4

I´ve fully installed ubuntu 15.10 16.04 on an USB stick (no chroot/permanent live install), and managed to have it booting to BIOS as well as to UEFI.

How can I get secure boot working also on multiple machines?

I tried 

sudo apt-get install linux-signed-generic  grub-efi-amd64-signed Shim-signed

followed by 

sudo grub-install --uefi-secure-boot # --force

what led to the fact that it was indeed able to secure boot on the machine where I did that, but there ONLY.

I thought it must be possible somehow, as it is also possible to boot the ubuntu install stick created with rufus with secure boot enabled, and that´s not bound to any machine. Maybe I´m thinking wrong on this, so I´d be glad on any help, searching for days already.

EDIT: Upgraded to 16.04, but did not change anything.

Thanks!

CarneDiem
  • 41
  • 1
    If a full install, did you partition with gpt in advance and include the ESP - efi system partition on flash drive? http://askubuntu.com/questions/743095/how-to-prepare-a-disk-on-an-efi-based-pc-for-ubuntu Also external drives only boot in UEFI mode from /EFI/Boot/bootx64.efi which then needs to be copy of shimx64.efi. But that is hard coded to find /EFI/ubuntu so you need that copied also into ESP on external drive. Most UEFI with Secure boot on may not allow external drive boot. That separately must be enabled in UEFI. See also: https://ubuntuforums.org/showthread.php?t=2338836 – oldfred Nov 11 '16 at 15:57
  • it was made as MBR installation and afterwards I added the ESP partition, so the stick is BIOS and UEFI bootable. I´ve copied the file to EFI/ubuntu now, but same behavior, works on the system where it was created, as the NVRAM entry is there, but not on other systems (with secure boot enabled). – CarneDiem Nov 14 '16 at 10:48
  • Better to use gpt even if you want both BIOS & UEFI. http://askubuntu.com/questions/559007/is-it-still-possible-to-install-ubuntu-to-an-external-harddrive-with-uefi But external UEFI only boots from /EFI/Boot/bootx64.efi. Copy shimx64.efi from /EFI/Ubuntu to /EFI/Boot and rename. – oldfred Nov 14 '16 at 14:20
  • thanks @oldfred, but copying didn´t work for me, but I found a solution now. – CarneDiem Nov 15 '16 at 09:49

1 Answers1

0

this command solved my problem now:

grub-install --efi-directory /mnt/esp --boot-directory /mnt/rootfs/boot --target x86_64-efi --removable /dev/sdb --uefi-secure-boot

this finally lets me boot on uefi systems with secure boot enabled. the only errors I get while booting is 

error: file ´/boot/' not found.
error: no such device: /.disk/info.

it´s no real problem as it still boots, but if you have an idea what causes it and how to solve, I´d be thankful for any hint. error: no such device: /.disk/mini-info.

CarneDiem
  • 41