Community
cancel
Showing results for 
Search instead for 
Did you mean: 
jdege
Beginner
306 Views

What is "Secure Boot"

I recently bought a NUC, with the intention of using it to run an Ubuntu VMWare host.

Ubuntu installed without issue, and the VMWare Workstation install as well, except that on start VMWare tried to build and install a pair of drivers, and that failed.

I found instructions for calling with that, here: https://develmonk.com/2020/06/06/whats-wrong-with-vmware-workstation-on-ubuntu/.

And it all seemed to work, to include signing the driver modules and importing the signing key into the system's MOK list.

After a reboot I was asked for the password for the signing key, and I thought everything was fine.

It wasn't. VMWare was still unable to load the drivers.

At this point, I was stuck, essentially trying things at random.

I went into the BIOS and tried to change UEFI boot, and was unable to.

I saw the setting for "Secure Boot", and just to see I disabled it. And afterwards, VMWare could load the drivers.

What is this "Secure Boot"?

How does it differ from UEFI Boot?

And why would it prevent signed drivers from loading?

0 Kudos
8 Replies
AlHill
Super User
299 Views

Secure Boot?  From Microsoft:

https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot

Doc (not an Intel employee or contractor)

jdege
Beginner
232 Views

How does UEFI differ from Secure Boot?

If they work together, what does UEFI do, and what does Secure Boot do?

If I turn off Secure Boot, how much security do I have left?

If I turn Secure Boot back on, how do I get it to recognize MOK-signed drivers, in Ubuntu?

n_scott_pearson
Super User Retired Employee
226 Views

UEFI is simply a common (ok, 'universal') framework for implementing BIOS. It implements or supports most of the standard interfaces and capabilities necessary within a BIOS.

Secure Boot was described above, but I will say it slightly differently: It is a security feature implemented in the BIOS, which tries to establish a root of trust that starts at the H/W and F/W and extends all the way up into the O/S.

If you turn off Secure Boot, you will still have the security features implemented within the O/S environment, you just won't have the security against other, perhaps nefarious, O/S being booted.

For Ubuntu, start here: https://wiki.ubuntu.com/UEFI/SecureBoot.

Hope this helps,

...S

jdege
Beginner
182 Views

Why are my signed drivers not being loaded?

Is there some kind of logging that will explain why they are not being accepted?

AlHill
Super User
178 Views

@jdege You should be contacting the LINUX community regarding your OS and secure boot.

Note that you boot your OS in either legacy or UEFI mode.  If you have concerns about secure boot, turn it off.

Doc (not an Intel employee or contractor)

David_G_Intel
Moderator
146 Views

Hello jdege


Were you able to check the previous post?  

Let us know if you still need assistance.   

  

Best regards,  

David G.   

Intel Customer Support Technician  


jdege
Beginner
143 Views

I have a better understanding of the difference between UEFI and Secure Boot, thanks.

I don't get understand why my signing process isn't working. But I'll chase that on the Ubuntu forums.

David_G_Intel
Moderator
90 Views

Hello jdege

  

Thank you for the update.

  

We are glad to see the community answered your request, we will proceed to close this thread now. If you need any additional information, please submit a new question as this thread will no longer be monitored.

  

Best regards, 

David G 

Intel Customer Support Technician