Installing Shim Signed on Ubuntu 16.04 is an essential step for enhancing system security, especially for users who are looking to run unsigned kernel modules or drivers. In this article, we will go through the steps required to install Shim Signed, including prerequisites and necessary commands.
What is Shim?
Shim is a small bootloader that is part of the UEFI Secure Boot ecosystem. It is responsible for verifying the digital signature of bootloader binaries and kernel modules, ensuring that only trusted software runs on your system. This is particularly important for maintaining system integrity.
Prerequisites
Before you begin the installation process, ensure you have the following:
- Ubuntu 16.04 installed on your machine.
- Administrative (root) access to the system.
- Internet connection to download necessary packages.
Step 1: Update Your System
It's always a good practice to make sure your system is up to date. Open your terminal and run the following commands:
sudo apt-get update
sudo apt-get upgrade
Step 2: Install Required Packages
You will need a few essential packages for the Shim installation. Install them using the following command:
sudo apt-get install shim-signed
This package contains the Shim signed binaries required to boot your system securely.
Step 3: Verify the Installation
After the installation is complete, you can verify that Shim has been installed correctly. Run the following command to check the installed version:
shim-install --version
You should see the version of Shim that you have installed.
Step 4: Configuring UEFI Settings
To ensure that Shim is set as the bootloader, you may need to configure your UEFI firmware settings:
- Reboot your system and enter the UEFI firmware settings (usually by pressing a key like F2, F10, ESC, or DEL during boot).
- Look for the Boot options and ensure that Shim is set as the primary boot option.
Step 5: Testing Shim
Once your system has booted with Shim, you can test if it is functioning correctly by attempting to load an unsigned kernel module. Use the following command to list currently loaded modules:
lsmod
Then try loading an unsigned module and check if it gets blocked by Shim.
Conclusion
Installing Shim Signed on Ubuntu 16.04 is an important step for users who prioritize security. By following the above steps, you can successfully install Shim and ensure that your system is protected against running unsigned code. Remember to always keep your system updated to benefit from the latest security features.
By securing your boot process, you are contributing to the overall security and integrity of your Ubuntu installation.
