I read that there is another way than using shim and signed GRUB binaries for Secure Boot by using the Linux Foundation's PreLoader or Linux Foundation's Secure Boot System, but how do I use it?
moved from https://askubuntu.com/a/520351/40581
Ubuntu – How to use the Linux Foundation’s PreLoader
secure-bootuefi
Related Solutions
i figured it out my self ... i used chkdsk command in windows 8 and it repaired the partition.
thanks if anybody took pain to solve this .. i would have deleted this question the same day i posted it here but i don't know how to. sorry
The simple solution is to disable Secure Boot, as described on this page of mine. To be sure, it's better to run with Secure Boot enabled, but if the feature isn't working as designed, it's a liability.
For more thorough diagnostics, I recommend you start by examining your EFI boot entries by typing sudo efibootmgr -v, as in:
$ sudo efibootmgr -v
BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,0003,0007,0001
Boot0000* rEFInd Boot Manager HD(2,1f4800,82000,5f6b4992-fcfe-4a2c-9e67-98b0a30dfe7d)File(\EFI\refind\refind_x64.efi)
Boot0001* Lenovo Recovery System HD(3,276800,1f4000,de3b7563-97f5-48c6-ab7f-2f5d6d57c644)File(\EFI\Microsoft\Boot\LrsBootMgr.efi)RC
Boot0003* ubuntu HD(2,1f4800,82000,5f6b4992-fcfe-4a2c-9e67-98b0a30dfe7d)File(\EFI\ubuntu\shimx64.efi)RC
Boot0007* Windows Boot Manager HD(2,1f4800,82000,5f6b4992-fcfe-4a2c-9e67-98b0a30dfe7d)File(\EFI\Microsoft\Boot\bootmgfw.efi)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}....................
Check the BootOrder line and examine each of the entires specified in order. For instance, in this example, 0000 is first, and Boot0000 launches rEFInd. What you should examine in more detail is the file that's launched, such as \EFI\refind\refind_x64.efi for this example's Boot0000. In the case of a standard Ubuntu Secure Boot launch, the file should be shimx64.efi, which of course is not the case for this example's Boot0000 -- but it is true for this example's next boot entry, Boot0003.
This example would probably produce a Secure Boot warning such as you describe on most computers, but after that warning, GRUB and Ubuntu might launch, since when Boot0000 failed, the system would move on to Boot0003, which should succeed. It's possible that something like this is happening to you -- but it's probably launching grubx64.efi first, and then either failing to move on or shimx64.efi might not have an entry. If this is the case for you, you could tweak the boot order with the -o option to efibootmgr or create a new entry entirely. The details depend on what you see from efibootmgr -v and what's actually installed on your hard disk, though.
If your efibootmgr -v output shows that the computer should be launching shimx64.efi first, then I recommend you compare that file to the EFI/BOOT/bootx64.efi file on the Ubuntu installation media that do boot. Check their file sizes with ls -l and check if they're identical with diff; for instance:
diff /mnt/cd-media/EFI/BOOT/bootx64.efi /mnt/esp/EFI/ubuntu/shimx64.efi
(The mount points are likely to be different, of course.) These files should be identical, which diff indicates by providing no output. If they aren't, you could try overwriting the shimx64.efi on the hard disk with bootx64.efi from the installation medium. If the two files are not identical because of a package upgrade, that would be cause for filing a bug report. They might not be identical for some other reason, though, like disk corruption or a (very rare) error when copying files.
If the files are identical but the external medium boots and the hard disk doesn't, then that probably means you've got a buggy EFI. You might look for an update on your manufacturer's Web site. (They probably call it a "BIOS update," although it's really not a BIOS.) If that doesn't help, you might try filing a bug report with the manufacturer.
Best Answer
Setting up PreLoader
/boot/efi/and at least contains a folder namedEFI. From the platform perspective (your computer) this folder is\EFI\during the boot stage. (/media/my_efi_system_partition/EFI=\EFI\)\EFI\BOOT\loader.efi. Some loaders like gummiboot need to be configured properly.\EFI\BOOT\bootx64.efiandHashTool.efito the same directory.You can find more detailed explanations over at Rod Smith's site.
Using HashTool
If you followed the instructions carefully and have Secure Boot enabled, you should be greeted by the following screens upon next boot, which guide you through enrolling the hash of the unsigned loader that would otherwise break the chain of trust.