Curious about install media and secure boot

Hello everyone,

I bought a laptop on a Black Friday deal and wasted several hours trying to boot from a USB stick in order to install Endeavour OS. The laptop is an LG Gram 17 (model 17Z90P) and eventually I figured out that I needed to go into the BIOS and disable secure boot (which allowed the USB stick to load the installer).

The reason this caught me a bit off-guard (and hence my question) was that Fedora and Ubunttu both seemed to be able to start without issues (even when secure boot WAS enabled). I have details below but basically my question is:

How come Ubuntu and Fedora are able to bypass the secure boot limitations? What trickery are they using (that EndeavourOS lacks) in order to be able to boot their media even when that setting is enabled?

To give some context about why this bothered me so much, here is what happened:

I downloaded the latest ISO, used Rufus to burn it onto a stick and rebooted pressing F10 to get to the BIOS boot menu. Selecting the stick flashed the screen momentarily and immediately returned to the boot menu prompting me to select a boot device again. I thought “Rufus must be messing with the loader” and use Balena Etcher instead to re-burn the ISO onto the stick. Again, the same result…

At this stage, I want to make sure the image is being written properly so I download latest Ubuntu and Fedora live installers. Burning Ubuntu onto the stick with Rufus and rebooting, I found it worked (could get into the live environment). I then burned Fedora with its own image writer and that one worked as well! I then used Balena Etcher to burn Fedora and once again that worked.

So at this point I’m sort of thinking the stick is fine, the image writing software is fine, it must be the image. I re-download and burned it again (tried both Balena Etcher and Fedora Image Writer on the fresh download): it didn’t help, again the same result (screen flashes and immediately back to the boot device menu).

So at this point I’m baffled and I pull up my old laptop (which I had packaged in order to ship selling on ebay). I try booting the stick there and …SUCCESS! So the stick is fine, the image writing software is fine, the image itself is fine, it’s just my new computer.

At this point I’m thiking it’s something specific to Endeavour and my laptop, because the Linux kernel runs fine once loaded (as proven by Fedora and Ubunut). It has to be something in the boot loader used by EndeavourOS. This was my “a-ha” moment wher I remembered turning that off a long time ago in my old laptop. So I get into the LG’s BIOS, disable secure boot, and immediately the stick boots…

I suppose that the failure is at the bios level when some security check fails, it would’ve been nice if some hint was given to the user as to what happened. Likely there’s nothing that can be done on the software side for this though, it must be the LG BIOS that needs improvement, right? I mean print something like “secure boot failed” and halt (don’t reboot) so that one may debug this…

1 Like

It isn’t trickery. Fedora and Ubuntu are large organizations with corporate backing that are paying Microsoft to have their binaries signed.

Yes, the code is being prevented from running so the software can’t give a warning here.


This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.