Ubuntu 16.04 — how can I disable Secure Boot?
I have Ubuntu 16.04 installed on a Dell 5470. I want to reinstall it due to some reasons. I want to boot from USB to reinstall Ubuntu. The problem is, I cannot access the BIOS and the boot menu due to Secure Boot. When I press F2 or F12 during startup the computer still boots into Ubuntu. I tried systemctl reboot —firmware-setup but I receive Cannot indicate to EFI to boot into setup mode: Operation not supported How can I boot from USB and reinstall Ubuntu?
Did you leave fast boot on in UEFI (not Windows fast start up)? If so you may not have enough time to press a key. The grub menuentry ‘System setup’ should work, if not try cold boot or remove all power, including battery if laptop, hold power switch for 10 sec or so to drain all remaining power and reboot pressing correct key to get into UEFI immediately. askubuntu.com/questions/652966/…
Thx, I have tried to remove the power, after that when I restart the PC, I press F2, and I can see that my PC can receive my input since the notice on the screen was changed from F2 to bios to prepare . . But still I cannot go into Bios /.\
3 Answers 3
There are several ways to boot into the firmware setup utility, some of which you seem to be aware of:
- Using a keypress at power-on time — Unfortunately, there’s next to no standardization as to what keypress will enter the setup tool. It’s usually Esc, Enter, or a function key (but which one varies wildly — it’s often F2, F8, or F10, but can be something else). Setting the firmware’s «fast start» feature sometimes disables this method of entry to the setup tool because that leaves USB ports uninitialized. If the computer has a PS/2 port, you may be able to work around this limitation by using a PS/2 keyboard.
- Using systemctl — The command you presented earlier, sudo systemctl reboot —firmware-setup , works on some computers; but it clearly isn’t working for you. Windows 8 and later offers a similar feature, so if you can boot into Windows, you could try it, on the off chance that it would work better.
- Using a boot manager’s reboot-to-setup feature — Some boot managers offer a feature to reboot into the setup utility. GRUB does (although it may not be active by default), as does my rEFInd boot manager (it’s active by default but can be disabled; and it will not appear if the computer lacks the necessary support), as well as gummiboot/systemd-boot (I don’t recall if it’s active by default). I’m not positive, but I suspect that this feature would work on precisely those computers on which the preceding method would work, so I wouldn’t hold out much hope of it working for you.
- Remove all other boot options — If an EFI-based computer can’t find any other boot loader, it will normally launch its setup utility. The best way to take advantage of this is usually to unplug all your hard disks (and your network cables, if your network supports network booting). Alternatively, you could delete your EFI System Partition (ESP) or delete or move all the boot loader files on it so that the firmware can’t find them. The trouble with this method is that restoring the system to its original state might not render it bootable again, since many EFIs delete their NVRAM-based references to boot options that become invalid. Thus, you might need to use Boot Repair, efibootmgr , or some other tool to re-install GRUB or re-create its NVRAM entry once you’re done.
BTW, chances are it’s not Secure Boot per se that’s preventing you from entering your firmware setup utility. (Although it could be that Dell linked Secure Boot to making it harder to enter the firmware, this type of linkage is not required of Secure Boot, and I’ve never encountered it myself.) It’s more likely that it’s the firmware’s «fast start» feature leaving the USB ports uninitialized that’s at the root of the problem. Another likely possibility is that you’re trying the wrong key or that you’re hitting it outside of the (often very narrow) window in which it will work. Ask on a Dell forum or check your documentation to learn what key to press, and try it several times, hitting it repeatedly as the computer starts up.
How To Disable Secure Boot to Install Linux
Secure Boot is a UEFI (Unified Extensible Firmware Interface) firmware security feature created by the UEFI Consortium that ensures your computer boots up securely and safely by preventing unauthorized software from taking over your system. It boots only those bootloaders that are signed in to the UEFI firmware.
A secure boot is sort of a security gate. It analyzes code before you execute it on your system. It permits code to run if it has a valid digital signature and prevents code from running if it is not recognized.
While it’s a good upgrade from the legacy BIOS, UEFI secure boot can come in the way of installing Linux distros. In this article, let’s look at how we can disable secure boot to install Linux. Once installed, you can re-enable UEFI and your existing Linux install will be unaffected.
Accessing the UEFI boot menu
The secure boot protects your system from malware variants like rootkits and boot kits. It is not advised to turn it off, until it is required. In this case, you need to disable it if you want to dual-boot with Linux.
The first step involves accessing the UEFI menu. You can do it in 2 ways, i.e.
- by pressing a specific function key while your PC is booting, such as F1, F2, F12, or Esc.
- Using the Windows menu.
Steps to disable Secure Boot from the Windows menu
Step 1: Search for UEFI -> Go to Change advanced startup options.
Step 2: Now, click on Restart Now under the Advanced startup option.
Confirm that you want to restart your computer and let Windows automatically restart to advanced startup.
Step 3: After that select the Troubleshoot option on the next screen that appears.
Step 4: While other systems might prompt you to select advanced options, some will display the UEFI setting option. If you see the UEFI setting option, click on it. Alternatively, pick advanced.
It will notify you to restart in order to change any UEFI firmware settings. When you click the restart button, the BIOS/UEFI settings interface will appear.
Disabling secure boot in UEFI
Once you enter the UEFI utility, you’ll be able to change various settings here, including disabling secure boot. To disable secure boot, follow the following steps:
Step 1: Navigate to the Boot tab in the UEFI/BIOS configuration. The secure boot option can be found here and is currently enabled.
Step 2: Go to the Secure Boot option now, and then press Enter to choose it. Change its value with + or -, then choose Yes to confirm it.
Now that Secure Boot has been successfully disabled, you can finally explore the operating system of your choice by grabbing the closest previously bootable USB drive.
Conclusion:
Given the prevalence of ransomware today, a secure boot is more important than ever. Secure boot adds an additional layer of system validation to UEFI systems, enhancing system security. It might need to be turned off if you’re trying to install the second operating system because otherwise, you won’t be able to modify your system.