Alpine and UEFI: Difference between revisions

From Alpine Linux
(→‎UEFI boot process explained: remarks the infrastructure supported in uefi partitions)
(9 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{TOC right}}


'''What is UEFI? A new (relatively) firmware system (almost mini OS embebed), for computers that manages the early boot process'''
= UEFI and BIOS definitions and introduction =


''When something new comes.. all the bad things become good and news become bad!''
In the old days, BIOS (for '''B'''asic '''I'''nput '''O'''utput '''S'''ystem) was how computers booted from the 1980s onwards. But now in newer hardware for devices, servers, laptops and desktops computers the UEFI (for '''U'''nified '''E'''xtensible '''F'''irmware '''I'''nterface) defines a software interface between an operating system and platform firmware into the vendor hardware.


Now it's on regular home/office made computers and some ARM server boards. It's a huge bloated mess of a spec due manufacturers try to include many things with the [https://en.wikipedia.org/wiki/Unified_EFI_Forum UEFI Forum org]!
UEFI replaces the BIOS firmware interface originally present in all IBM PC-compatible personal computers, early modern computer's UEFI firmware implementations provide legacy support for BIOS services.


The problem it's doesn't matter. It's what we have. Learn it or become obsolete.
== The history so far ==


= UEFI and BIOS definitions and introduction =
Due newer incoming 64-bit incoming processors the older computers boot process are not more possible. It started life on Itanium (Intel's first 64-bit processor) systems. Itanium had no support for 32-bit, and certainly no embedded 80286, so they had to come up with a different system.
 
All this was driven by a problem in the most extensive and used architecture: x86 32-bit, inclusivelly a new 2019's Skylake i7-6700k still has an 80286 embedded in it because all x86 BIOS strictly only supports 16-bit 8088-derivative processors.
 
Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those from M$ Redmon's OS. In 2005, UEFI deprecated EFI 1.10 (the final release of EFI). The Unified EFI Forum is the industry body that (seems) "manages" the UEFI specification.
 
= Alpine UEFI support =
 
Currently are only in basic form, not all the architectures are complete supported.
 
The '''support for
[https://en.wikipedia.org/wiki/EFI_system_partition EFI System Partition] was started in the [https://alpinelinux.org/posts/Alpine-3.7.0-released.html Alpine 3.7.0 new mayor release]''', preliminary support in that version does not create the
[https://en.wikipedia.org/wiki/EFI_system_partition EFI Partition], only has support for existing ones or manually created.
 
Started '''in the [https://alpinelinux.org/posts/Alpine-3.8.0-released.html Alpine 3.8.0 new mayor release] support in the installer for the GRUB boot loader was added''' so now Linux experimental users can play with combinations of solutions and proper
[https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface UEFI] complete installations. Please refer to [[Alpine_and_UEFI#UEFI_and_BIOS_definitions_and_introduction|UEFI_and_BIOS section of this page]] first.


In the old days, BIOS (for '''B'''asic '''I'''nput '''O'''utput '''S'''ystem) was how computers booted from the 1980s onwards. But now in newer hardware for laptops and desktops computers the UEFI (for '''U'''nified '''E'''xtensible '''F'''irmware '''I'''nterface) defines a software interface between an operating system and platform firmware into the vendor hardware.
'''[https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#EFI_system_partition EFI System Partition] are not the complete overall of the [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface UEFI], it's just the need minimal infrastructure to property boot by and [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Implementation_and_adoption UEFI modern machine]. See the [[Alpine_and_UEFI#UEFI_mandatory_partition_mechanics|Alpine UEFI partition mechanics notes]] section in this page for details.'''


== What that's means? ==
Please read carefully the [[Alpine_and_UEFI#UEFI_and_BIOS_definitions_and_introduction|UEFI_and_BIOS section of this page]].


UEFI replaces the BIOS firmware interface originally present in all IBM PC-compatible personal computers, early modern computer's UEFI firmware implementations provide legacy support for BIOS services.
== Minimum Alpine partition sheme ==


== Why change, why more complications? ==
Alpine Linux only require a root partition for system and a swap partition, but, UEFI systems require an EFI system partition. Needs a bootloader program in \EFI\$bootloader.efi on a EFI System Partition, a specially tagged partition. The current status of that mechanics to boot '''in Alpine Linux are still in development and only basic support to existing mades are provided'''. See [[Alpine_and_UEFI#UEFI_mandatory_partition_mechanics|UEFI_mandatory_partition_mechanics]] for details.


Stupid companies.. due stupid is booting Windows from drives bigger than 2TB (something that linux can just do easyle due partitioning and boot management). But really, the issue is about 16-bit processors.
== Notes about the boot flags and boot partition ==


== All the system included 16-bit CPU inside? with UEFI will be pure 64-bit ==
UEFI booting does not involve any "boot" flag, that's it's a need only for BIOS booting. The UEFI booting relies solely on the boot entries in NVRAM. Parted and its front-ends use a "boot" flag on GPT to indicate that a partition is an EFI system partition.


As example: a top of the range Skylake i7-6700k still has an 80286 embedded in it - for the people who insist on using BIOS. Indeed. But BIOS strictly only supports 16-bit 8088-derivative processors.
A BIOS boot partition is only required when using GRUB for BIOS booting from a GPT disk. The partition has nothing to do and it must not be formatted with a file system or mounted.


All of this crap are just due redmon's company operating system limitations in fact! due intel, amd and others can easyle provide for many more years an 80286 embedded in each processor
== Alpine disk layout for UEFI ==


== The history so far ==
You will need a disk layout that your system firmware is capable of booting, you '''will need a boot partition and a root partition'''. Other architectures may have different requirements an not all are supported, please read [[Alpine_and_UEFI#UEFI_mandatory_partition_mechanics|UEFI_mandatory_partition_mechanics]] for details.


Due newer incoming 64-bit incoming processors the older computers boot process are not more possible. It started life on Itanium (Intel's first 64-bit processor) systems. Itanium had no support for 32-bit, and certainly no embedded 80286, so they had to come up with a different system.  
If you don't already know what filesystem format you want your boot partition, choose '''ext2'''. The '''root partition, and any additional partitions or LVM volume groups, may be in any format that the kernel is capable of reading'''.


Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those from Microsoft Windows.[4][5] In 2005, UEFI deprecated EFI 1.10 (the final release of EFI). The Unified EFI Forum is the industry body that manages the UEFI specification.
==== UEFI/GPT minimal layout ====


= Alpine UEFI support =
{| class="wikitable"
! Mount point
! Partition
! Partition type Purpose
! Recommended size
|-
| /boot or /efi
| /dev/sda1
| Boot system partition for EFI
| 260 MiB
|-
| /
| /dev/sda2
| Alpine Linux root system OS
| 1–32 GiB
|-
| none
| /dev/sda3
| Linux swap memory
| 1-2Gb
|}


The '''support for
==== BIOS/MBR minimal layout ====
[https://en.wikipedia.org/wiki/EFI_system_partition EFI System Partition] was started in the [https://alpinelinux.org/posts/Alpine-3.7.0-released.html Alpine 3.7.0 new mayor release]''', preliminary support in that version does not create the
[https://en.wikipedia.org/wiki/EFI_system_partition EFI Partition], only has support for existing ones or manually created.


Started '''in the [https://alpinelinux.org/posts/Alpine-3.8.0-released.html Alpine 3.8.0 new mayor release] support in the installer for the GRUB boot loader was added''' so now Linux experimental users can play with combinations of solutions and proper
{| class="wikitable"
[https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface UEFI] complete installations. Please refer to [[Alpine_and_UEFI#UEFI_and_BIOS|UEFI_and_BIOS section of this page]] first.
! Mount point
! Partition
! Partition type Purpose
! Recommended size
|-
| /boot
| /dev/sda1
| Boot grub partition (optional)
| 100 MiB
|-
| /
| /dev/sda2
| Alpine Linux root system OS
| 1–32 GiB
|-
| none
| /dev/sda3
| Linux swap memory
| 1-2Gb
|}


[https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#EFI_system_partition EFI System Partition] are not the complete overall of the [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface UEFI], it's just the need minimal infrastructure to property boot by and [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Implementation_and_adoption UEFI modern machine].
==== BIOS/GPT minimal layout ====


Please read carefully the [[Alpine_and_UEFI#UEFI_and_BIOS|UEFI_and_BIOS section of this page]] that was made with new user landing words to easy understanding.
{| class="wikitable"
! Mount point
! Partition
! Partition type Purpose
! Recommended size
|-
| None
| /dev/sda1
| BIOS boot partition
| 8 MiB
|-
| /
| /dev/sda2
| Alpine Linux root system OS
| 1–32 GiB
|-
| none
| /dev/sda3
| Linux swap memory
| 1-2Gb
|}


= BIOS boot process for newbies =
= BIOS boot process for newbies =
Line 57: Line 130:
For now. Ish. Any modern motherboard (some 2011 onwards, all with a Ruindows 8 logo on the box) is using UEFI natively, but most can emulate BIOS enough for you to keep booting with BIOS.
For now. Ish. Any modern motherboard (some 2011 onwards, all with a Ruindows 8 logo on the box) is using UEFI natively, but most can emulate BIOS enough for you to keep booting with BIOS.


== How to choose BIOS Boot options media ==
= UEFI boot process explained =
 
WIP due we nee a very easy way to tell this
 
= UEFI boot process for newbies.. i mean for complications =


Well, let's start with installers. It'll read a UDF or FAT32-formatted USB drive or DVD, and look for the file /efi/boot/bootx64.efi and run it. An app, written in the UEFI "OS". It can be anything! Here's classic text adventure Zork, as a UEFI app.
Well, let's start with installers. It'll read a UDF or FAT32-formatted USB drive or DVD, and look for the file /efi/boot/bootx64.efi and run it. An app, written in the UEFI "OS". It can be anything! Here's classic text adventure Zork, as a UEFI app.
Line 71: Line 140:
Each OS will stick its boot loader somewhere in the ESP, then send a signal to the firmware to write this new loader's location into the CMOS. Each entry installed in this manner will get its own listing in your "boot devices" list on the firmware - so if you installed MACOSX, you'll have "MACOSX Boot Manager" as an entry next to your DVD drive and hard drive after you reboot. This is why you don't do the old "unplug drive A when installing a different OS to drive B" thing, or swap cables, or anything like that. You should only have one ESP, the one on drive A.  
Each OS will stick its boot loader somewhere in the ESP, then send a signal to the firmware to write this new loader's location into the CMOS. Each entry installed in this manner will get its own listing in your "boot devices" list on the firmware - so if you installed MACOSX, you'll have "MACOSX Boot Manager" as an entry next to your DVD drive and hard drive after you reboot. This is why you don't do the old "unplug drive A when installing a different OS to drive B" thing, or swap cables, or anything like that. You should only have one ESP, the one on drive A.  


== What's this infamous "secure boot" ==
== UEFI mandatory partition mechanics ==
 
Regular UEFI boot has several lists of possible boot entries, stored in UEFI config variables (normally in NVRAM), and boot order config variables stored alongside them. Unfortunately, a lot of PC UEFI implementations have got this wrong and so don't work properly.
 
The correct way for this to work when booting off local disk is for a boot variable to point to a vendor-specific bootloader program in <code>\EFI\$bootloader.efi</code> on the EFI System Partition (ESP), a specially tagged partition (Some OS's formatted as Fat32.. that's are unnecessary due it's just to able to poor OS's to boot like M$ Redmond OS's). The current status of that mechanics to boot in Alpine Linux are still in development and only basic support to existing made are provided.
 
== What's this infamous "Secure Boot"? ==
 
It's a way for your motherboard to prevent tampering of your OS (e.g. boot-sector viruses, or backdoors installed without your knowledge). You can provide a list of certificates you trust, then the firmware enforces that everything involved with the boot process (not just the boot loader, but the OS kernel itself, and all your device firmware like your GPU BIOS) are signed with a trusted key.
 
Works using cryptographic checksums and signatures. It '''stops your system from booting unsigned code'''. You can sign your own, and trust the certificate you used to do that signing. Or you can get the boot code signed by M$ - every motherboard has a small list of pre-trusted certificates which almost (always) includes M$ redmon's certs, which they currently let anyone use for a small fee.
 
Most of the programs that are expected to run in the UEFI environment are boot loaders, but others exist too. There are also programs to deal with firmware updates before operating system startup (like fwupdate and fwupd), and other utilities may live here too.
 
Due the "Unsigned code curse", Alpine linux [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#EFI_system_partition EFI System Partition] '''are not the complete overall of the [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface UEFI], it's just the need minimal infrastructure to property boot''' it!


It's a way for your motherboard to prevent tampering of your OS (e.g. boot-sector viruses, or backdoors installed without your knowledge .. umm suuureeeee). You can provide a list of certificates you trust, then the firmware enforces that everything involved with the boot process (not just the boot loader, but the OS kernel itself, and all your device firmwares like your GPU BIOS) are signed with a trusted key.
== How to boot unsigned code? ==


It stops you booting "untrusted stuff" (suuuurrreeee). So you can sign your own crap, and trust the certificate you used to do that signing. Or you can get your crap signed by Microsoft - every motherboard has a small list of pre-trusted certificates which includes Microsoft's cert, which they'll let anyone use for a small fee.
'''You must disable Secure Boot. Alpine has no support due there's no Alpine Cert boot!''' Other Linux distros (mostly enterprise made related) have had. This meant that on many new computer systems, users had to first disable Secure Boot to be able to install and the methods for doing this vary massively from one system to another, making this potentially quite difficult for users.  


== How to boot older things? ==
This are due M$crosoft act as a Certification Authority (CA) for SB, and they will sign programs/bootloaders on behalf of other trusted organizations so that their programs will also run, that of course have a cost.. and there's nothing related to free software but affects to.. There's no Alpine Linux Certification like are with other enterprise related Linux.


Must be disable the Secure Boot, but that option will not remains forever.
Take in consideration that for Alpine linux [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#EFI_system_partition EFI System Partition] are not the complete overall of the [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface UEFI], it's '''just the need minimal infrastructure to property boot''' by an [https://en.wikipedia.org/wiki/Unified_Extensible_Firmware_Interface#Implementation_and_adoption UEFI modern machine]. See the [[Alpine_and_UEFI#UEFI_mandatory_partition_mechanics|Alpine UEFI partition mechanics notes]] section in this page for details.


= Overall notes and conclusions =
= Overall notes and conclusions =


UEFI is buggy due Motherboard manufacturers dont implement property the specs, and hire the cheapest developers to work for them, so problems will come so far!
Currently Alpine UEFI and Secure Boot are very early stage.. enough support was made and enabled but Secure Boot must be disabled due obviously reasons.


BIOS has been around a couple of decades longer, so has a couple of decades of extra bug fixing applied. Problems exist but with solutions!
BIOS only or compatible old BIOS computers are a most easily way to install Linux in general, that does not need of extra partition layer to boot.. and does not need extra special files into.


It's not malice, it's incompetence. But the solution isn't sticking with BIOS - it's learning a new set of workarounds.
UEFI only or newer UEFI computers are very common in nomadays and not so easy to install Alpine linux, that will need extra partition layer to boot.. a extra EFI partition with special files into.


= See Also =
= See Also =


# [[Newbie_Alpine_Ecosystem]]
* [[Newbie_Alpine_Ecosystem]]
# [[Alpine newbie apk packages]]
* [[Alpine_newbie_install_manual|Alpine Installation]]
# [[Alpine newbie desktops]]
* [[Create a Bootable Compact Flash]]
# [[Alpine newbie developer]]
* [[Create a bootable SDHC from a Mac]]
# [[Alpine newbie lammers]]
* [[Create a Bootable USB]]
* [[Create UEFI boot USB]]
* [[Create UEFI seureboot USB]]


[[Category:Newbie]]
[[Category:Newbie]]
[[Category:Installation]]
[[Category:Installation]]

Revision as of 17:05, 10 February 2020

UEFI and BIOS definitions and introduction

In the old days, BIOS (for Basic Input Output System) was how computers booted from the 1980s onwards. But now in newer hardware for devices, servers, laptops and desktops computers the UEFI (for Unified Extensible Firmware Interface) defines a software interface between an operating system and platform firmware into the vendor hardware.

UEFI replaces the BIOS firmware interface originally present in all IBM PC-compatible personal computers, early modern computer's UEFI firmware implementations provide legacy support for BIOS services.

The history so far

Due newer incoming 64-bit incoming processors the older computers boot process are not more possible. It started life on Itanium (Intel's first 64-bit processor) systems. Itanium had no support for 32-bit, and certainly no embedded 80286, so they had to come up with a different system.

All this was driven by a problem in the most extensive and used architecture: x86 32-bit, inclusivelly a new 2019's Skylake i7-6700k still has an 80286 embedded in it because all x86 BIOS strictly only supports 16-bit 8088-derivative processors.

Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those from M$ Redmon's OS. In 2005, UEFI deprecated EFI 1.10 (the final release of EFI). The Unified EFI Forum is the industry body that (seems) "manages" the UEFI specification.

Alpine UEFI support

Currently are only in basic form, not all the architectures are complete supported.

The support for EFI System Partition was started in the Alpine 3.7.0 new mayor release, preliminary support in that version does not create the EFI Partition, only has support for existing ones or manually created.

Started in the Alpine 3.8.0 new mayor release support in the installer for the GRUB boot loader was added so now Linux experimental users can play with combinations of solutions and proper UEFI complete installations. Please refer to UEFI_and_BIOS section of this page first.

EFI System Partition are not the complete overall of the UEFI, it's just the need minimal infrastructure to property boot by and UEFI modern machine. See the Alpine UEFI partition mechanics notes section in this page for details.

Please read carefully the UEFI_and_BIOS section of this page.

Minimum Alpine partition sheme

Alpine Linux only require a root partition for system and a swap partition, but, UEFI systems require an EFI system partition. Needs a bootloader program in \EFI\$bootloader.efi on a EFI System Partition, a specially tagged partition. The current status of that mechanics to boot in Alpine Linux are still in development and only basic support to existing mades are provided. See UEFI_mandatory_partition_mechanics for details.

Notes about the boot flags and boot partition

UEFI booting does not involve any "boot" flag, that's it's a need only for BIOS booting. The UEFI booting relies solely on the boot entries in NVRAM. Parted and its front-ends use a "boot" flag on GPT to indicate that a partition is an EFI system partition.

A BIOS boot partition is only required when using GRUB for BIOS booting from a GPT disk. The partition has nothing to do and it must not be formatted with a file system or mounted.

Alpine disk layout for UEFI

You will need a disk layout that your system firmware is capable of booting, you will need a boot partition and a root partition. Other architectures may have different requirements an not all are supported, please read UEFI_mandatory_partition_mechanics for details.

If you don't already know what filesystem format you want your boot partition, choose ext2. The root partition, and any additional partitions or LVM volume groups, may be in any format that the kernel is capable of reading.

UEFI/GPT minimal layout

Mount point Partition Partition type Purpose Recommended size
/boot or /efi /dev/sda1 Boot system partition for EFI 260 MiB
/ /dev/sda2 Alpine Linux root system OS 1–32 GiB
none /dev/sda3 Linux swap memory 1-2Gb

BIOS/MBR minimal layout

Mount point Partition Partition type Purpose Recommended size
/boot /dev/sda1 Boot grub partition (optional) 100 MiB
/ /dev/sda2 Alpine Linux root system OS 1–32 GiB
none /dev/sda3 Linux swap memory 1-2Gb

BIOS/GPT minimal layout

Mount point Partition Partition type Purpose Recommended size
None /dev/sda1 BIOS boot partition 8 MiB
/ /dev/sda2 Alpine Linux root system OS 1–32 GiB
none /dev/sda3 Linux swap memory 1-2Gb

BIOS boot process for newbies

BIOS only supports two methods of booting - loading 448ish bytes of 8088 machine code from the start of a floppy disk, or the same from the start of a fixed IDE disk

BIOS can only assume one boot loader occupying the start of hard drive. So each OS overwrites it with its own boot loader. Messy messy. There's also the 2TB issue I mentioned before

In order to make your drive more useful, it's split up into partitions - chunks of disk which can be treated as independent drives from inside your OS. Ruindows (following on from MS-DOS) only supports one method for partitioning its boot drive on BIOS systems: "MBR"

MBR cannot handle numbers bigger than 2,199,023,255,552. It is impossible to talk about any drive beyond 2TB using MBR layout. So if you're booting from it and use BIOS, you MUST use MBR (because that's all Windows supports) - and you simply can't use any space beyond that if your boot drive is 3TB or bigger.

For now. Ish. Any modern motherboard (some 2011 onwards, all with a Ruindows 8 logo on the box) is using UEFI natively, but most can emulate BIOS enough for you to keep booting with BIOS.

UEFI boot process explained

Well, let's start with installers. It'll read a UDF or FAT32-formatted USB drive or DVD, and look for the file /efi/boot/bootx64.efi and run it. An app, written in the UEFI "OS". It can be anything! Here's classic text adventure Zork, as a UEFI app.

It's possible to make boot media which is valid for both UEFI and BIOS. Unfortunately, in a slightly user-unfriendly twist, you (the user) need to pick the right boot entry. For example, on the wife's PC, a USB stick gets listed as both "UEFI: Sandisk Cruzer Edge" and "USB: Sandisk Cruzer Edge". Just... make sure you pick the right entry. It's impossible to change mode after this point.

It uses a different partitioning system called GPT instead of MBR, and secondly it creates an extra ~100 meg partition called the "EFI System Partition" - a FAT32 partition where the boot loader apps get installed to (no more boot sectors).

Each OS will stick its boot loader somewhere in the ESP, then send a signal to the firmware to write this new loader's location into the CMOS. Each entry installed in this manner will get its own listing in your "boot devices" list on the firmware - so if you installed MACOSX, you'll have "MACOSX Boot Manager" as an entry next to your DVD drive and hard drive after you reboot. This is why you don't do the old "unplug drive A when installing a different OS to drive B" thing, or swap cables, or anything like that. You should only have one ESP, the one on drive A.

UEFI mandatory partition mechanics

Regular UEFI boot has several lists of possible boot entries, stored in UEFI config variables (normally in NVRAM), and boot order config variables stored alongside them. Unfortunately, a lot of PC UEFI implementations have got this wrong and so don't work properly.

The correct way for this to work when booting off local disk is for a boot variable to point to a vendor-specific bootloader program in \EFI\$bootloader.efi on the EFI System Partition (ESP), a specially tagged partition (Some OS's formatted as Fat32.. that's are unnecessary due it's just to able to poor OS's to boot like M$ Redmond OS's). The current status of that mechanics to boot in Alpine Linux are still in development and only basic support to existing made are provided.

What's this infamous "Secure Boot"?

It's a way for your motherboard to prevent tampering of your OS (e.g. boot-sector viruses, or backdoors installed without your knowledge). You can provide a list of certificates you trust, then the firmware enforces that everything involved with the boot process (not just the boot loader, but the OS kernel itself, and all your device firmware like your GPU BIOS) are signed with a trusted key.

Works using cryptographic checksums and signatures. It stops your system from booting unsigned code. You can sign your own, and trust the certificate you used to do that signing. Or you can get the boot code signed by M$ - every motherboard has a small list of pre-trusted certificates which almost (always) includes M$ redmon's certs, which they currently let anyone use for a small fee.

Most of the programs that are expected to run in the UEFI environment are boot loaders, but others exist too. There are also programs to deal with firmware updates before operating system startup (like fwupdate and fwupd), and other utilities may live here too.

Due the "Unsigned code curse", Alpine linux EFI System Partition are not the complete overall of the UEFI, it's just the need minimal infrastructure to property boot it!

How to boot unsigned code?

You must disable Secure Boot. Alpine has no support due there's no Alpine Cert boot! Other Linux distros (mostly enterprise made related) have had. This meant that on many new computer systems, users had to first disable Secure Boot to be able to install and the methods for doing this vary massively from one system to another, making this potentially quite difficult for users.

This are due M$crosoft act as a Certification Authority (CA) for SB, and they will sign programs/bootloaders on behalf of other trusted organizations so that their programs will also run, that of course have a cost.. and there's nothing related to free software but affects to.. There's no Alpine Linux Certification like are with other enterprise related Linux.

Take in consideration that for Alpine linux EFI System Partition are not the complete overall of the UEFI, it's just the need minimal infrastructure to property boot by an UEFI modern machine. See the Alpine UEFI partition mechanics notes section in this page for details.

Overall notes and conclusions

Currently Alpine UEFI and Secure Boot are very early stage.. enough support was made and enabled but Secure Boot must be disabled due obviously reasons.

BIOS only or compatible old BIOS computers are a most easily way to install Linux in general, that does not need of extra partition layer to boot.. and does not need extra special files into.

UEFI only or newer UEFI computers are very common in nomadays and not so easy to install Alpine linux, that will need extra partition layer to boot.. a extra EFI partition with special files into.

See Also