Diable Secure Boot Grayed Out

Alexzee

Active Member
I am trying to d8sable secure Boot in the BIOs of my new build but it is Grayed out and the down arrow key won't go to "disable"

I have done some reading online and folks are saying that you have to go to key management and delete the keys.
Is this correct?
 

Attachments



wizardfromoz

Super Moderator
Staff member
Gold Supporter
G'day Alexzee :)

What is the name and version number of the BIOS Utility provider?

Maybe Motherboard (Mobo) as well?

Cheers

Wiz
 

Alexzee

Active Member
I ran this command in the terminal to get the name and BIOS version information:

dmidecode | less

BIOS Information
Vendor: American Megatrends Inc.
Version: 1005
Release Date: 08/01/2019



The mobo is an:
Asus X570 Tuf Gaming Plus WiFi
 

atanere

Well-Known Member
Asus X570 Tuf Gaming Plus WiFi
In the Boot Menu section of your instruction manual (page 64-65 of the PDF)... it covers enabling CSM (Compatibility Support Module). You may need to enable this first. Enabling it may automatically disable Secure Boot, or at the very least it should now give you control over Secure Boot so you can set it to disabled.

In the CSM section, you have other boot options too.... UEFI and Legacy, Legacy only, UEFI only in 4 devices categories... boot, network, storage, and expansion. You may need some adjustments here for Slackware too.

Cheers
 

Alexzee

Active Member
In the Boot Menu section of your instruction manual (page 64-65 of the PDF)... it covers enabling CSM (Compatibility Support Module). You may need to enable this first. Enabling it may automatically disable Secure Boot, or at the very least it should now give you control over Secure Boot so you can set it to disabled.

In the CSM section, you have other boot options too.... UEFI and Legacy, Legacy only, UEFI only in 4 devices categories... boot, network, storage, and expansion. You may need some adjustments here for Slackware too.

Cheers
I went into the boot section of the UEFI BIOS, under the heading CSM.
From there I clicked on 'Launch CSM' and saw the following table and choose the options that I believe gave me the greatest chance of flushing UEFI from my system. I didn't save the changes and exited my BIOS as I was not sure that these were the correct or best settings. I thought these would be the right choices, but am waiting to hear from folks more knowledgeable than I.

Boot Device Control: Legacy OPROM only

Boot From Network Devices: Legacy only

Boot From Storage Devices: Legacy only

Boot From PCI-E/PCI Expansion Devices: Legacy only
 

atanere

Well-Known Member
Did you get Secure Boot turned off now by changing the CSM settings?

@captain-sensible was suggesting that you create a 100MB /efi partition in the other thread. This tells me that Slackware will run with UEFI, but from the conversation I take it that it will not run with Secure Boot. This is not unusual in the present state of affairs for Linux installations, but I am not very familiar with Slackware myself.

So I think you have the choice whether to use UEFI or not, but if you want it then you will need to change the CSM settings, probably for both Legacy and UEFI. Setting for both Legacy and UEFI should also allow you to install Slackware the old-fashioned BIOS/MBR way too.

You may want to make a firm decision about this before you begin... and manually prepare your hard drive for the system that you want. Will Slackware always be your only system? If you think you may dual-boot later with another Linux, I think UEFI/GPT is the best way to go.

If you want to use UEFI, you should prepare the hard disk as a GPT disk (GUID Partition Table), and then setup partitions as you desire... /efi for the bootloader, /home if you want it separate, / for the main system files, and swap.

If you want to use older style Legacy setup, you should prepare the hard disk as "dos" or "msdos" or "mbr" (all the same thing). In this case, you do not need /efi partition, but you can prepare the rest of the drive similar to that above.

If you have Secure Boot now disabled, you can also just throw caution to the wind and let Slackware set itself up however it wants, although I think Slackware does require you to manually partition during the installation steps. But if you don't like it afterwards, blow it away and start again.... no harm to the hard drive to change your mind. :D

Cheers
 
Last edited:

Alexzee

Active Member
Did you get Secure Boot turned off now by changing the CSM settings?

I explained that I 'did not' save the changes in the BIOS, where I had adjusted the CSM settings. I was waiting for you to look at what settings I had placed / selected in the table and get back to me.

Here are those settings as noted in my previous post, I DID NOT save the changes and exited my BIOS as I was not sure that these were the correct or best settings.

Boot Device Control: Legacy OPROM only

Boot From Network Devices: Legacy only

Boot From Storage Devices: Legacy only

Boot From PCI-E/PCI Expansion Devices: Legacy only

I thought these would be the right choices, but am waiting to hear from folks LIKE YOU that are more knowledgeable than I. Do these settings sound like the right way to proceed?

I feel better about making choices that give me a Legacy BIOS setup minus all the UEFI.
 

captain-sensible

Active Member
In the Boot Menu section of your instruction manual (page 64-65 of the PDF)... it covers enabling CSM (Compatibility Support Module). You may need to enable this first. Enabling it may automatically disable Secure Boot, or at the very least it should now give you control over Secure Boot so you can set it to disabled.

In the CSM section, you have other boot options too.... UEFI and Legacy, Legacy only, UEFI only in 4 devices categories... boot, network, storage, and expansion. You may need some adjustments here for Slackware too.

Cheers
yes i just played with my BIOS disabling enabling one makes other do an automatic opposite
 

captain-sensible

Active Member
basically what happened was that when i did current install it complained and told me to drop out of install and set up efi- so i just did as it told me. When i got to lilo boot manager choices, it gave ma a choice " may not need it ..something ..but install anyway" so i did .i just added a bit more clarity on other thread
 

atanere

Well-Known Member
Did you get Secure Boot turned off now by changing the CSM settings?

I explained that I 'did not' save the changes in the BIOS, where I had adjusted the CSM settings. I was waiting for you to look at what settings I had placed / selected in the table and get back to me.

Here are those settings as noted in my previous post, I DID NOT save the changes and exited my BIOS as I was not sure that these were the correct or best settings.

Boot Device Control: Legacy OPROM only

Boot From Network Devices: Legacy only

Boot From Storage Devices: Legacy only

Boot From PCI-E/PCI Expansion Devices: Legacy only

I thought these would be the right choices, but am waiting to hear from folks LIKE YOU that are more knowledgeable than I. Do these settings sound like the right way to proceed?

I feel better about making choices that give me a Legacy BIOS setup minus all the UEFI.
Ah, sorry for the misunderstanding. I do believe if you save your settings, then Secure Boot will be disabled. (Or you can set it to disabled, if not automatic.)

Leaving all of the CSM settings to Legacy, preparing your hard drive as "dos" (with fdisk) or "msdos" (with gparted), will get you started for a Legacy type installation, avoiding all the UEFI stuff. This is the simplest method overall, I think. Slackware can then use LILO as a bootloader without needing ELILO instead.

After making the hard drive a "msdos" type of drive, you should only need two partitions for Slackware: swap and / (formatted as ext4). You probably don't even need swap with a new build, but Slackware may complain if you don't create it.

This should be about the most basic of installations... they way they all used to be before UEFI. But this is different from @captain-sensible... his seems to be clearly a UEFI setup.
 

captain-sensible

Active Member
if you have gone for main install on one partition with no /home then once you do first boot up as root use
# adduser
1st question type name
2nd hit return
3rd return
4th return
all next hit return until it asks you for a password
 

Alexzee

Active Member
Rebooting to go into the BIOS setting everything to Legacy.
Be back to let you know if secure boot is disabled.
 

Alexzee

Active Member
Setting all of the settings to Legacy didn't help nor did it disable the secure boot.

So; I called Asus.
The Tech walked me through the BIOS to disable the secure boot.

I had to delete all of the keys under key management. After deleting all of the keys secure boot was disabled. ;)

Since deleting all of the keys and rebooting I was able to install Linux Mint 19.2 over the last 30 minutes.
I
The Slackware installer would not let me install Slackware to my M.2 NVMe drive......but I will move over to that thread to talk to captian-sensible about that.
 

atanere

Well-Known Member
Glad you've made progress with it. All the manufacturers do UEFI differently which is why this is such a pain. Asus seems to be one of the hardest to work with, and other Asus motherboards would behave differently from yours.

With Linux Mint, you very possibly could have left UEFI and Secure Boot both enabled.... but your goal is Slackware, so you have to deal with its own peculiarities too.

Hang in there... you're doing great! :D

Cheers
 

Alexzee

Active Member
Glad you've made progress with it. All the manufacturers do UEFI differently which is why this is such a pain. Asus seems to be one of the hardest to work with, and other Asus motherboards would behave differently from yours.

With Linux Mint, you very possibly could have left UEFI and Secure Boot both enabled.... but your goal is Slackware, so you have to deal with its own peculiarities too.

Hang in there... you're doing great! :D

Cheers
Thanks!

I'm looking forward to getting Slackware installed, however; I need captian-sensible's help.
 

wizardfromoz

Super Moderator
Staff member
Gold Supporter
Just a note - not to confuse, but to clarify.

If Slackware needs the Swap partition, so be it :)

Since the start of the Linux Mint 19 series, it doesn't (need it set up).

It does it itself, but using a swap file rather than partition.

Code:
[email protected]:~$ dmesg | grep -i swapfile
[   16.947207] Adding 970056k swap on /swapfile.  Priority:-2 extents:4 across:994632k FS
[email protected]:~$
In my case, a little under 1 GB is allocated.

Cheers

Wiz
 

Alexzee

Active Member
Just a note - not to confuse, but to clarify.

If Slackware needs the Swap partition, so be it :)

Since the start of the Linux Mint 19 series, it doesn't (need it set up).

It does it itself, but using a swap file rather than partition.

Code:
[email protected]:~$ dmesg | grep -i swapfile
[   16.947207] Adding 970056k swap on /swapfile.  Priority:-2 extents:4 across:994632k FS
[email protected]:~$
In my case, a little under 1 GB is allocated.

Cheers

Wiz
Thanks!
 

Members online


Latest posts

Top