Is disabing Secure Boot needed for Ubuntu 14.04 dual-boot with Windows 8 UEFI

I've read some guides on dual-booting Ubuntu and Windows 8, but all of the guides I have read are about older versions of Ubuntu. They recommend disabling Secure Boot because there is a bug in the Ubuntu installer that deletes the Windows 8 bootloader altogether. Is disabling this still necessary in Ubuntu 14.04? Can I enable it again after I am done installing? Also, on a related note, I KNOW that disabling Fast boot is needed for the installation, but after the installation is done, can I re-enable that too?


Solution 1:

You've actually raised four distinct issues:

  • Secure Boot -- In theory, disabling Secure Boot should not be necessary to install Ubuntu 14.04 (or even a couple versions before that). Practice usually follows theory, but sometimes it doesn't -- some computers just don't seem to get along well with Shim (the program that Ubuntu uses to work with Secure Boot). A Secure Boot problem is almost certain to manifest itself as an inability to even begin to boot -- either the Ubuntu installer or the Ubuntu system once it's installed. If you see so much as a GRUB menu or an Ubuntu boot logo, the Secure Boot hurdle has been passed. (In Fedora, Secure Boot can have follow-on effects much later, but this is much rarer in Ubuntu.)
  • ESP-deletion bug -- Old versions of Ubuntu would blindly create a fresh FAT16 filesystem on the EFI System Partition (ESP), which is where EFI boot loaders are stored. This action would erase the Windows boot loader, along with any other files on the ESP (such as third-party boot managers, firmware update files, etc.). This bug was reported in 2011 and fixed prior to the release of Ubuntu 12.04, and so should not affect Ubuntu 12.04, 12.10, 13.04, 13.10, or 14.04. That said, backing up all your current partitions before installing Ubuntu (or any OS) is a worthwhile precaution.
  • The firmware's fast boot feature -- Modern EFIs usually have a feature called "fast boot" or something similar. When enabled, the firmware takes certain shortcuts in its startup process, which can include minimal (rather than full) initialization of USB devices. (The OS must do its own full initialization later, no matter what the firmware does.) The effect can be that the computer won't boot from a USB flash drive. This is obviously bad if you're trying to install Ubuntu from such a disk, so it will be necessary to disable this feature when installing Ubuntu. (If your system has an optical disc and you're trying to install from it, USB-initialization shortcuts should be irrelevant, though.) Note that the details vary from one computer to another; you might not need to disable a "fast startup" feature on all computers. Once Ubuntu is installed, it's usually possible to re-enable the feature and Ubuntu will continue to boot -- but you'll need to disable it again if you want to boot from an external medium (say, for emergency maintenance).
  • Fast Startup in Windows -- Windows 8 has a feature called Fast Startup (aka Hybrid Boot or Hybrid Shutdown). This feature turns an ordinary shutdown operation into a suspend-to-disk action. One consequence of this change is that filesystems, including the ESP, are not properly unmounted. If you then try to dual-boot, the result can be filesystem damage to shared filesystems and/or an inability to mount shared filesystems. Thus, it's imperative that this Windows feature be disabled, and left disabled. Many Internet sites, such as this one, provide instructions on how to disable this feature. Note also that the Windows Fast Startup feature is completely unrelated to the firmware feature that may bear a similar name.

I hope this clarifies matters.


EDIT:

Recent versions of Ubuntu (I don't recall precisely when this started, but 16.04 is affected) tightened Secure Boot controls, making these versions susceptible to the "follow-on effects" I noted earlier. Specifically, third-party kernel modules (drivers) may not load unless you jump through hoops to sign them, as described here. Drivers for ATI and Nvidia video cards and for VirtualBox are commonly cited as reasons to disable Secure Boot to work around these problems, but there are other unsigned drivers that affect some systems. Secure Boot does offer benefits, at least in theory, so if you're up to the technical challenge, I encourage leaving it active and signing any kernel modules you need. (Personally, I'm not a fan of proprietary video modules, but some people do need them to get adequate performance with some games and applications. If you don't need them, using the standard open source drivers is an adequate workaround.)

Solution 2:

The question of disabling/enabling SecureBoot really is device-specific, but I don't know about enough models to answer that. It has worked on a few laptops for me but on most I have had to disable it. As a general answer, turn it off. As for FastBoot, the thing is, it will make your Windows partition unreadable to Ubuntu. The Windows partition will be marked unclean and Ubuntu can't mount it - it may also affect other partitions used in Windows. So enable FastBoot if you are certain that you won't need to use the Windows partitions from Ubuntu. Disable it if you may need to access them Ubuntu.