Lenovo system, Windows 11 professional, secureboot, UEFI, dual boot with Ubuntu 24.04.3 LTS

Support and Help
1

Ubuntu Support Template

Ubuntu Version:
24.04.3 LTS

Desktop Environment (if applicable):
GNOME

Problem Description:
I am attempting to dual boot a system with Windows 11 Professional & Ubuntu 24.04.3 LTS.

I cannot see GRUB during bootup, and the device boots directly into Windows.

Installation process:

  • Windows: I installed Windows with Secure Boot and UEFI enabled, then Ubuntu on an unpartitioned space on the SSD. (There was no trimming of the Windows systemroot partition or any such changes.)

  • Ubuntu: Installed it on the remaining free space & selected “install alongside Windows”

  • . After installing Ubuntu, I added .efi files from Ubuntu’s boot folder, which were added to the device’s UEFI Key management - Authorised signature DB

UEFI > Security > Secure boot > Key management > Authorized signature database > Enroll DB > EFI > ubuntu > grubx.efi and shimx.efi and mmx64.efi

I still cannot see the GRUB option: Do I need to update Grub or someone on Ubuntu’s end after adding the .efi files to the UEFI options?

Relevant System Information:
Hardware details:

  1. Lenovo ThinkPad P16s Gen 3
  2. Bios: R2DET40W (1.25 )
  3. Single 4 TB SSD a. 3 TB is dedicated to Windows 11 professional 25H2 b. 500 GB is used for Ubuntu 24.04.3 LTS

UEFI (BIOS) configuration:

  1. Enabled: UEFI mode
  2. Enabled: Secure boot
  3. Enabled: Boot and Administrator password
  4. Enabled (added): key (rubx.efi and shimx.efi and mmx64.efi) from Ubuntu’s boot folder 5.Enabled: Allow Microsoft 3rd party certificates
  5. Boot sequence: only attached SSD.
  6. Disabled: All other boot options, such as LAN, USB, etc.

OS Configuration:

  1. Currently, for MS Windows, BitLocker is disabled.
  2. Ubuntu 24.04.3 is accessible via a bootable USB

Screenshots or Error Messages:
Not applicable

What I’ve Tried:

  1. Disabled “lock boot options”
  2. Enabled: Allow Microsoft 3rd party CA
  3. Added 3 .efi files to the key store within the UEFI.

Before Posting:
Checked but none are relavent to a Lenovo system that I feel is stopping any changes to the UEFI configuration and discarding them on boot.

2

Temporarily, disable the following UEFI settings if present on your system:-

Secure Boot (Some vendors require an Admin password to access the Secure Boot setting)
Fast Boot (It may prevent access to one-time boot menu via dedicated keys because the device boots too fast)
Legacy mode
TPM (Trusted Platform Module)
PTT (Platform Trust Technology)
FTPM (Firmware Trusted Platform Module)
TPT (Trust Platform Technology)
PSP (Platform Security Processor)
Device Guard (some Lenovo devices)
OS Optimised Defaults (some Lenovo devices)
Lock UEFI BIOS Settings
Boot Order Lock
Set UEFI file as Trusted (within Security)
Disable Optane memory and storage
Remove Optane drive and reset UEFI to default (with the suggested changes above)
Enable Microsoft 3rd Party UEFI CA

Then, access your PC boot menu (F12 for Lenovo), what do you see?

1 Like
3

It might be that you need to set Ubuntu to first boot option in your BIOS firmware by selecting a Boot or Boot Options tab. The link below is to the Lenovo site and explains accessing both the one time boot menu with the F12 key as well as the BIOS options to make a permanent change. You may need to use some of the suggestions in post 2 above, particularly Fast Boot.

https://support.lenovo.com/us/en/solutions/ht104668-how-to-select-boot-device-from-bios-boot-menu-ideapad-thinkpad-thinkstation-thinkcentre-ideacentre

2 Likes