On trying to install Qubes, this windows popped up.
I didn’t get such a screen installing Ubuntu.
My computer: Asus ProArt x870E, MMD 9900X.
Secure boot is on.
Win 10, Win 11, Ubuntu.
What do you think?
I didn’t get such a screen installing Ubuntu.
My computer: Asus ProArt x870E, MMD 9900X.
Secure boot is on.
Win 10, Win 11, Ubuntu.
What do you think?
I have not experimented installing Qubes with Secure Boot turned on, with UEFI. When I see a message like this. I would turn off Secure Boot, enable Legacy boot. I think there maybe an option to install with UEFI, just not me.
I guess a second issue: Qubes prefers to be alone on the computer. For Security reasons.
Muliple Operating Systems on the same computer, with one being Qubes only worked for me using two different drives. But some computers rebel against using two drives with Qubes being one. Yeah, probably a way around it.
Does your computer has more than one drive?
Do you already have three Operating Systems already installed?
Some folks have had problems creating the Qubes Install Medium and their Qubes USB did not give an expected message. Perhaps, If you think that might be, please: describe exactly how you checked the Qubes ISO after downloading. , and how you created Qubes USB install Medium.
1 Like
If I’m not mistaken, it’s because Ubuntu has secureboot key recognized, but QubesOS doesn’t.
I tend to rely on other mechanism than secureboot, but I think the documentation would have more information on this topic.
You are correct.
The Documentation is being re-written right now, by a very competent person.
I did not look at documentation before I posted, but I have installed Qubes on several different model computers, and I have experienced success using Legacy mode.
I think Ubuntu has a key to boot with UEFI,
I think Secure Boot, UEFI mode with Qubes can be modified - gets involved with doing things to help verify that the main computer drive has not been tampered with, TPM.
The considered Ultimate for verifying the drive has not been tampered with is found on computers which are “Qubes Certified Computer” where the ROM has been modified to use Heads, and NitroKey as part of the start process.
I apologize if I am mentioning things you already know. You may be far more technically competent than myself.
1 Like
Thanks to all!
I plan to install Qubes on a new disk I own yet.
The computer has also a RAID 1 array with Win 10, Win 11 and two copies of Ubuntu 24.10.
@Qubeslinux, your UEFI bootloader is doing exactly what it was designed to do.
Qubes OS was not enrolled in your Secure Boot whitelist.
You have a choice. Either enroll Qubes OS’s grubx64.efi manually (it can be done, it just requires a lot of technical know-how), or disable secure boot.
1 Like
Alzer89, How much security does he lose by changing to Secure Boot?
This is debatable, Secure boot support · Issue #4371 · QubesOS/qubes-issues · GitHub.
Unfortunately, my computer isn’t in the list “Qubes certified computer”
Neither are any of mine, and for all intents and purposes, they work great.
Legacy Boot is “The BIOS knows which drive, but whatever is located in the Master Boot Record on the first 512 bytes of that drive, the BIOS will do, regardless of what it is. It doesn’t know what was there before, and it doesn’t particularly care. It hasn’t got the space on the BIOS chip to be able to do much else”
UEFI allows you to enroll EFI binaries that contain the same instructions for what to do next in the boot process. Those binaries sit on a UEFI partition, which can be anywhere on a drive (as long as it’s got a UEFI label on it).
Secure Boot is a cool idea that someone thought up that allows you to keep track of those EFI files, and what they look like, and you can tell the UEFI firmware to only allow booting from the EFI files that are on the list (that you made).
That definition should tell you what it is, what it does, what it doesn’t do, what it depends on, how it could be tricked, and whether or not you think it might be useful for you.
2 Likes
Hi,
thank you very much!
L
1 Like