Thanks for this discussion!
I have two computers which are each about 10 years old, and they are currently running Windows 11 by using Rufus to bypass the compatibility checks. Both computers are considered out of support by their hardware vendors (HP, Lenovo), no post 2022 BIOS updates are available online, and I have been unsuccessful in getting CA 2023 certificates to install by following online contributed work arounds. So, I expect them to soon fail to be able to Secure Boot.
Based upon what I am reading here, it sounds like Ubuntu would have the same issues. Correct?
This resembles a “Will Ubuntu work in my special case?” question.
The Ubuntu installer is designed to let you safely test your special case without risking your current install. So you can easily and safely find out for yourself.
I have previously installed Ubuntu on the Lenovo laptop as a test and Secure Boot worked then (about 5 months ago).
Reading through this discussion and others on this forum, it sounds to me like Ubuntu and Windows 11 are facing the same June 2026 deadline for Secure Boot on older hardware that is no longer supported by manufacturer with updated BIOS. (And work arounds to force install CA 2023 certificates using Windows PowerShell scripts are failing for me on these specific HP and Lenovo computers).
Am I understanding this correctly? When the CA 2011 certificates expire in June 2026, Ubuntu secure boot will stop working?
My problem (Lenovo ThinkCentre M710q) is that my firmware isn’t accepting the hardware update when using Ubuntu. I don’t have Windows on my machine. I might, at some point, have to resign myself to not using Secure Boot, which isn’t ideal, but that’s life.
I couldn’t get that to work on my Lenovo T460 or HP EliteDesk 800 G1 SFF. Today after multiple different failed attempts, I was successful using Mosby on both computers.
The instructions say, “Create a UEFI Shell bootable media,” and that if you don’t know how, you can with Rufus on Windows.
But, I don’t have Windows; only Linux. How does a person create a UEFI Shell bootable media using Linux? Would that be a normal Live USB (presumably you can’t use Ventoy for this)?
you can install gnome boxes and run Windows 10 then upgrade to 11 from there.
it must be the deb file install of gnome boxes because you will need the USB pass through to create the Mosby USB with Rufus. i use the Debian testing repository to download the gnome boxes deb file.
i have Windows 11 25H2 running in gnome boxes quite happily. i use this for two programs Rufus and Garmin Express.
I haven’t tried Mosby on an Ubuntu only computer. But based on what I am reading it might work.
At the bottom of the webpage for Rufus it lists Non exhaustive list of ISOs Rufus is known to work with, and the list includes Ubuntu along with numerous other Linux distributions. See Installing Rufus on Ubuntu: A Comprehensive Guide. Once Rufus is running, clicking the Download choice allowed me to select UEFI Shell. And the Rufus app downloaded that UEFI Shell from the internet.
Sure, but it still needs Windows. Someone who doesn’t use Windows has to use a different method, hence my question: Would a Live USB work as a UEFI Shell bootable media?
I’m OK at the moment, fortunately, but I want to add the information to my notes in case it’s needed in future.