Ubuntu 12.10 supports UEFI secure boot. I did some research in order to understand the actual implementation on Ubuntu and would like to share my findings. Since Windows 8 requires secure boot, most new Computer contain Microsoft’s Platform Key. Microsoft allows to sign own binaries with this Platform Key. As outlined in the Canonical blog post Ubuntu 12.10 uses a signed version of the EFI application Shim (to maintain the chain of trust) and Grub2 as its default boot manager.

Canonicals version of the Shim EFI application

Ubuntu’s 12.10 Shim EFI application is a early version of Shim which don’t has any support for MOKs (Machine Owner Keys). Shim was made by Matthew Garrett. He wrote two blog posts how Shim works, but because Ubuntu uses an older version not all of his description apply to Ubuntu’s Shim. Matthew Garrett also published its own Microsoft-signed version of Shim. Ubuntu however doesn’t use this signed version. Read more »