Linux Developer Systems

Last reply by 06-17-2019 Solved
Start a Discussion
3 Silver
11656

XPS 13 9370 Ubuntu Unsecure Boot

Hi,

My third question concerns Secure Boot.

I am wondering why the Ubuntu edition laptop is delivered with Secure Boot disabled.
Do we agree that Ubuntu 18.04 is compliant with Secure Boot feature ?

Thanks.

Kind regards,

Christophe

Solution (1)

Accepted Solutions
9750

I am answering to myself.

Both packages shim-signed and grub-efi-amd64-signed were installed and signed with Microsoft UEFI key.

~$ sudo sbverify --cert microsoft-uefica-public.crt /boot/efi/EFI/BOOT/BOOTX64.EFI warning: data remaining[1171248 vs 1334816]: gaps between PE/COFF sections? Signature verification OK

~$ sudo sbverify --cert microsoft-uefica-public.crt /boot/efi/EFI/ubuntu/shimx64.EFI warning: data remaining[1171248 vs 1334816]: gaps between PE/COFF sections? Signature verification OK

The problem was coming from Dell BIOS which was not supporting the Secure Boot correctly.

I have upgraded BIOS to version 1.9.0 and it works ! I can now boot in Secure Boot mode.

Issue fixed in BIOS 1.9.0: Fixed an issue with Secure Boot Option ROM Signature Verification.

So XPS 13 9370 users shall upgrade their BIOS in order to have Secure Boot mode functionnal with Dell Ubuntu.

View solution in original post

Replies (11)
3 Silver
11075

Hi,

I am answering to myself.

When I configure XPS 13 9370 BIOS in Secure Boot, Dell SupportAssist is launched from BIOS to scan in order to detect any potential hardware problems. And the output of the test is : no bootable devices were found....

So I think Secure Boot is disabled by default simply because it is not working on XPS 13 9370 Ubuntu.

Is this another bug ? :-(

11098

Can you tell if Support Assistant launches from the drive or is embedded in the BIOS firmware? I'm curious because I reinstalled Windows from a download from MSFT which does not include the Dell partitions. I dual boot Debian which does not have a signed boot loader so the question is moot right now but Ubuntu does have a signed boot loader and should be able to support secure boot.

I also wonder if this is on the drive does that mean the extra check is bypassed or would this result in inability to enable secure boot.

11038

Hi,

I have reinstalled Dell Ubuntu version with full encryption feature, meaning there is no more Dell Ubuntu recovery partition available.Therefore I think Support Assistant is launched from BIOS firmware.

But XPS 13 9370 Ubuntu Dev. Edition does not come with standard Ubuntu kernel but with Dell oem kernel version.

10690

Hi all,

Did someone succeed in enabling secure boot for Ubuntu Developer Edition machine ?

I have upgraded BIOS to version 1.6.3 and it still doesn't work.

Thanks !

10430

Hi @dell-mario l 

Sorry to bother you with that, but are you aware of this ?
Are you in position to enable Secure Boot with Dell Ubuntu version ?

Thanks !

10392

When you re-installed the OEM image - can you confirm you reinstalled in UEFI mode or legacy mode?  If you re-installed in legacy mode, secure boot can't work in legacy mode.

10305

Hi @dell-mario l, yes I can confirm I have reinstalled in UEFI mode and the system is booting in UEFI mode (legacy mode disabled).

10250

I would recommend checking to make sure that you have the signed grub and shim packages installed.  With both of those installed you should be able to enable secure boot.

10000

So, I was wrong thinking I have just to enable the Secure Boot feature in the BIOS.
Meaning the grub is not signed by default and I have to sign it myself ?

Latest Solutions
Top Contributor