Hi,

I am answering to myself.

When I configure XPS 13 9370 BIOS in Secure Boot, Dell SupportAssist is launched from BIOS to scan in order to detect any potential hardware problems. And the output of the test is : no bootable devices were found....

So I think Secure Boot is disabled by default simply because it is not working on XPS 13 9370 Ubuntu.

Is this another bug ? :-(

Can you tell if Support Assistant launches from the drive or is embedded in the BIOS firmware? I'm curious because I reinstalled Windows from a download from MSFT which does not include the Dell partitions. I dual boot Debian which does not have a signed boot loader so the question is moot right now but Ubuntu does have a signed boot loader and should be able to support secure boot.

I also wonder if this is on the drive does that mean the extra check is bypassed or would this result in inability to enable secure boot.

Hi,

I have reinstalled Dell Ubuntu version with full encryption feature, meaning there is no more Dell Ubuntu recovery partition available.Therefore I think Support Assistant is launched from BIOS firmware.

But XPS 13 9370 Ubuntu Dev. Edition does not come with standard Ubuntu kernel but with Dell oem kernel version.

Hi all,

Did someone succeed in enabling secure boot for Ubuntu Developer Edition machine ?

I have upgraded BIOS to version 1.6.3 and it still doesn't work.

Thanks !

Hi @dell-mario l 

Sorry to bother you with that, but are you aware of this ?
Are you in position to enable Secure Boot with Dell Ubuntu version ?

Thanks !

When you re-installed the OEM image - can you confirm you reinstalled in UEFI mode or legacy mode?  If you re-installed in legacy mode, secure boot can't work in legacy mode.

Hi @dell-mario l, yes I can confirm I have reinstalled in UEFI mode and the system is booting in UEFI mode (legacy mode disabled).

I would recommend checking to make sure that you have the signed grub and shim packages installed.  With both of those installed you should be able to enable secure boot.

So, I was wrong thinking I have just to enable the Secure Boot feature in the BIOS.
Meaning the grub is not signed by default and I have to sign it myself ?

Secure Boot has worked since 12.04.5 by dropping the GRUB 2 bootloader as a default tool on systems with Secure Boot enabled and generating an Ubuntu-specific signing key to use with UEFI. 

https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html

The UEFI specification is not the problem for Linux. The problem is Microsoft's other requirement for any Windows certified client: the system must support Secure Booting. This hardened boot means that 'all firmware and software in the boot process must be signed by a trusted Certificate Authority."

Ubuntu 18.04 LTS will be supported for 5 years until April 2023.

Clean install starting with 18.04.2  hasn't been a problem for me.

Download the latest LTS version of Ubuntu, for desktop PCs and laptops. LTS stands for long-term support — which means five years, until April 2023, of free security and maintenance updates, guaranteed.

http://releases.ubuntu.com/18.04/

Ubuntu 18.04.2 LTS (Bionic Beaver)

http://releases.ubuntu.com/18.04/ubuntu-18.04.2-desktop-amd64.iso

Ubuntu 18.04 LTS release notes