2016年7月25日 星期一

Disable Secure Boot in shim-signed

The latest Ubuntu kernel updates bring some Secure Boot enhancement for the kernel modules when the Secure Boot is enabled in BIOS settings. However there is no easy way to sign those kernel modules in DKMS packages automatically so far. If we want to use those DKMS packages, we need to disable Secure Boot in BIOS settings temporarily or we can also disable Secure Boot in shim-signed temporarily. The following steps introduced how to disable Secure Boot in shim-signed.

  1. Open a terminal by Ctrl + Alt + T, execute `sudo update-secureboot-policy` and then select ‘Yes’.
  2. Enter a temporary password between 8 to 16 digits. (For example, 12345678, we will use this password later.)
  3. Enter the same password again to confirm.
  4. Reboot the system and press any key when you see the blue screen (MOK management).
  5. Select “Change Secure Boot state”.
  6. Press the corresponding password character and press Enter. Repeat this step several times to confirm previous temporary password like ‘12345678’ in step 2&3. For exmaple, '2' for this screen.
  7. Select ‘Yes’ to disable Secure Boot in shim-signed.
  8. Press Enter key to finish the whole procedure.

We can still enable Secure Boot in shim-signed again. Just execute `sudo update-secureboot-policy --enable` and then follow the similar steps above.

張貼留言