4

Ubuntu supports UEFI and Secure Boot, but it's unclear if they should be used. From my reading, it seems that using UEFI improves security, but the Ubuntu UEFI documentation says:

If you're installing Ubuntu as the sole OS on a computer, either mode is likely to work, although BIOS mode is less likely to cause problems... if Ubuntu is the only operating system on your computer, then it does not matter whether you install Ubuntu in UEFI mode or not.

Is this true? Does it really not matter whether UEFI is used, even when it comes to security?

Do you believe Ubuntu should be installed in UEFI mode?

John Karahalis
  • 196
  • UEFI is newer.. BIOS is 0lder.. If your pc have. Ap ability 0f UEFI you sh0uld use it without any doubt.. – PRATAP Mar 16 '20 at 04:09
  • 1
    If you have or are likely to install Windows on the same computer, install Ubuntu in the same mode as Windows so you can boot Windows from grub. On one computer I have Win 10 using UEFI and Ubuntu using BIOS, I need to tap F12 and select the Drive I need every boot. With BIOS everything just works. – C.S.Cameron Mar 16 '20 at 11:47

2 Answers2

2

UEFI is a newer technology, so its support has been added later to Ubuntu and therefore is generally less tested in real conditions than legacy BIOS. This doesn’t mean it hasn’t been tested enough, just the time in which the world is using UEFI is shorter than for legacy BIOS.

The text you quoted from Ubuntu UEFI documentation was added on 2015-06-07 which is almost 5 years ago.

either mode is likely to work, although BIOS mode is less likely to cause problems...

So if you are not experiencing any problems, you can happily use UEFI. I personally would choose UEFI because I find it mature enough and more flexible. (Related: In a dual boot system, how does the BIOS choose which bootloader to run?)

Does it really not matter whether UEFI is used, even when it comes to security?

As you have found already, UEFI offers Secure Boot which legacy BIOS does not. Legacy BIOS was never designed to provide security features.

Melebius
  • 11,431
  • 9
  • 52
  • 78
2

If you are encrypting the disk (LUKS), UEFI prevents (or at least makes it very hard) to make you boot on a hacked kernel (that could steal your passphrase). LUKS without UEFI wouldn't make much sense.

xenoid
  • 5,504
  • LUKS without UEFI wouldn't make much sense. Please provide some explanation for this, as it seems to be a rather bold statement. – Bruni Aug 13 '20 at 15:20
  • @Bruni Without UEFI, if I can access your PC, I can replace the kernel by one with a keylogger, and wait for you to retype the LUKS passphrase. – xenoid Aug 13 '20 at 16:29
  • That makes sense, and maybe I am a bit pedantic, but going from there to LUKS without UEFI would not make much sense is a long way in my humble opinion. In particular, if your main threat scenario is your laptop getting lost or being stolen and not an extremely nerdy nosy roommate or some security agency. – Bruni Aug 14 '20 at 09:18
  • @Bruni wouldn't make much sense != wouldn't make any sense :) – xenoid Aug 14 '20 at 09:30
  • ;-) Ok, you win – Bruni Aug 14 '20 at 09:49