Mediatek RT3290 Ubuntu 16.04 driver, UEFI mode issue

Question

I managed to to install the driver as described on the last post by David Foerster but to do so I had to disable UEFI mode:

Ralink RT 3290 Bluetooth Problem on Ubuntu 14.04

During the driver installation a blue window opened inside the terminal concerning the UEFI mode, asking me to disable it and setting a password in order to verify the legitimacy to use a 3rd party drivers. So I've set the password and reboot. On reboot a new blue boot window concerning UEFI opened and I simply let it boot with no additional change. No password was requested.

Finally when entering Ubuntu again the bluetooth was not working and since the disable UEFI mode was mentioned on the process I decided to disable it just to check. Guess what, the bluetooth was working. Now, I want to keep UEFI mode ON and as soon as I enable it the bluetooth stops working.

How can I make the new 3rd party driver for the bluetooth to be a permanent change, with UEFI mode ON?

Thank you

Answer 1

I think you mean Secure Boot, not UEFI. Secure Boot is one optional feature of UEFI. Your firmware is UEFI (which is EFI 2.x; I often use "EFI" to refer to either EFI or UEFI), not a BIOS, despite the fact that many people, and even manufacturers, refer to EFIs as "BIOSes." Thus, you cannot disable your EFI, although there is a partial exception: Most EFIs provide a Compatibility Support Module (CSM), which enables them to launch BIOS-mode boot loaders. Some EFIs permit enabling the CSM (aka "legacy boot support" or something similar) and disabling the booting of native EFI-mode boot loaders, thus making the EFI work like an old-school BIOS. In most cases, though, enabling "legacy boot support" makes it possible -- but not required -- for the computer to boot in BIOS/CSM/legacy mode. For more on the confusion created by CSMs, see my page on the topic.

Secure Boot is another issue. This optional feature is designed to prevent pre-boot malware from launching. Unfortunately, it can also be a royal pain if you want to launch obscure OSes, use third-party drivers, etc. Ubuntu supports Secure Boot, but its third-party drivers are an exception to this rule. Thus, you may need to disable Secure Boot, or at least loosen its grip on the system once the Linux kernel has launched. Recent versions of Ubuntu provide a feature that enables you to do this with the settings you've described.

I've heard some people claim that their EFIs permit disabling Secure Boot only by also enabling the CSM. I've never seen a firmware that's set up in this way, but some EFI setup utilities can be quite confusing. Thus, I'm not sure if the reports I've seen are accurate (which might explain your reporting it in the way you have) or if the people reporting such configurations are missing an option. I show several examples of how to disable Secure Boot on this page of mine.

At the moment, it sounds like you're booting in EFI mode -- switching to BIOS-mode booting would require re-installing GRUB (or some other boot loader), but with Secure Boot enabled. If you want to boot with Secure Boot enabled and still use a third-party driver, you'll need to sign that kernel module with a Secure Boot key that you "own" and whose public key is entered in your firmware or your Machine Owner Key (MOK) list. I don't know of a page that provides step-by-step instructions for doing all of this, and in fact it's complex enough that I can't provide detailed instructions off the top of my head. It is possible, though. As a starting point, you might try reading my page on fully controlling Secure Boot, and particularly the section on generating keys and signing EFI binaries. You'll need to create a Secure Boot signing key, either enter it into the MOK list using MokManager or replace your usual keys and add your own, and then sign the new kernel module with a binary called sign-file that comes with the Linux kernel source code.