It’s been a while since I’ve posted something, but figuring out how to install Ubuntu 13.10 using EUFI, Secure Boot and FDE (‘Full Disk Encryption’) took me some time, so I’ll just write it down and hope I’ll save someone else an evening (or two) by putting all the information together.
This post just describes what I did, and involves steps where you can probably screw up your system. Decide for yourself whether this really is what you need, I do not take any responsibility for wrecked systems ; )
Create a backup image of your hard drive
I don’t need all the recovery stuff taking up precious space on my SSD, but I *do* want to be able to revert to ‘factory defaults’ when some hardware error occurs and stubborn helpdesk employees insist on reverting to factory defaults before considering there is a real issue. So, I boot from the Ubuntu liveUSB and make a gzipped disk image which I store over the network on some machine with plenty of disk space:
sudo dd if=/dev/sda | gzip | ssh <user>@<storage-machine> dd of=/path/to/disk/image.gz
My 256G SSD gave me a 39G gzipped image. Not too bad.
Restoring the image would be done this way:
ssh <user>@<storage-machine> dd if=/path/to/disk/image.gz | gzip -d | sudo dd of=/dev/sda
Retrieve your Windows 8 product key
I’m going to remove all current disk contents, but since every now and then I do need Windows for some specific application, I booted Windows 8 one more time, and retrieved the product key using Belarc Advisor ( http://www.belarc.com/free_download.html). This way I can use the key to install a Windows 8 virtual machine with the license that comes with the Vaio.
Update your BIOS
Sony offers BIOS updates through their support website, but those are Windows binaries. If you’re planning to throw out Windows as a native OS, take the opportunity to update your BIOS before throwing out Windows.
Contrary to popular belief, it is *not* required to disable Secure Boot or even switch to Legacy mode to run Ubuntu. Leave both Secure Boot and UEFI enabled, they offer some extra security and functionality.
The installation itself actually works as expected, but since the Sony UEFI firmware is not working properly choose ‘Try Ubuntu before installing’ when you boot from the Ubuntu live usb stick. This gives you the options to fix some stuff before rebooting after a successful installation. From the live Ubuntu, start the installation using the ‘Install Ubuntu’-button in the Unity launcher.
During installation choose the ‘Erase disk and install Ubuntu’ option and enable Full Disk Encryption (which will enable LVM). Let the installer do its thing. Once it’s done don’t reboot the machine, but choose ‘keep trying Ubuntu’. We’re going to work around Sony’s UEFI limitations now.
Convince the Sony firmware to fire up Grub
Mount the EFI partition. If you’ve chosen to let the ubuntu installer take care of everything it’s probably /dev/sda1, if you’ve kept the original it’s probably /dev/sda3. Otherwise do a ‘sudo parted -l’ to figure out what’s the bootable fat32 partition, that’s the one you need.
sudo mount /dev/sda1 /mnt
Now create the path where Sony expects the bootfiles, and copy the ubuntu files over to convince it to really fire up grub:
cd /mnt/EFI sudo mkdir -p Microsoft/Boot sudo cp ubuntu/* Microsoft/Boot/* sudo cp Microsoft/Boot/shimx64.efi Microsoft/Boot/bootmgfw.efi cd ~ sudo umount /mnt
That should get you into grub.
If you’ve chosen to disable Secure Boot, you probably want to copy grubx64.efi instead of shimx64.efi.
Learn grub to cope with the SSD
Somehow the boot fails when you don’t explicitly tell your kernel not to use NCQ. As NCQ doesn’t make any sense with SSDs (there’s no moving head), we don’t need it and can just disable it. This requires us to mount the encrypted root partition. The following step is only required when you’re using Full Disk Encryption (which you actually *should* do), otherwise just skip to the ‘mount the root partition’ step.
First open your encrypted partition (in my case /dev/sda3, again take a look at the ‘sudo parted -l’ output for yourself), then activate the LVM:
sudo cryptsetup luksOpen /dev/sda3 sda3_crypt sudo lvchange -ay
Now, mount your root partition:
sudo mount /dev/mapper/ubuntu--vg-root /mnt sudo gedit /mnt/etc/default/grub
If you didn’t use lvm or disk encryption it’s probably /dev/sda2, instead of /dev/mapper/ubuntu–vg-root.
and change the GRUB_CMDLINE_LINUX_DEFAULT line to:
GRUB_CMDLINE_LINUX_DEFAULT="quiet splash libata.force=noncq"
If your prefer to see your boot log instead of the Ubuntu splash logo, remove the splash keyword while you’re at it.
That should do the trick, reboot your machine, cross you fingers and enjoy your Vaio Pro with Ubuntu!
To get the most of your installation, it is worthwile to install the 3.12 kernel or newer, as it has better support for the pstates in your CPU. In the 3.11 kernel the dynamic scaling will not work. In my case the CPU cores were stuck at 800MHz. Before you start hacking, make sure your Ubuntu is updated and check your kernel version by issuing a `uname -r` command from a terminal. If it’s 3.12 or newer, you’re good. Otherwise get the newest .debs from http://kernel.ubuntu.com/~kernel-ppa/mainline/v3.12-saucy/ and install them using dpkg -i. I my case I did the equivalent of:
sudo dpkg -i linux-headers-3.12.0-031200-generic_3.12.0-031200.201311031935_amd64.deb sudo dpkg -i linux-headers-3.12.0-031200_3.12.0-031200.201311031935_all.deb sudo dpkg -i linux-image-3.12.0-031200-generic_3.12.0-031200.201311031935_amd64.deb
One last hint, once you’ve booted, there are some files in /sys/devices/platform/sony-laptop where you can control some setting specific to your laptop. For example, to reduce the fan noise in exchange for a little more heat issue the following command:
echo silent | sudo tee /sys/devices/platform/sony-laptop/thermal_control
This post is a collection of information I found on the web, together with results of trying out stuff myself. Pages that contributed to this post are:
And probably some more that I cannot find anymore.