4

The following question belongs more to the HP forums but unfortunately I am not gaining any traction there. Please move the question to another SE if its off topic for this community.

Recently I've started receiving the following BIOS interruption & message at each boot:

"HP Sure Start detected an unauthorized change to the Secure Boot Keys. The key was restored automatically and there is no further action required. The repeated occurrence of this problem indicates a security problem should not be ignored."

See screenshot at the bottom.

I have no idea what is causing this warning. I recall recently updating Zoom and perhaps a routine Ubuntu update, but nothing else.

I am using the laptop for security critical interactions so I want to make sure I understand what is causing this and how to get to the bottom of it.

Any idea how I could investigate what is changing Secure Boot keys and why? What exactly could be the trigger for such warning? How can this be investigated further and resolved?

I am running Ubuntu 20.04.1 LTS.

enter image description here

Jernej
  • 61
  • 1
  • 6
  • Have you confirmed that you are using secure boot in the first place? Have you used any tools either from the BIOS menu or userspace to manage and/or inspect what keys are installed? – multithr3at3d Oct 18 '20 at 20:12
  • @multithr3at3d Secure boot seems to be disabled. I have no idea how to see what keys are installed. Frankly, I don't understand what these keys are supposed to represent. – Jernej Oct 19 '20 at 09:09
  • If it was never enabled, I don't see a reason to worry. – multithr3at3d Oct 19 '20 at 23:12
  • 1
    A quick look on the Ububtu Forums seems to provide an answer I hope https://askubuntu.com/questions/765697/why-was-i-asked-to-create-a-password-in-order-to-disable-secure-boot-on-initial Ubuntu dual boot does change the way Windows boots of course, Won't Intel Chips detect a change to the boot keys based on dual boot alone? I can't remember seeing this when I used Ubuntu, link I shared seems to mention some 3rd party software can have low lvl PCI or Raid code so if you want to be really sure, you could setup a virtual box and install suspect programs to test. – Coderxyz Oct 22 '20 at 23:50

1 Answers1

0

Looks like something is updating your trusted keys in UEFI (if your are using BIOS or "legacy", please switch to UEFI). This might come from the Ubuntu OS (or not).

Have you updated the firmware of your motherboard? Have you set an admin password on your BIOS/UEFI? If not, please do both then come back if this did not solve your issue.

Also, this question might be more suited to a chat on the DMZ, or should be asked on superuser.com or unix.stackexchange.com.

A. Hersean
  • 10,046
  • 3
  • 28
  • 42
  • I've tried updating the BIOS but the official method fails, as described on the hp forums. That's whats making me even more suspicious. I haven't touched any BIOS/UEFI settings at all. – Jernej Oct 16 '20 at 12:14
  • Try at least to put an admin password. – A. Hersean Oct 16 '20 at 12:22
  • I've put an admin password, but it doesn't seem to get rid of the warning. Is there any specific purpose for setting a password? – Jernej Oct 16 '20 at 12:25