Ubuntu

Win8/12.04 dual boot - Secure boot won't allow!

Asked by Rich L

It took me the best part of 2 days to figure out how to do this and this seems to be the last line of frustration for me!

I own a Samsung NP740U3E which comes with its own UEFI/Bios.

To install 12.04 I D/Led the AMD64 version and created a bootable USB.

The laptop won't let me boot from stick unless I disable quick BIOS and secure boot - so I do this and change the boot to CSM.

This allows me to boot up from the USB and I choose to install Ubuntu.

I have already got 2 partitions ready - a 6.4GB partition for swap space (as I have 6GB RAM) and a 50 ish GB partition for (I believe this is the correct terminology?) root (I chose "/"). I'm not sure if I'm supposed to have a /home as well? This is an Ext4 Journal.

After installing and rebooting, I then go back into the USB and run Boot Repair, which after some time informs me that I'm running in Legacy mode - I continue anyway.

Now I keep fast BIOS off (not sure if this makes any difference). I enable secure boot after changing Ubuntu to be my priority boot, save and let the system reboot.

Secure boot immediately pipes up and advises me something about a signature and requires me to reboot.

If I disable secure boot and use UEFI, then this will allow me to go into GRUB and gives me the options to load Ubuntu/Win 8.

I'm told that Ubuntu should be digitally signed, and therefore able to boot up with secure boot no problems?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Ubfan (ubfan1) said : 		#1

Canonical got Microsoft's signature on a simple bootloader (shim.efi) which basically just boots the Canonical signed grubx64.efi program. So yes, if you are using the signed grubx64.efi, and you boot the shim, (in the same directory as the grubx64.efi, you should be able to boot with secure boot enabled. The signed versions of grubx64.efi is named grubx64.efi.signed, and you can just copy it to the EFI partition /EFI/ubuntu/grubx64.efi (note the name change without the .signed). There should be a shim.efi or shimx64.efi in the same directory, and that's what the efi boot menu should point to. Anyway, boot-repair when run with secure boot on should do that for you. It may also start renaming the boot loaders, so everything except the bkp... files are really just copies of shim, which you probably don't need (turn off the option when running it). Removable media with an EFI partition will default to looking for a bootloader in /EFI/Boot/bootx64.efi, so make that a copy of shim too (and have the signed copy of grubx64.efi there too) -- Some errors in booting the hard disk will actually fall back to trying the EFI/Boot/bootx64.efi file, so it's good to have around. Lots of work in process here, good luck.

Can you help with this problem?

Provide an answer of your own, or ask Rich L for more information if necessary.

To post a message you must log in.