How To Install Linux Ubuntu

How To Install Linux Ubuntu

Reading time1 min
#Linux#Ubuntu#OpenSource#UEFI#SecureBoot#UbuntuInstallation

How To Install Ubuntu Linux – UEFI & Secure Boot on Modern Systems

Deploying Ubuntu 22.04 LTS (or newer) to UEFI-based hardware with Secure Boot requires more than the old BIOS-and-DD dance. Modern firmware, cryptographically signed bootloaders, and strict partitioning rules introduce complications most documentation glosses over. Skip the legacy advice—install reliably on recent hardware without disabling Secure Boot.

UEFI and Secure Boot: Why They Matter

Forget BIOS-era assumptions. Nearly every x86 laptop, workstation, or desktop made after 2015 boots via UEFI firmware. UEFI provides improved hardware initialization, faster POST, and support for GPT partitioning. Secure Boot adds a cryptographic signature check at boot, only launching loaders signed by a trusted authority (typically Microsoft’s UEFI CA or a local key).

Ubuntu’s shimx64.efi—Microsoft-signed—plays nicely here. Still, not every workflow or driver module will “just work.” If you’re dual-booting, expect additional UEFI partition logistics.

Requirements Checklist

  • UEFI-booting x86-64 PC hardware, Secure Boot enabled.
  • USB drive, ≥4 GiB.
  • Official Ubuntu Desktop ISO (recommend: ubuntu-22.04.4-desktop-amd64.iso, or latest LTS).
  • Boot media utility: Rufus (Windows), or Balena Etcher/dd (Linux/macOS).
  • Backup of all important data on the target drive (seriously—UEFI bootloader changes can break other OSes).

1. Prepare a UEFI-Compatible Bootable USB

  1. Ubuntu ISO:
    Download the relevant ISO from https://ubuntu.com/download/desktop. Use the LTS release for best Secure Boot support.

  2. USB Creation:

    • Windows (Rufus recommended):

      • Select device/ISO.

      • Partition scheme: GPT

      • File system: FAT32 (do not use NTFS; UEFI won’t see it).

      • Target system: UEFI (non-CSM).

      • Start the write process.

        Gotcha: Some ISOs (esp. >4GB) may not fit in FAT32, but Ubuntu's is fine. Only force NTFS if using custom ISOs—problems will follow.

    • Linux/macOS (Etcher or dd):

      # Confirm /dev/sdX — accidental overwrite destroys data
sudo dd if=ubuntu-22.04.4-desktop-amd64.iso of=/dev/sdX bs=4M status=progress oflag=sync

      Use lsblk to verify USB device path. Wait for sync to finish.

    • Note: FAT32 ensures your USB is detected as UEFI media. Skipping this step means no UEFI boot.

2. Adjust Firmware – Disable Fast Boot (Recommended)

Some UEFI implementations (“Fast Boot”, “Ultra Fast Boot”, sometimes under Power or Boot tabs) skip external USB initialization, preventing detection of your installation media.

  • Enter UEFI setup (commonly F2, DEL, ESC at POST).
  • Disable “Fast Boot”. Save and exit.

3. Boot from USB – UEFI Mode Only

  • Plug in the prepared USB.
  • At POST, enter Boot Menu (usually F12, ESC, or F10).
  • Select USB with UEFI prefix (e.g. “UEFI: SanDisk...”).
  • If no such entry appears, either the media isn’t UEFI bootable, or CSM/Legacy settings are interfering.

Note: On some models (e.g. ThinkPads), both “Legacy” and “UEFI” options may show; pick the UEFI one or reformat the USB.

4. Launch Ubuntu Live Environment

  • Select “Try Ubuntu” to validate hardware (Wi-Fi, display, etc).
  • (Optional) Use Ctrl+Alt+T to open terminal and run lscpu, lsblk, and lsmod to verify system state.
  • If the system doesn’t detect touchpads or Wi-Fi, collect output from dmesg for post-install troubleshooting.

5. Partitioning: Respect the EFI System Partition (ESP)

On install:

  • Choose “Erase disk and install Ubuntu” if using the full device.
  • For dual-booting, choose “Something else”; use the existing ESP or create one:
    • EFI System Partition: ~256–512 MiB, FAT32, mount at /boot/efi. Do NOT format if other OSes are installed.
    • Root partition: ext4, size as needed.
    • (Optional) Dedicated /home and swap partitions. Swap-to-file is default post-20.04.

Key point:
Ubuntu identifies the ESP by its GUID type (0xEF00 in GPT). The installer configures grub-efi-amd64 and shim-signed in /boot/efi.

6. Proceed Through Installer

  • Configure timezone, username, password as prompted.
  • Leave “Install third-party drivers” checked to preempt hardware issues; if using Secure Boot, this might trigger MOK enrollment (see below).
  • Installation copies and configures all necessary files automatically.

Known issue:
Occasional UEFI firmware quirks (e.g., Lenovo “Secure Boot failed” after reboot) may require firmware update or temporary Secure Boot toggle.

7. First Boot & Secure Boot Validation

  • Remove installation media at reboot prompt.
  • Ubuntu will boot via the Microsoft-signed Shim, handing off to GRUB and the kernel.
  • If you see: 
    Secure Boot Violation
Invalid signature detected. Check Secure Boot Policy in Setup.
    Troubleshooting:
    • Double-check Secure Boot is enabled (not “Custom Mode”).
    • Boot order: Ubuntu must be present as a “UEFI” entry. Use UEFI firmware “Add boot option” if necessary, pointing to \EFI\ubuntu\shimx64.efi.
    • Sometimes, force a reinstallation of shim and grub: 
      sudo apt install --reinstall shim-signed grub-efi-amd64

8. Machine Owner Key (MOK) Enrollment – Proprietary Drivers

If you install third-party kernel modules (e.g. NVIDIA, VirtualBox DKMS), Ubuntu’s installer will prompt to enroll a Machine Owner Key (MOK):

  • Pick a passphrase during driver install.
  • Reboot: the “Perform MOK management” blue dialog appears before boot.
  • Select “Enroll MOK”, enter chosen passphrase.
  • Boot continues with signed module enabled—and Secure Boot remains active.

Gotcha: Forgetting MOK passphrase means module won’t load with Secure Boot enabled; modules must be signed or use DKMS/secureboot compatible building.

9. Troubleshooting & Recovery

IssueLikely CausesActions
USB not seen as bootableUSB not FAT32, created as Legacy/MBR, Fast Boot activeVerify USB FAT32, re-create, disable Fast Boot
Black screen after installGPU driver/kernel issueBoot with nomodeset, update drivers, use journalctl -xb
Boot freezes, “No Boot Device”ESP missing, GRUB not installed, wrong modeBoot Live USB, run boot-repair, check ESP partition 0xEF00
“Secure Boot Violation”UEFI “Custom Mode”, bad shim, wrong ESPReinstall shim/grub, reset firmware Secure Boot to “Standard”

Tip: The boot-repair utility (available via live session) rescues many UEFI GRUB issues. In complex dual-boot situations, back up the ESP before modification.

Non-Obvious Details and Real-World Notes

  • Some Dell/HP/Lenovo EFI implementations hide manual boot entries until “Admin” passwords/Firmware unlocks are performed, especially on business-class BIOSes.
  • If Windows 11 is present, its BitLocker must be suspended prior to modifying boot settings—otherwise you risk an unrecoverable boot lockout.
  • Known issue: Secure Boot + NVIDIA DKMS can be unstable during the 470.xx–525.xx kernel driver transition. Use distro-packaged drivers only if possible, and read current bug reports.

Summary

Installing Ubuntu on post-2015 hardware is straightforward if UEFI boot paths and Secure Boot requirements are respected. Never disable security controls out of convenience unless diagnosing, and always preserve existing EFI partitions during dual-boot setup.

Most hurdles occur at USB creation or ESP handling—invest effort in these early stages for smooth and secure operation.

Questions? Drop specifics, log snippets, or firmware model numbers. Edge cases can be surprisingly hardware-specific.

Related Articles

How To Install Linux Ubuntu

Step-by-Step Guide to Installing Ubuntu Linux on Modern Hardware with UEFI and Secure Boot

1 min

How To Download Ubuntu

Mastering the Direct Download: How to Efficiently Download Ubuntu for Any Setup

1 min

How To Install Linux

Step-by-Step Guide to Installing Linux on Modern Hardware with UEFI and Secure Boot

1 min
← Back to Blog