Microsoft Surface Pro 3
This aims to document things to be taken into account when using Archlinux in a Microsoft Surface Pro 3 device. Can't guarantee the result in other devices.
I recommend using a microSD as the installation medium and leaving the USB for a keyboard, although you may also use a USB hub for this. As of 2015.05.01, the Cover Type 3 is working with the 4.0.1-1 kernel.
Contents
Backup recommended
The warranty of the device only covers if using windows, so I really recommend doing a backup just in case you happen to need to send it to some official Tech support.
Booting into the installer
To boot from USB, you will need to instruct the table to boot from USB or SD Card. Also, you will need to disable Secure Boot to boot into archlinux, or enroll the efi file into the Secure Boot hashes (latter prefered). Do either one or the other.
There are three types of boots in the surface pro 3 explained here:
- Normal mode
- Just leave the computer go. You can change it from "Alternate Boot order" in the UEFI Setup
- Boot into the UEFI Setup
- With the device powered off (or rebooting, but better play safe)
- Press & hold Volume up
- Press power button
- Wait until the surface logo appears
- Release Volume up
- You will be presented with the UEFI Setup Menu
- Boot into the USB/SD card
- Power off the device
- Press & hold Volume down
- Press power button
- Wait until the surface logo appears
- Release Volume down
Disable Secure Boot
Boot into the UEFI setup, and select Secure Boot Control > Disable. Now continue with the installation. See the Microsoft steps for more information.
Boot with Secure Boot
See Unified Extensible Firmware Interface#Secure Boot.
Installation
I have done the installation with Gummiboot. After doing all the steps of installation within the Beginners' guide, you should do two more things. Booting in Secure Boot won't work for the new installation, as the vmlinuz hasn't been registered within it's loader.
The easiest way is to do all the setup is the following, just before rebooting:
- Exit from the chroot but don't umount anything
- Move /mnt/boot/EFI/boot/bootx64.efi to /mnt/boot/EFI/boot/loader.efi
- Copy /boot/EFI/boot/bootx64.efi and HashTool.efi to /mnt/boot/EFI/boot/
Here, we have enabled Preloader to boot our gummiboot loader, and if it detects that something hasn't been signed, it will boot the HashTool.efi to sign the vmlinuz-image binary.
The idea is, we take the gummiboot bootloader and make it the one that PreLoader will boot (the one in it's same folder, named loader.efi). Then, we copy both the PreLoader (which is the archiso's bootx64.efi) and the HashTool (already with that name).
This way, with Secure Boot enabled, you will be able to boot your kernel whenever you wish to, signed or not, repeating the hash storing procedure on the next boot
Extra steps
Although in the latest kernel you have support for the touchpad, the screen, etc. It doesn't have support for stuff like the webcam, etc. A github repo to track the support of the Surface Pro 3 in Archlinux was created: [1], where you can check for the status (maybe a little updated.
Other resource, listed in the github repo, is a surface pro 3 specific linux kernel package, with support for these devices. It is available in the AUR [2]. You can check there the support for the different modules available, or take the patch from upstream.
Troubleshooting
Invalid signature detected check secure boot policy in setup
This happened to me after deleting the Secure Boot database and initializing it with Microsoft & CAs. I also had to do the recovery of the bitlocker partition, but I would follow these steps:
- After the reset, switch off and try to boot from the sd/usb. If you don't succeed and get the message many times:
- Leaving all TPM & SecureBoot enabled and SSD Only alternate system order
- Do another database reset
- Enroll the Microsoft and CAs again
- reboot into sd/usb with volume down
- It should work now
- Follow steps in the Secure Boot installation
- After the full installation of archlinux, when you have it working, do the BitLocker recovery
If after doing these steps doesn't still work. Flash the archiso image once more and try again,