Join Log in
Score:2
Yume avatar Ubuntu

How to PERMANENTLY Disable Secure Boot?

cn flag
Yume

I have been trying to install Nvidia Driver on my Asus Tuf Dash F15 Laptop for a month now. The people at https://forums.developer.nvidia.com/t/problems-installing-driver-on-laptop-with-an-intel-igpu-and-nvidia-card-with-optimus-technology/185030 have instructed me to ask Ubuntu how to do disable secure boot permanently.

It seems that whenever I reboot my laptop, the SHIMX64 boot file replaces the grubx64.efi file I manually configure. They think this is not allowing my computer to boot after the nvidia driver is installed. Even though in the bios it says secure boot and fast boot are disabled.

efibootmgr -v
BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0002,0000
Boot0000* Windows Boot Manager  VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...3................
Boot0002* ubuntu    HD(1,GPT,8d14fed6-6fff-4e5b-8c4e-330283fb6ca0,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)

Then if i efibootmgr -c -d /dev/nvme0n1 -p 1 -l \\EFI\\ubuntu\\grubx64.efi -L "UBUNTU" I get

efibootmgr -v
BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0001,0002,0000
Boot0000* Windows Boot Manager  VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...3................
Boot0001* UBUNTU    HD(1,GPT,8d14fed6-6fff-4e5b-8c4e-330283fb6ca0,0x800,0x100000)/File(\EFI\ubuntu\grubx64.efi)
Boot0002* ubuntu    HD(1,GPT,8d14fed6-6fff-4e5b-8c4e-330283fb6ca0,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)

So i then efibootmgr -b 0002 -B to get

efibootmgr -v
BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0001,0000
Boot0000* Windows Boot Manager  VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...3................
Boot0001* UBUNTU    HD(1,GPT,8d14fed6-6fff-4e5b-8c4e-330283fb6ca0,0x800,0x100000)/File(\EFI\ubuntu\grubx64.efi)

And this is all good and dandy until i reboot and then we are back to

efibootmgr -v
BootCurrent: 0002
Timeout: 1 seconds
BootOrder: 0002,0000
Boot0000* Windows Boot Manager  VenHw(99e275e7-75a0-4b37-a2e6-c5385e6c00cb)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...3................
Boot0002* ubuntu    HD(1,GPT,8d14fed6-6fff-4e5b-8c4e-330283fb6ca0,0x800,0x100000)/File(\EFI\UBUNTU\SHIMX64.EFI)

What do? Please help. Thank you.

173
0 + 8
sudodus avatar
jp flag
sudodus
Is Windows involved in this process (Is it a dual boot system)? Or is only Ubuntu installed? Can you boot the computer in BIOS mode (alias CSM alias legacy mode)?
1
Reply
sudodus avatar
jp flag
sudodus
My experience is that booting in BIOS mode (alias CSM alias legacy mode) is not affected by the kind of problem that you describe. I have experience from many different computer brands and models, but not ASUS Tuf, so I am not 100% sure. Anyway, yes, I think that reinstalling ubuntu in this way (to switch from UEFI mode to BIOS mode) will fix the secure boot problem. It should also be possible to modify the boot system to boot also in BIOS mode, but it is more complicated.
0
Reply
Yume avatar
cn flag
Yume
It is only Ubuntu21. The laptop was Windows by default but I erased disk and install Ubuntu21. I can get to bios.
1
Reply
sudodus avatar
jp flag
sudodus
If it were my computer, I would boot and install in BIOS mode. Then there should be no UEFI shenanigans. And I think secure boot is more about Microsoft locking other operating systems out than making the computer secure.
0
Reply
Yume avatar
cn flag
Yume
How do i install in bios mode? like how do I get to a terminal in bios?
0
Reply
sudodus avatar
jp flag
sudodus
You wrote that you can get to bios. I thought it means that you can get into the menus of the computer's UEFI/BIOS system and modify the settings - in this case to turn off [secure boot and] UEFI and set the computer to boot in BIOS mode alias CSM alias legacy mode. When you are there, boot into an Ubuntu live drive and install Ubuntu into the internal drive.
0
Reply
Yume avatar
cn flag
Yume
Are you suggesting that reinstalling ubuntu in this way will fix the secure boot problem? In the bios is already says secure boot is off.
0
Reply
Yume avatar
cn flag
Yume
I did as you said and was able to get Ubuntu without UEFI. but this did not fix my nvidia driver problem. its something to do with optimus prime dual gpu. I'll post a different thread. Thnx anyways!
1
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.