Tangling with Secure Boot and UEFI in Ubuntu

Folks in Dallas, among other places, were wondering why in the world I would run Windows 8 as my primary system.  Well, I run ubuntu as much as I can, just off a stick. I have three USB sticks tied up as ubuntu LiveCDs for ages, hopping installs between them, attempting to find the secret sauce that will get me a fully-fledged, mutable, bootable system.

I’d certainly prefer to have an environment where audacity, kdenlive, vlc, inkscape, gimp, and my favourite fonts are already preinstalled. Old solutions like the Ubuntu Customization Kit used to do this easily, but were never well-supported, even back in the day when they still worked.

Why not just run ubuntu side-by-side with Windows?  Two issues.  I’m down all those USB sticks just now and I don’t really want to mess with my hard drive partitions whatsoever, without having a backup of my System Restore partition around.  I rather dislike the notion of a software problem ballooning into a $12-$50 how-much-backup-space can-you-buy issue.  This whole deal is supposed to be plug-and-chug!

It’s all tied into UEFI Secure Boot.  The LiveCD takes right away, no problems. As soon as I “install” onto a USB drive, though… it stops showing up in the boot menu.  I can get the install to work if I re-enable “Legacy” boot.  But that’s two runs to the BIOS during every reboot, super annoying.

So far the best I can do to work around is this: There’s a daily build of Ubuntu that in theory has all the latest security packages to start out with.  On the days I update my boot stick, I burn that to a secondary jump drive, and boot from it.  Then I take out my primary 16GB jump drive, and clone the new build to the primary stick with dd, onto the 1600MB of space I have reserved for Xenial at the moment.

All the  .deb files for my programs have been ferreted away on a second partition on that jump drive (copied over from /var/cache/apt following the usual sudo apt-get dance), since I’m not scared to use dpkg -i -R .

The jump drive is also rounded out with 8GB of swap space, because ubuntu runs out of RAM in a hurry when you install packages on the LiveCD environment.  There’s also this other odd issue, where it will halt, seemingly for no reason, even with all that swap, so maybe I’m barking up the wrong tree with that.

What I might do next is make a custom Debian disc, since that’s actually a half-decently supported toolchain, versus ubuntu where you’re just rolling the dice.  Now, keeping that updated is bound to be a real chore…