Ubuntu – Is it safe to disable Secure Boot?

16.04acersecure-bootwindows 10

I just wanted to know if it is safe for me to disable secure boot for the purpose of installing the latest Nvidia Graphics Driver.

I am running Windows 10 alongside Ubuntu 16.04 on an Acer Aspire V Nitro. They each have their own partition on the same HDD.

Best Answer

Secure boot forces both Windows and Ubuntu to require that all system level drivers are "signed", proving that they approved as authentic software. The idea is fairly good, and on Windows, Microsoft signs most of the drivers.

However, on Ubuntu, the user may require special drivers for their wireless card, video card, or specialty hardware. These drivers are normally unsigned, as they can come from a number of different sources. If secure boot is enabled, and the drivers are not signed, these drivers will not load. In order for them to load, each driver must be "signed". This process of signing the drivers is not extremely difficult, but it can be a hassle... especially if you change/update the driver, or change/update the kernel software that is a part of Ubuntu. Each change will require that you resign the driver.

So, imagine this... your system is running fine... you have secure boot enabled... your drivers are all properly signed... and you use Ubuntu's Software Updater and it installs a new kernel... or you install a new driver... and you reboot the system only to find that your wireless card may no longer work, your video card doesn't display properly, or your specialty hardware no longer works. Now you must recompile and resign all of the modules again. Not fun.

On my own system, I use 5 custom DKMS driver modules that would require resigning after every Ubuntu kernel update. Oh my.

Short story... disable secure boot and be happy. Windows won't care, and Ubuntu will survive software updates and driver installs with less work on your part.

Related Question