I’ve always disabled that feature since it doesn’t play nice with Linux and it seemed complicated for no real benefit.
Have any of you tried installing Ubuntu with secure boot? Is it complicated? What’s the process like?
Not a problem if you stick to Ubuntu packages. All packages in the default apt repositories contain signed stuff, so you can install drivers (graphics, virtualbox, …) like normal. I had it accidentally enabled when I initially installed and only noticed when I tried to build custom drivers myself.
I’m not sure I understand. I thought this would only affect Grub, but not the software I install on the system.
How does using a custom driver affect your bootloader? You tried to build a driver in with the kernel? The kernel needs to be signed somehow?
Secure boot means only signed code can run in the kernel/ring 0. Grub, as the loader, needs to be signed as well. Basically anything with system privileges needs to be signed. If I remember right you need to enroll the signing key on installation, and the rest is handled automatically, but you can’t use any custom kernel or kernel drivers.