How can a new user enable secure boot in f40?

Hello!

I am new to fedora and very much looking forward to switching over fully to it. But before I do, I would like to resolve some of the warnings that the Security Report identifies about my device.

I installed fedora40 using the Fedora Media Writer on a USB stick to my second hand Dell Inc. Precision M4800 last weekend. It was running Windows 11 before.

The fedora Security report identifies that I do not have Secure Boot enabled so I would like to enable it.

I have tried adjusting the boot settings by pressing F12 but when I switch on UEFI mode I can not see an option that takes me to a fedora boot program. The options which come up are two Windows Secure Boot options and one long name which looks like a hard disc name. When I select that option, it doesn’t boot fedora but instead takes me to a Windows ‘trying to repair device’ screen and I have to shut down.

Please could anyone give me some simple instructions that I could follow to enable the secure boot?

I’ve had a good look through related posts on here and the FedoraForum but can’t seem to find one which matches my conditions closely enough I’m reasonably familiar with using terminal linux commands to move and list files, among other simple things, but most of all this is new to me.

Additional information.
I wonder if I have mangled my installation somehow. Although I can boot fedora using the legacy or BIOS option, I do have to press return after a couple of ‘Invalid Partition Table!’ messages each time I switch on the laptop. These then lead to a message from GRUB2 which does something to save the situation and the screen then goes on to the now familiar and good ‘fedora’ booting screen.

Thanks

1 Like

For most systems accessing the bios setup menu is done with F2, Del, or similar (or it may be accessed from the grub boot menu with the uefi system settings selection) – that varies with the brand of the device and firmware used. You cannot enable secure boot when booted in CSM mode but only within UEFI mode booting. When in the bios setup menu that setting is usually under a security tab and may require disabling CSM mode before it can be selected.

You must be in the bios setup menu to change the bios secure boot settings. Secure boot is not enabled within fedora but only within the bios.

If the system was installed in legacy (MBR or CSM) mode then once the bios is set to UEFI only then it cannot boot and will need to be reinstalled.

3 Likes

Added secure-boot

Secureboot is supported out of the box. You can install Fedora with secureboot, because Microsoft signs the correct files.

After installing, in many UEFIs you can configure custom secureboot keys, this works on most distros.

For Fedora, you dont need to do this, but can, if you want to. This may need additional steps though.

But enabling secureboot is done in the BIOS, not related to Fedora.

2 Likes

Welcome to :fedora:

When I used to do Rollouts as a Contractor, the Engineering dept. of a Company in South Carolina had some of these with Quadros in them. We did the tests, and they did great with Fedora 32/33 can’t recall, They are pretty good machines. The company decided to go back to MS, but was fun to get a Rollout with Fedora on it.

Thank you and that’s good to know that the hardware should be compatible

Yeah, It’s beens some years now, but it worked well back then. The Nvidia Quadros are almost out of support by now.

1 Like

Thank you. I am sorry: my description of the problem might have been confusing.

I think that I was in the BIOS set-up menu but I could not find the right combination of options to enable UEFI. I had to switch-off legacy boot to switch on UEFI boot. But then the UEFI boot would not lead to fedora starting.

I don’t understand what MBR or CSM are so I might be out of my depth now, and I don’t understand how I can choose what system under which to install fedora. I just attached the USB with fedora Media Writer and allowed it to choose options. I might have tied myself to legacy non-UEFI booting without knowing it.

Does it seem that I would need to attempt to reinstall fedora?

As mentioned, if you install Fedora using legacy boot, it won’t boot it in UEFI mode.

Or just go back to legacy boot mode until Fedora gets a unified kernel:

1 Like

Added f40

The simple instruction is to turn off legacy boot or CSM or whatever it is called. Then re-install Fedora from scratch. Once installed it won’t be easy to switch from legacy boot to UEFI boot.

1 Like

Thank you all for your helpful replies. I have taken your advice and installed Fedora using UEFI mode.

The laptop now boots (to Fedora!) more or less automatically in secure boot mode.

(In my defence, or maybe not, I think the USB socket I’d used for the USB stick with Fedora’s image the first time around was not the right one as the USB stick didn’t seem to show up in UEFI options as a possible on my first attempt although it was picked up by the Legacy BIOS options. This seemed to lead me to conclude mistakenly that it was not possible to install Fedora using UEFI mode.)

I hope this helps any other newcomers anyhow.

The Fedora Device Security Report says I am also failing two or three other of its first tier checks but I will save them for another day

3 Likes

You should be fine. Get comfy and enjoy the experience ! If you need hel let us know :fedora:

1 Like