I have windows 10 installed. Im trying to install ubuntu. Should i turn off secure boot or leave it on? What does it do?


Secure Boot prevents from booting unsigned operational systems.

It allows to boot only systems that are signed with a key that is stored in UEFI.

Ubuntu kernels are signed and you can install Ubuntu with Secure Boot enabled, but there are some limitations if you use Secure Boot:

  1. You will not be able to install 3rd party kernel modules (proprietary graphics and wireless drivers, any other custom built modules).

  2. Hibernation will not work.

Generally Secure Boot is not a very useful feature, because nowadays boot viruses are not an issue. Linux systems have other ways of protection from installing malware (root permissions).

The bottom line is that if you need unsigned modules, you do not lose much if you disable Secure Boot.


Yes and No

On the most basic level, UEFI Secure Boot prevents running unsigned boot loaders.

Modern versions of Ubuntu will boot and install normally on most PCs with Secure Boot enabled.

But not all available tools and OS are having signed boot loaders. If you enable Secure boot and try to boot from say Hirans Boot CD, or If you manually add Grub Entries, you might get something like this :

enter image description here

But if you wish to use only Ubuntu and Windows , as both are having valid and signed boot loaders, you can keep Secure boot ON.