Should I turn secure boot off?

I recently installed Ubuntu 16.04 LTS with Secure Boot on. I did not understand the relevance of it at the time. Should I turn it off to prevent future problems, or is it ok to leave it on?

Thank you


If your computer is operating correctly, I wouldn't change a thing.

Secure Boot is usually only an issue if you try to load a 3rd party kernel module. For example, if you need to compile and install a wireless networking driver, it won't load and drive your device if Secure Boot is enabled. Here is an example of a relevant question: How do I get a Realtek RTL8723BE wireless card to work?

Important: For new Ubuntu kernels installed on a system with Secure Boot on UEFI, the unsigned kernel module may not load.

There are many other examples aside from wireless.

Here is another very helpful question and answer: Why do I get "Required key not available" when install 3rd party kernel modules or after a kernel upgrade?


If your installation works fine and you are not using any 3rd party kernel drivers, like e.g. the proprietary Nvidia graphics drivers or Broadcom wireless drivers, there's nothing speaking against having Secure Boot on.

Secure Boot is a feature of UEFI that requires the system's boot files to be digitally signed, which would prove that they are genuine and trustworthy. Ubuntu has a signed boot loader and kernel by default, so it should work fine with Secure Boot. However, if you need to install DKMS modules (3rd party kernel modules that need to get compiled on your machine), these do not have a signature, and thus can not be used together with Secure Boot.

See Why disabling "Secure Boot" is enforced policy when installing 3rd party modules for some more details about these DKMS modules.

Anyway, as I stated in the beginning, as long as everything works and you don't need to turn it off, there's no harm in leaving it on. After all, it protects your system against changed, malicious boot loaders.