Ubuntu – dual-boot with secure boot: invalid signature

grub2secure-bootuefi

So, I got this Dell Inspiron 15 laptop with Windows 10 a couple of months ago.
I installed Ubuntu 14.04 to have as dual boot since I rarely use Windows.

Today, I did an update and some grub related packages were kept.
I don't know what I was thinking but I went on and sudo installed the kept back packages.

After reboot, I get an invalid signature error and I get redirected to a Windows boot.

Is there a way to rectify the situation? My knowledge of EFI, secure boot and their interaction is fairly limited (going through info pages as I write this).

Best Answer

As I do not know whether Microsoft did change the boot loader signature with the update
(this anyway would be off-topic here) I suggest the following procedure:

First disable hibernation and Fast Boot in Windows.

Boot into Windows - open command prompt as administrator and execute this command:

powercfg /h off  

Then disable (uncheck) Fast Boot in Control Panel -> Energy Settings (show hidden settings).

Shutdown the machine (do NOT reboot) completely.

Then reinstall GRUB bootloader to your Ubuntu installation in EFI mode.

Boot from the Ubuntu install media - then open a terminal and execute:

sudo mount /dev/sd*** /mnt
sudo mount /dev/sd** /mnt/boot/efi
for i in /dev /dev/pts /proc /sys /run; do sudo mount -B $i /mnt$i; done
sudo chroot /mnt
grub-install /dev/sd*
update-grub  

Note :

sd* = disk | sd** = efi partition | sd*** = system partition

If you do not know the partition numbers you can easily identify them with GParted.
The (Graphic User Interface) tool is already included in the Ubuntu installation media.

If this solution does not work you unfortunately will have to reinstall ubuntu in insecure mode.
Boot into BIOS (UEFI) and disable Secure Boot, then reinstall ubuntu in the way you did before.