Secure Boot Setup
Felix Natter
fnatter at gmx.net
Fri Jul 26 13:02:26 UTC 2024
Dear Ubuntu Experts,
I will roll out Ubuntu22.04 to about 12 workstations and I would like to
have a standard set of instructions to activate Secure Boot (most of the
computers, but not all, are the same model).
I read the Ubuntu Wiki on the topic [1], but I did not understand the
shim / signing stuff (and I don't want to dive deep because I do not
want to sign my own components).
Here is what I did:
- UEFI: csm=off, OS_Type=Windows 10 (NOT Other OS [2]), Secure Boot=on,
clear sec. boot keys, install default sec. boot keys
- I install Ubuntu22.04 which asks for a Secure Boot password
- on reboot, a "MoKUtil" text ui opens which I think allows to "enroll
keys" etc. and "continue". I do not want to sign a kernel / new
modules, so I just chose "continue"(don't know if I got this right). I
was _never_ prompted for the secure boot password given on installation.
- mokutils --sb-status says that SB is enabled.
- am I doing it wrong / is there a relatively easy how to for
configuring Ubuntu22.04 with SB?
- is an upgrade to 24.04 later possible with SB enabled?
- is suspend possible (hibernation is not according to Debian wiki)?
- any other things that won't work beside those listed in the Debian
wiki [3]?
Many Thanks and Best Regards,
Felix
[1] https://wiki.ubuntu.com/UEFI/SecureBoot
[2] I read that with OS_Type=Other OS is no longer recommended for
Ubuntu/Debian and gives only "Secure Boot light".
[3] https://wiki.debian.org/SecureBoot#Secure_Boot_limitations
--
Felix Natter
More information about the ubuntu-users
mailing list