Linux Developer Systems

Last reply by 06-17-2019 Solved
Start a Discussion
3 Silver
11871

XPS 13 9370 Ubuntu Unsecure Boot

Hi,

My third question concerns Secure Boot.

I am wondering why the Ubuntu edition laptop is delivered with Secure Boot disabled.
Do we agree that Ubuntu 18.04 is compliant with Secure Boot feature ?

Thanks.

Kind regards,

Christophe

Replies (11)
2275

Secure Boot has worked since 12.04.5 by dropping the GRUB 2 bootloader as a default tool on systems with Secure Boot enabled and generating an Ubuntu-specific signing key to use with UEFI. 

https://lists.ubuntu.com/archives/ubuntu-devel/2012-June/035445.html

The UEFI specification is not the problem for Linux. The problem is Microsoft's other requirement for any Windows certified client: the system must support Secure Booting. This hardened boot means that 'all firmware and software in the boot process must be signed by a trusted Certificate Authority."

Ubuntu 18.04 LTS will be supported for 5 years until April 2023.

Clean install starting with 18.04.2  hasn't been a problem for me.

Download the latest LTS version of Ubuntu, for desktop PCs and laptops. LTS stands for long-term support — which means five years, until April 2023, of free security and maintenance updates, guaranteed.

 

http://releases.ubuntu.com/18.04/

Ubuntu 18.04.2 LTS (Bionic Beaver)

http://releases.ubuntu.com/18.04/ubuntu-18.04.2-desktop-amd64.iso

 

Ubuntu 18.04 LTS release notes

 


Report Unresolved Customer Service Issues
here

I do not work for Dell. I too am a user.

The forum is primarily user to user, with Dell employees moderating
Contact USA Technical Support


Get Support on Twitter @DellCaresPro


Diagnostics & Tools

9965

I am answering to myself.

Both packages shim-signed and grub-efi-amd64-signed were installed and signed with Microsoft UEFI key.

~$ sudo sbverify --cert microsoft-uefica-public.crt /boot/efi/EFI/BOOT/BOOTX64.EFI warning: data remaining[1171248 vs 1334816]: gaps between PE/COFF sections? Signature verification OK

~$ sudo sbverify --cert microsoft-uefica-public.crt /boot/efi/EFI/ubuntu/shimx64.EFI warning: data remaining[1171248 vs 1334816]: gaps between PE/COFF sections? Signature verification OK

The problem was coming from Dell BIOS which was not supporting the Secure Boot correctly.

I have upgraded BIOS to version 1.9.0 and it works ! I can now boot in Secure Boot mode.

Issue fixed in BIOS 1.9.0: Fixed an issue with Secure Boot Option ROM Signature Verification.

So XPS 13 9370 users shall upgrade their BIOS in order to have Secure Boot mode functionnal with Dell Ubuntu.

Latest Solutions
Top Contributor