Ubuntu blocked by current security policy, solution inside Ubuntu rather than in BIOS

boot grub2 uefi

When I started my computer today, GRUB was blocked by this message :

Ubuntu has been blocked by the current security policy

I'm using a Lenovo Yoga, Ubuntu 18.04 LTS dual-booted with Windows 10. This window didn't let me access to GRUB, even by forcing booting to Ubuntu by accessing the MBR menu (with Fn + F12). My lonely choice was an OK on that message, and the computer booted automatically on Windows 10.

So I disabled Secure boot into BIOS settings, and that solved the previous issue, BUT I would like to solve it inside Ubuntu rather than in BIOS. My BIOS is in UEFI mode.

Yesterday, nothing special done, just update (and I removed Jonathonf python 3.6 PPA, which removed public access with sudo add-apt-repository -r ppa:jonathonf/python-3.6, because python packages won't let system to update).

What must I change into Ubuntu parameters to avoid this issue? So I could re-enable Secure boot inside BIOS.

How could I solve this issue without disable Secure boot BIOS option?

NB : I tried a solution from this Ubuntu forum link

sudo apt-get clean 
sudo apt-get autoclean 
sudo apt-get autoremove 
sudo apt-get -f install 
sudo apt-get install grub-efi-amd64-signed

But after re-enabling it, it didn't work.


Solution 1:

Secure boot won't allow an OS through if its bootloader isn't signed with a key it likes, which of course are only Windows ones for most manufacturers. Since 12.10 Ubuntu has supported secure boot using a recommended Microsoft key paired with a SHIM loader, but it sounds like something has corrupted in grub's verification with this. I would personally just recommend not using secure boot with Linux as it can cause problems when installing third party drivers (and it's technically been compromised anyways!), but if you'd still like to, you can try repairing grub with boot-repair:

sudo add-apt-repository -y ppa:yannubuntu/boot-repair && sudo apt install -y boot-repair

Use the "advanced options" and choose your OS and drive with grub as opposed to the auto-repair, which will install grub to every MBR it finds. If it can't repair on its own, you may have to manually sign grub's bootloader using these instructions.

Related

Thunderbird calendar events don't have clickable URLs turned on
Assign programs permanently to different sound-outputs in Pulseaudio?
Is there a global menu for the XFCE panel?
Enable opengl in vlc
How can I prevent [flush-8:16] and [jbd2/sdb2-8] from causing GUI unresponsiveness? [closed]
Why does the "monospace" font look great in Terminal and gedit, and terrible in IntelliJ IDEA?
Why can't my Wifi connect or disconnect?
Enable replace image feature in LibreOffice
Tiling window management with Unity
Save workspace between boots on linux
How do I move Nautilus' navigation buttons to the left?
Why don't Etron USB 3.0 controllers/ports work? (Asus P8Z68-V and other motherboards)