Options for Installing Linux
You have several options for installing Linux on a PC with Secure Boot:
•Choose a Linux Distribution That Supports Secure Boot: Modern versions of Ubuntu — starting with Ubuntu 12.04.2 LTS and 12.10 — will boot and install normally on most PCs with Secure Boot enabled. This is because Ubuntu’s first-stage EFI boot loader is signed by Microsoft. However, a Ubuntu developer notes that Ubuntu’s boot loader isn’t signed with a key that’s required by Microsoft’s certification process, but simply a key Microsoft says is “recommended.” This means that Ubuntu may not boot on all UEFI PCs. Users may have to disable Secure Boot to to use Ubuntu on some PCs.
•Disable Secure Boot: Secure Boot can be disabled, which will exchange its security benefits for the ability to have your PC boot anything, just as older PCs with the traditional BIOS do. This is also necessary if you want to install an older version of Windows that wasn’t developed with Secure Boot in mind, such as Windows 7.
•Add a Signing Key to the UEFI Firmware: Some Linux distributions may sign their boot loaders with their own key, which you can add to your UEFI firmware. This doesn’t seem to be a common at the moment.
You should check to see which process your Linux distribution of choice recommends. If you need to boot an older Linux distribution that doesn’t provide any information about this, you’ll just need to disable Secure Boot.
You should be able to install current versions of Ubuntu — either the LTS release or the latest release — without any trouble on most new PCs. See the last section for instructions on booting from a removable device.
