Installing Ubuntu 20.04 LTS with third-party software and Secure Boot is confusing

drivers uefi secure-boot

I agree this MOK management could have been explained better by the Ubiquity installer, as I have struggled with it myself.

Q1: What password is this actually? Is it BIOS password, or password used to sign the grub, or simply a confirmation password I need to enter later after reboot?

A1: This is the password to confirm enrolling the MOK key for your third-party drivers or software. You will only have to use this password once, so you can choose an easy one, as long as it's at least 8 characters long.

Q2: Is this a one-time password, or can I change this password later? How to change it?

A2: See above. You will only use it once, so no need to change it.

Q3: Is this bluescreen part of firmware, or part of Grub?

A3: It's a part of Shim, Linux bootloader for UEFI systems. It boots GRUB, that then boots GNU/Linux.

Q4: What is "key" actually? Was it the password I entered before?

A4: No, the key is a long combinations of characters that's connected to the third-party drivers you're installing. Ubuntu also has this key, in fact, but it is signed by Microsoft themselves, so you need not manually enroll it. But any third-party drivers (like nVIDIA video drivers etc) need to be signed manually, which is what the Ubiquity installer does when prompting you to create a password for the new key. You need this password to confirm to the MOK management tool that it is really you who wants to enroll this key and not a malicious program or a hacker.

Q5: Was the enrollment done automatically? Without entering anything such as a password or key?

A5: If you haven't entered your password, then the enrollment hasn't been done. I think you should have chosen the other option beside 'view', but then the screen is set to expire after several seconds of inactivity, which is what happened.

Q6: How to verify that everything is okay (UEFI or Secure Boot is not messed with something password or key, third-party software is installed/activated successfully)?

A6: You can confirm that the key wasn't installed properly by opening up a terminal (Ctrl+Alt+T) and typing:

mokutil -l

This will list all the enrolled keys, which in your case should be none.

Now, as for whether you really need to enroll this key, this depends on what exactly the 'third-party-software' was. This could have been some hardware drivers, in which case your PC might not work as well as it could have and you should install these drivers and then enroll the key associated with them. Does your Hp Envy have an nVidia GPU? If so, the proprietary driver for this videocard was definitely among the third-party software you failed to install by not enrolling the MOK key successfully. You can remedy this by pressing the Super (Windows) key and typing Additional Drivers, then selecting the application Additional Drivers, choosing 'proprietary-tested' from the list there and installing it. This will prompt you to enroll the MOK key again, and this time you can finish it.

Hope this helps.

Related

Unable to run anaconda-navigator out of conda envirnment (base)
Mounting drives and Udev - Udev does not mount drives but executes other aspects of the script
Netplan throws an error when attempting to load a config file, provides no details about what the error is
Embedded terminal in Nautilus?
Where is Bing's Picture of the Day stored on my system?
Merging all disks in ubuntu
Changing email application in Preferred Applications to GMail?
Total War: Rome 2 using llvmpipe instead of nvidia card
Scanner of Epson ET-2750 doesn't work - "sane_start: Invalid argument" - Kubuntu 20.04
How to install R 4.0 on Ubuntu 18.04 when 'r-base' has no installation candidate
Unmet dependencies for vim-tiny package [duplicate]
How to mount a hibernated Windows drive [closed]