Ubuntu has a signed boot loader and kernel by default, so it should work fine with Secure Boot. However, if you need to install DKMS modules (3rd party kernel modules that need to get compiled on your machine), these do not have a signature, and thus can not be used together with Secure Boot.
Windows 7 in UEFI does not support secure boot, Windows 8 and Linux Ubuntu verson 14 do.
Ubuntu Core supports both hardware and software root of trust for secure boot. Security admins can create and store the digital keys used to validate the boot sequence in either a secure element, a TPM device or a software TEE.
This of course begs the query “What is Ubuntu Core secure boot?”
Ubuntu Core abstracts the root of trust implementation for its secure boot process. As a consequence, Ubuntu Core secure boot can be enabled for both ARM and x86 So, and cs. Secure boot is available out of the box on certified devices, like the Raspberry Pi, at no additional cost.
How does UEFI Secure Boot work on Ubuntu?
On Ubuntu, all pre-built binaries intended to be loaded as part of the boot process, with the exception of the initrd image, are signed by Canonical’s UEFI certificate, which itself is implicitly trusted by being embedded in the shim loader, itself signed by Microsoft.
This means we can generally rely on the firmware on these systems to trust binaries that are signed by Microsoft, and the Linux community heavily relies on this assumption for Secure Boot to work. This is the same process used by Red Hat and SUSE, for instance.
Why can’t I install Ubuntu on my computer?
Practice usually follows theory, but sometimes it doesn’t — some computers just don’t seem to get along well with Shim (the program that Ubuntu uses to work with Secure Boot). A Secure Boot problem is almost certain to manifest itself as an inability to even begin to boot — either the Ubuntu installer or the Ubuntu system once it’s installed.