Installing Ubuntu 18.04 LTS on 220 BYOD laptops
Every year at the start of the academic year at the UvA we have a large instalfest to install the latest Ubuntu LTS release on the laptops of the first year bachelor computer science and artificial intelligence students. This year we had around 220 students, that we did in two rounds. The first round was around 90 students and the second round was around 130 students. Because most student buy a new laptop this group gives a good insight into the current state of Linux support on modern laptops and the issues that you could face when trying to dual boot a modern laptop.
Issues
The following list of common issues are not in any specific order.
Secure boot
It seems that most vendors finally have a somewhat usable secure boot implementation,
some vendors only call the option secure boot support
and for some you
still need to configure an admin password in the BIOS to disable secure boot or they only
allow you to change the uEFI boot order if you have secure boot enabled.
However using MOK to enroll new keys is helpful if you need to keep in enabled
but need out of tree drivers. You can keep secure boot enabled if you do not require
a newer kernel of out of tree drivers.
Bitlocker
Most modern laptops, if they are in the somewhat more business oriented market, will have bitlocker enabled by default. If you resize the partition, disable secure boot or change to boot order you will have to enter the bitlocker recovery key, normally this is stored in your Microsoft account if you have one. It is nonetheless recommend to export the key from windows or disable bitlocker before you start the installation and re-enable it after the installation. It is also a good idea to lookup if you still know you local windows password, after the changes and a reboot it will request you to enter the password and not the pin and windows hello will be disabled.
This year we came across the issue that the link to retrieve the recovery key on the screen, was incorrect. It was pointing to a different domain name. Manually browsing to the page from the Microsoft site worked.
Disks
Most modern laptops ship with Intel RST default enabled but do not use any of the raid features as there is only 1 ssd drive in the system. Currently we opt to disable Intel RST by changing windows 10 to safe mode switching it to ACHI and then disable safe mode. It is also possible to keep using Intel RST by running dmraid to detect the drive. However because of time constraints disabling it in windows is a quicker option. However disabling RST will give on most laptops a scary warning that this will erase all data from the disk, this is not the case when there is no raid configured.
Nvidia
As usual, if the laptop has a modern Nvidia card, most of the time it will not boot without installing the proprietary drivers, even if it correctly boots with nouveau we see that sometimes the WiFi card refuses to connect or find networks or that it randomly hangs after a few minutes, after switching to the proprietary drivers this fixes the issue.
WiFi
Last year we had a lot of students with the rtl8821CE card which is currently still not supported in mainline Linux sadly. In our initial assessment it looked like that some vendors still are using this card. Most of the issues that we saw was missing firmware blobs for some of the Atheros cards and only a few other realtek cards that currently do not have in tree drivers.
Repair shops
We also saw again that some repair shops when reinstalling windows 10 in a laptop formatting the driver to MBR and thus installing it without EFI, and therefor creating some issues because of having a maximum of 4 primary partitions that a modern windows 10 uses all of them, 1 boot partition, the main partition, 1 recovery partition and 1 OEM recovery partition on most installs.
Conclusion
We have seen over the past few years that in general the quality of the laptops in the consumer price range has gone up, but the Linux support out of the box is still not great. It would be nice to see more vendors supporting the fwupd project to allow EFI upgraded from within Linux, and stop enabling Intel RST by default.
From a security standpoint it is good to see that every year more laptops come enabled with full disk encryption out of the box, hopefully this will increase to more than the current ~10% that we currently see.