5

Or is it a temporary thing that exists only during the installation?

Btw, I'm guessing that using the password doesn't permanently turn off Secure Boot, but just lets something unsigned slip through, right?

Screenshot of installation program

Screenshot of message that appears when you click "Learn more…"

Edit: Since it upon closer inspection doesn't seem to be about actually disabling Secure Boot, but rather run mokutil --disable-validation to tell the shim not to validate stuff (I don't know the details), perhaps it's more proper to install these things later and actually sign them first. Am I on the right track here?

Community
  • 1
Bromskloss
  • 171
  • There are no password for secure boot. There could be passwords for user and/or supervisor in UEFI/BIOS and yes, you must never forget them once set. –  Jan 04 '17 at 15:59
  • @CelticWarrior: The installation program asks me to provide a password to "Turn off Secure Boot" so that third-party drivers can be installed. It says that I will get to enter it during boot. Other people have told me that it's not actually about turning off Secure Boot, but rather to convince the shim that it can skip validating some driver-related thing or other. I don't know. – Bromskloss Jan 04 '17 at 17:18
  • It's a supervisor password and it's about UEFI setting, nothing to do with Ubuntu. –  Jan 04 '17 at 17:20
  • @CelticWarrior: If you say so. In any case, it's something that Ubuntu's installation procedure asks me to make a decision about. I have added a screenshot. – Bromskloss Jan 04 '17 at 17:31
  • Disable it in UEFI settings before installing. –  Jan 04 '17 at 17:34
  • It seems that what it does is mokutil --disable-validation. – Bromskloss Jan 04 '17 at 18:36
  • 1
    It's going to completely turn of Secure Boot because, like it says, those third party programs will not work with it on. It's asking you for a password because, like it says, it's just going to make sure it's you disabling it when Ubuntu shows you how to do it. It's a temporary password. – TheWanderer Jan 05 '17 at 00:41
  • @Zacharee1 could you please write an answer? I don't want to close this question as it seems quite helpful. – Zanna Jan 05 '17 at 09:55
  • 1
    @Zanna I can try. I'm on mobile right now though. – TheWanderer Jan 05 '17 at 11:55
  • Great, you can edit it later. At least we've got an upvoteable answer that people can use even if the question gets closed. Thanks a lot – Zanna Jan 05 '17 at 11:57

1 Answers1

2

It's going to completely turn off Secure Boot because, like it says, those third party programs will not work with it on. It's asking you for a password because, like it says, it's just going to make sure it's you disabling it when Ubuntu shows you how to do it. It's a temporary password.

You can't easily have Secure Boot turned on and also load kernel modules that aren't signed to work. There's not much benefit to Secure Boot, and many (probably most) Ubuntu/Linux users feel comfortable turning it off permanently.

Zanna
  • 70,465
TheWanderer
  • 19,395
  • 12
  • 50
  • 65