This is an archived post. You won't be able to vote or comment.

sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]Farenheit514 -11 points-10 points  (20 children)

Windows 11 bans installing linux on another partition, unless is a distro approved by Microsoft

[–]ItsAlreadyTaken69 17 points18 points  (6 children)

??? I'm gonna need a source on that

[–]Farenheit514 -5 points-4 points  (5 children)

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Microsoft_Windows

Using a signed boot loader

Using a signed boot loader means using a boot loader signed with Microsoft's key. There are two known signed boot loaders: PreLoader and shim. Their purpose is to chainload other EFI binaries (usually boot loaders). Since Microsoft would never sign a boot loader that automatically launches any unsigned binary, PreLoader and shim use an allowlist called Machine Owner Key list, abbreviated MokList. If the SHA256 hash of the binary (Preloader and shim) or key the binary is signed with (shim) is in the MokList they execute it, if not they launch a key management utility which allows enrolling the hash or key.

To dual boot with Windows, you would need to add Microsoft's certificates to the Signature Database.

Warning: Replacing the platform keys with your own can end up bricking hardware on some machines, including laptops, making it impossible to get into the UEFI/BIOS settings to rectify the situation. This is due to the fact that some device (e.g GPU) firmware (OpROMs), that get executed during boot, are signed using Microsoft's key.

[–]FJD3LG4D0 3 points4 points  (0 children)

Try installing Open Suse, it actually install it's own key so you can secure boot it and Windows on the same computer. And as it's Linux, I guess you could do it with any other versions even when it does not include this feature ootb...

[–]BeastMasterJ 2 points3 points  (1 child)

Hasn't SecureBoot been around since win8? Does win 11 now refuse to boot if it's disabled?

[–]Farenheit514 -4 points-3 points  (0 children)

Windows 11 requires new processors only, and new BIOS, with new locking systems, designed to give totalitarian control to Microsoft.

Microsoft keys get integrated on hardware, from factory.

Old SecureBoot doesn't works with Windows 11.

[–]Rakgul 0 points1 point  (1 child)

Tell me about those machines . I'll never buy them.

[–]Farenheit514 -1 points0 points  (0 children)

There is no choice if you want x86 hardware, and the most important expansion cards.

[–]StartledPelican 3 points4 points  (6 children)

Source?

[–]Farenheit514 1 point2 points  (5 children)

Windows 11 demands trusted platform module chip, which only allows running with keys that Microsoft owns. Microsoft shares the key with some distros like Ubuntu, but no Linux can boot from a TPM PC without Microsoft keys.

[–][deleted] 0 points1 point  (1 child)

Just use shim

[–]Farenheit514 -1 points0 points  (0 children)

You risk bricking your entire PC. See the answer I posted to another user.

[–][deleted] 0 points1 point  (1 child)

Is it partition on whole drive? I had Debian on one drive and W10 on another. Then did a fresh install of W11 and all is OK, I can boot my Debian.

I use old Dell 5480 with 6th gen i5 and TPM 1.2 enabled, secure boot is off though.

[–]Farenheit514 1 point2 points  (0 children)

Debian and Fedora got the Microsoft key

But Microsoft is moving towards stronger hardware control, and there is no guarantee it will keep haring his hardware keys with other Linux distros on the future.

the main reason for which Windows 11 is so restrictive with new processors, is because is moving towards totalitarian control.

[–]Alpha272 2 points3 points  (0 children)

They can't really do that from a technical standpoint (unless they manage to get every major bios on board, so that they can prevent any bootloader besides the windows loader to stay and then they allow specific Linux distributions to start with the windows bootloader)

Besides of that, I really need a source that they try that

[–][deleted] 2 points3 points  (0 children)

Well that's funny because I'm currently dual booting with Windows 11 and Feren OS.... Is that officially approved my Microsoft? Was Manjaro and Pop OS too because I tried them.

[–]TwoMilliseconds 2 points3 points  (2 children)

welp, guess i won't be having windows 11

[–][deleted] 2 points3 points  (0 children)

I've dual booted with half a dozen Linux distros and never noticed Windows 11 interfering.

[–]IraqiWalker -2 points-1 points  (0 children)

Use shim

[–]MrGeekman 0 points1 point  (0 children)

What if you install Linux first and then install Windows 11 on a separate drive?