UPDATE: Found this link. So apparently the bootloader itself passes Secure Boot, which is enough to satisfy the firmware, but then it turns around and loads the OS, which can optionally ignore Secure Boot validation. The command in the post marked as an answer may help you though: https://askubuntu.com/questions/726052/ubuntu-booting-in-insecure-mode-with-secureboot-enabled
If you have Secure Boot enabled in the BIOS, then it's not possible to boot in insecure mode. Secure Boot causes the system's UEFI firmware to refuse to boot from any bootloader that isn't signed. You shouldn't have to mess with embedded keys and certificates for Secure Boot, because newer Ubuntu bootloaders are signed by an authority whose certificate is already included by default on systems that use Secure Boot. Although if you already messed around with that, I'm not sure what to tell you. You might want to consider restoring your BIOS settings to their defaults in that case, although I don't know if that will reset your certificate store since I've never tested that.
Reinstalled and upgraded to Ubuntu 18.04. During the upgrade I was asked to generate MOK keys and to supply a temporary password. After rebooting you are asked to give the password and then 'Enroll MOK'. I **bleep** up the password last time since I use an AZERTY keyboard layout, but the system starts in US-INTERNATIONAL keyboard layout.
jphughan
9 Legend
•
14K Posts
1
December 9th, 2018 09:00
UPDATE: Found this link. So apparently the bootloader itself passes Secure Boot, which is enough to satisfy the firmware, but then it turns around and loads the OS, which can optionally ignore Secure Boot validation. The command in the post marked as an answer may help you though: https://askubuntu.com/questions/726052/ubuntu-booting-in-insecure-mode-with-secureboot-enabled
jphughan
9 Legend
•
14K Posts
1
December 9th, 2018 09:00
If you have Secure Boot enabled in the BIOS, then it's not possible to boot in insecure mode. Secure Boot causes the system's UEFI firmware to refuse to boot from any bootloader that isn't signed. You shouldn't have to mess with embedded keys and certificates for Secure Boot, because newer Ubuntu bootloaders are signed by an authority whose certificate is already included by default on systems that use Secure Boot. Although if you already messed around with that, I'm not sure what to tell you. You might want to consider restoring your BIOS settings to their defaults in that case, although I don't know if that will reset your certificate store since I've never tested that.
THX-101
10 Posts
1
December 9th, 2018 10:00
Reinstalled and upgraded to Ubuntu 18.04. During the upgrade I was asked to generate MOK keys and to supply a temporary password. After rebooting you are asked to give the password and then 'Enroll MOK'. I **bleep** up the password last time since I use an AZERTY keyboard layout, but the system starts in US-INTERNATIONAL keyboard layout.