installing different OS on surface RT

roxas22

Senior Member
Oct 6, 2014
72
5
0
Hey guys! Today in my mind a BLING sounded, and i thought:
If it's possible to install windows IoT core on surface, instead of disabling the UEFI, we can copy the key in windows IoT core that show the surface windows IoT core is a windows OS
It's possible?
 

XDA-00

Senior Member
Sep 6, 2015
348
49
0
New Delhi
Hey guys! Today in my mind a BLING sounded, and i thought:
If it's possible to install windows IoT core on surface, instead of disabling the UEFI, we can copy the key in windows IoT core that show the surface windows IoT core is a windows OS
It's possible?
I don't care about installing another Windows. I think Ubuntu with microsoft key signed in its 1st stage EFI bootloader(idk much about bootloader) can boot in surface rt even with secure boot enabled!:eek::D

Options for Installing Linux

You have several options for installing Linux on a PC with Secure Boot:

•Choose a Linux Distribution That Supports Secure Boot: Modern versions of Ubuntu — starting with Ubuntu 12.04.2 LTS and 12.10 — will boot and install normally on most PCs with Secure Boot enabled. This is because Ubuntu’s first-stage EFI boot loader is signed by Microsoft. However, a Ubuntu developer notes that Ubuntu’s boot loader isn’t signed with a key that’s required by Microsoft’s certification process, but simply a key Microsoft says is “recommended.” This means that Ubuntu may not boot on all UEFI PCs. Users may have to disable Secure Boot to to use Ubuntu on some PCs.

•Disable Secure Boot: Secure Boot can be disabled, which will exchange its security benefits for the ability to have your PC boot anything, just as older PCs with the traditional BIOS do. This is also necessary if you want to install an older version of Windows that wasn’t developed with Secure Boot in mind, such as Windows 7.

•Add a Signing Key to the UEFI Firmware: Some Linux distributions may sign their boot loaders with their own key, which you can add to your UEFI firmware. This doesn’t seem to be a common at the moment.

You should check to see which process your Linux distribution of choice recommends. If you need to boot an older Linux distribution that doesn’t provide any information about this, you’ll just need to disable Secure Boot.

You should be able to install current versions of Ubuntu — either the LTS release or the latest release — without any trouble on most new PCs. See the last section for instructions on booting from a removable device.
You can try it if you want.
 
  • Like
Reactions: embcmf01

Qiangong2

Senior Member
Oct 31, 2014
1,448
376
103
I don't care about installing another Windows. I think Ubuntu with microsoft key signed in its 1st stage EFI bootloader(idk much about bootloader) can boot in surface rt even with secure boot enabled!:eek::D


You can try it if you want.
If you did a search here, you'd see that Ubuntu does not work as we have a locked bootloader. Think of it like a Verizon galaxy S4 on KitKat, you cannot install cwm or twrp and custom roms until the bootloader is unlocked and open to modding. We have not reached that stage with Windows RT devices yet.

Sent from my Q5 using XDA Free mobile app
 

XDA-00

Senior Member
Sep 6, 2015
348
49
0
New Delhi
If you did a search here, you'd see that Ubuntu does not work as we have a locked bootloader. Think of it like a Verizon galaxy S4 on KitKat, you cannot install cwm or twrp and custom roms until the bootloader is unlocked and open to modding. We have not reached that stage with Windows RT devices yet.

Sent from my Q5 using XDA Free mobile app
Has anyone found the way to unlock bootloader on surface rt? If ubuntu supports only unlocked bootloader then what OS supports locked bootloader.
Will removing the tpm chip(from motherboard) remove bitlocker and secure boot?
 

black_blob

Senior Member
Feb 23, 2015
180
150
0
Paris
Has anyone found the way to unlock bootloader on surface rt? If ubuntu supports only unlocked bootloader then what OS supports locked bootloader.
Will removing the tpm chip(from motherboard) remove bitlocker and secure boot?
about the TPM, it's integrated in the SoC, so no :)
About unlocking the bootloader, yes, but I can't release it.
 

willz06jw

Member
Apr 23, 2014
8
0
0
So why?

about the TPM, it's integrated in the SoC, so no :)
About unlocking the bootloader, yes, but I can't release it.
Great work on the bootloader...but why spend the time to open the bootloader, shoehorn Windows 10 Mobile on there, and then not release the patch so people can do the same? I guess this proves that you can do it, but who cares, right?

Please don't sit in Windows 10 Mobile Versailles, and tell us to eat cake!

Will
 
Last edited:

black_blob

Senior Member
Feb 23, 2015
180
150
0
Paris
Great work on the bootloader...but why spend the time to open the bootloader, shoehorn Windows 10 Mobile on there, and then not release the patch so people can do the same? I guess this proves that you can do it, but who cares, right?

Please don't sit in Windows 10 Mobile Versailles, and tell us to eat cake!

Will
The only thing that I can say is that I legally can't release it without being eaten.
 

diodesign

New member
Jul 14, 2016
2
0
0
San Francisco
MS16-094 aka CVE-2016-3287

So I guess this is what MS16-094 fixes? It's in this month's Patch Tuesday security fixes from Microsoft.

"A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, an attacker could bypass the Secure Boot Integrity Validation for BitLocker and the Device Encryption security features. To exploit the vulnerability, an attacker must either gain administrative privileges or physical access to a target device to install an affected policy. The security update addresses the vulnerability by blacklisting affected policies."
 

black_blob

Senior Member
Feb 23, 2015
180
150
0
Paris
So I guess this is what MS16-094 fixes? It's in this month's Patch Tuesday security fixes from Microsoft.

"A security feature bypass vulnerability exists when Windows Secure Boot improperly applies an affected policy. An attacker who successfully exploited this vulnerability could disable code integrity checks, allowing test-signed executables and drivers to be loaded on a target device. In addition, an attacker could bypass the Secure Boot Integrity Validation for BitLocker and the Device Encryption security features. To exploit the vulnerability, an attacker must either gain administrative privileges or physical access to a target device to install an affected policy. The security update addresses the vulnerability by blacklisting affected policies."
Yes, it's mine.
Note that it has nothing to do with the registry.
 

HansuTuru

New member
Jul 16, 2016
1
0
0
He wouldn't have told us initially if he was under an NDA from Microsoft.

Sent from my Q5 using XDA Free mobile app
People really should just ignore black_bob, he seems to be just a typical internet attention seeker who actually seems to get off on the attention that getting peoples hopes up brings. If I'm wrong I'm sorry but I'm pretty sure black_bob has form for pulling this kind of crap (along with one or two others), I'm sure he is very talented but if he's not going to actually put anything out there then he needs to keep quiet.
 

black_blob

Senior Member
Feb 23, 2015
180
150
0
Paris
People really should just ignore black_bob, he seems to be just a typical internet attention seeker who actually seems to get off on the attention that getting peoples hopes up brings. If I'm wrong I'm sorry but I'm pretty sure black_bob has form for pulling this kind of crap (along with one or two others), I'm sure he is very talented but if he's not going to actually put anything out there then he needs to keep quiet.
Wait for next month's Patch Tuesday first.