我之前见过这个问题的答案,但我不太明白它们的意思。我对未签名的驱动程序等东西一无所知。所以我想知道我是否应该忽略此消息,因为它不正确,或者它是否真的有问题。我在 BIOS 中启用了安全模式,但这条消息是否意味着它实际上没有启用?
错误:
If you want get rid of the message about Insecure Boot you need to enable secure boot. To do this you need turn on validation in module MOK (Machine Owner Key):
sudo mokutil --enable-validation
You will be asked to enter twice temporary password and than after reboot get a possibility to change validation state.
If validation is enabled than no more message about insecure boot appears. But remember, you will not be able to run any unsigned drivers: nVidia drivers and VirtualBox will not be working.
To disable validation type:
sudo mokutil --disable-validation
and then reboot.
If you disable validation and have in BIOS Secure Boot switched ON, still
you will not be able to boot anything that wasn't signed. Even though
your ubuntu has validation disable but "is seen" by BIOS (UEFI) as signed
because of shim-signed package. Shim package while your ubuntu is booting
checks what is the MOK state and if validation is disabled shows message
"Booting in insecure mode".
谢谢!
答案1
如果您在 BIOS 中禁用安全启动,则将不会看到此消息。
一般来说,安全启动选项不会提高系统抵御任何现代威胁的安全性。
安全启动功能是微软发明的。主要目的是控制操作系统安装。与安全无关。
对于基于 Linux 的系统,安全启动没有任何意义。Linux 有自己的安全功能。如果您对系统有足够的控制权来安装内核模块,您就有足够的权限做任何您想做的事情。所以安全启动没有帮助。