy from the card reader.

    To boot with Puppy after using Windows, all I have to do is reinsert the Puppy flash card into the reader, and it will boot. The boot priority order in BIOS doesn't change unless I boot without the card reader attached, in which case, its boot entry is removed automatically. The same is true for the optical drives.

    UEFI doesn't allow this. If I boot without the external storage media (presumably with the essential /EFI/boot/ folder and contents) installed, even though the reader or the player/burner are attached and active, UEFI removes the boot entries. The only way to avoid this every time one boots Windows might be ( I haven't actually tried it) to always leave the priority boot media attached, boot holding down the F2 key, and use the boot override option in the UEFI to boot Windows without changing the boot priority settings. But that seems impractical, and possibly even more work.

    BOTTOM LINE: In order to boot Linux from USBflash or LiveCD/DVD on the ASUS N550JV, you MUST boot holding down the F2 key, change the boot priority settings in the UEFI, then save and exit, EVERY TIME Following Windows use.

    But even this isn't certain. In my experience, the UEFI boot priority setting doesn't save reliably, and half the time, maybe more, on reboot, Windows will come up anyway, and your external boot device will be moved to second place. Since it's a huge time waster (more so in Win8.x than any previous one) to restart from the desktop and reset the UEFI, the only practical way to boot the ASUS externally is as follows:

    1. start the ASUS holding down the F2 key (until the interface appears - a real PIA)

    2. check the priority setting and change, if necessary, to put the device in first place

    3. go to the last drop-down menu, put the cursor on the desired boot media in the boot override portion, and hit ENTER



    DANGER WILL ROBINSON!!!

    I recently upgraded to Windows 8.1, hoping for some improvements. I didn't notice any, but no special problems were noted either.

    Then I allowed MS to install some "essential" security updates.

    After the updates were installed, I couldn't boot from the Knoppix USBflash install.

    When I looked at the UEFI settings, "secure boot" was still disabled, as I had left it.

    BUT all external devices were LOCKED! - something I had never done. After toggling them back to unlocked, I was able to boot with Knoppix again.

    So - there is an essential, and quite dangerous, difference between BIOS and UEFI - clearly, Windows applications can change the user's UEFI settings without the user being consulted or even warned of these changes!


    Last edited by Werner P. Schulz; 05-18-2014 at 06:26 PM. Reason: Violation of forum rules

  7. #17
    Senior Member otropogo's Avatar
    Join Date
    Jul 2008
    Posts
    109
    Quote Originally Posted by Jeffery Mewtamer View Post
    Not sure why one would choose a LiveUSB over a Hard-drive install for running Linux on their own computers(and persistence doesn't seem like a necessity for a rescue environment),
    Maybe if you'd had series of Windows installations damaged by crashing Linux boot managers you'd understand. Ideally, the USBflash installation should be able to load the OS entirely into RAM, allowing the USBflash media to remain locked except when being reconfigured or when new apps are installed.

    IIRC, Knoppix 7.1 claimed to run entirely in RAM if one had 3GB available. But I was never able to do this. This also makes the installation very vulnerable to corruption by power outages, accidental removal, as well as malware attacks.

    With Puppy Linux I can boot from an SD card, choose to load the entire OS into RAM from the card or do it from a file saved to hdd in an NTFS partition. I can save all of my applications to a save file on the hdd, and carry a copy of that file on my SD card too, for backup, if I have the space. That way the user can choose his level of security while retaining easily accessible options for mobility.


    ...but if one can't even get the LiveUSB to boot on their own machines, what chance do they have of getting it to boot on public machines? If uefi is as prevalent on newer machines as implied, this sounds like a compatibility issue that could cripple if not outright destroy several use cases, especially if the problem extends to USB optical drives(required for booting optical media on most netbooks). Is there any easy(as in, can be done from the linux command-line) way of determining whether my machines are infected with uefi? I've never had any boot problems on my vintage 2011 HP desktop(pre-loaded with Win 7, wiped the drive and installed Deian within days of getting it, currently running a heavily stripped down knoppix 7.2) and the only boot isssues my ASUS e1015 DS-03(preloaded with Ubuntu, wiped the drive and installed Knoppix as soon as I got USB optical drives booting) is that you have to hold escape at boot to over-ride booting from hard disk and it doesn't allow enough time for my USB powered optical drive to come online to boot optical from a cold boot(requiring me to ctrl+alt+del for a hot reboot at the menu that gives me the option between booting from hard disc, booting from external(if detected) and entering BIOS), but it would be nice to know just in case uefi gives me problems in the future.
    Why do you say "can't even"? Whether the LiveUSB boots on "your own machine" or another's has nothing to do with ownership. I run several PCs of various vintages. Sometimes I can create a Knoppix USBflash install on one machine and just boot another of my PCs with it without problems. Usually any problems are with the display adaptor or monitor, and these can sometimes be fixed, IF you can see enough of the screen to access the desktop controls. The same is true of Puppy. But sometimes the whole thing just crashes, and no cheatcodes seem to help. It's a lot of work for the user, being in perpetual Beta mode - which is the case for users of most small Linux distros like Knoppix and Puppy.

    Just access the BIOS to see if you have UEFI. It sounds like you've had lots of opportunities to do that, and you'd recognize something is wrong right away, if only from the scarcity of options.

    I'd say you don't have UEFI, from your comments above. If I had know my very expensive ASUS had no real BIOS, and the implications of that, I wouldn't have bought it, and would be a lot happier now (I wish that were all that's wrong with ASUS hardware, software, support, and warranty service - in fact, I wish I'd never heard of this predatory outfit). Unfortunately, the reviews I read were all misleadingly rosy (and still are...) and I couldn't actually get my hands on one, and bought it sight unseen from Staples in Canada (who proved to be just as dishonest and incompetent as ASUS staff).

  8. #18
    Senior Member otropogo's Avatar
    Join Date
    Jul 2008
    Posts
    109
    BTW Werner, I find your rethreading/renaming of this discussion dishonest.

    It's clearly meant to reduce interest in discussion of a complaint that affects just about everyone, and I don't mean just UEFI.[snip]
    Last edited by Werner P. Schulz; 05-18-2014 at 08:52 PM. Reason: Violation of forum rules

  9. #19
    Sounds like I might be immune(or at least, less exposed) to the problems uefi causes on account of the fact that I haven't had reason to dual boot in nearly a decade, but it does sound like a issue that transcends distro and is hopefully one that gets ironed out before I am forced to upgrade to a machine that comes with uefi. Can't say I'm surprised the retailer and manufacturer are completely useless for any use case beyond the pre-loaded copy of Windows(personally, when I have problems I can resolve myself or via the internet, I do to my college's resident Linux enthusiast). Still, with the way Microsoft seems hell bent on preventing people from booting other OSes, I'm glad I was able to kick them to the curve a long time ago. As for splitting the thread, I would say discussion of the uefi problem was getting to in-depth to be appropriate in its original position. Do think the forum could do with some re-organization into fewer sections no more activity than we have though. Edit: If checking what kind of BIOS I had was as simple as entering my Bios, I wouldn't have bothered asking. I can get into my BIOS(or at least what I assume it to be the BIOS), but visual impairment prevents me from doing anything once I get in or reading any of he information displayed there, and no one in my household knows computers well enough to assist me. Oh well, I'm not having any issues related to booting, and since it will likely be several years before I need to buy another machine(barring unforseen hardware failure), hopefully the problems will be resolved by the time I come into possession of affected hardware. .
    Last edited by Jeffery Mewtamer; 05-17-2014 at 10:46 PM. Reason: Forgot something.

  10. #20
    Moderator Moderator
    Join Date
    Nov 2010
    Location
    Germany/ Dietzenbach
    Posts
    1,124
    Oh, I see. Knoppix is specifically designed for those PCs that happen to work with it right out of the box. No support needed that way. Very elegant...
    Did you pay for Knoppix? Did you pay for support? Knoppix is a Live Linux CD, not a commercial Linux where you also can order and buy support.

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Cisco SG95-16 16-Port Gigabit Switch SG95-16-KR picture

Cisco SG95-16 16-Port Gigabit Switch SG95-16-KR

$47.00



Cisco SG110 8 Port Gigabit Ethernet Switch SG110D-08-BR picture

Cisco SG110 8 Port Gigabit Ethernet Switch SG110D-08-BR

$39.00



Cisco MS120-48FP - 52 Ports Fully Managed Ethernet Switch UNCLAIMED picture

Cisco MS120-48FP - 52 Ports Fully Managed Ethernet Switch UNCLAIMED

$449.00



Cisco SG110 5 Port Gigabit Ethernet Switch SG110D-05-AU picture

Cisco SG110 5 Port Gigabit Ethernet Switch SG110D-05-AU

$40.00



Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch picture

Linksys SE3008 8 Ports Rack Mountable Gigabit Ethernet Switch

$18.99



New Linksys SE3005 5-port Gigabit Ethernet Switch picture

New Linksys SE3005 5-port Gigabit Ethernet Switch

$15.99



NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch (GS305) - NEW IN BOX picture

NETGEAR 5-Port Gigabit Ethernet Unmanaged Switch (GS305) - NEW IN BOX

$18.99



Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping picture

Cisco WS-C3750X-48T-S 48 Port 3750X Gigabit Switch - Same Day Shipping

$49.99



*NETGEAR PROSAFE (JGS524V2) 24-Port Gigabit Ethernet Switch *NO AC* picture

*NETGEAR PROSAFE (JGS524V2) 24-Port Gigabit Ethernet Switch *NO AC*

$29.99



Fortinet FortiSwitch FS-124D-POE 24 Port Gigabit Ethernet Switch UNREGISTERED picture

Fortinet FortiSwitch FS-124D-POE 24 Port Gigabit Ethernet Switch UNREGISTERED

$89.97