Set Up rEFInd Secure Boot Manager from Ubuntu 16.04
You can follow these instructions to set up multi-boot after installing Ubuntu on your Secure Boot machine from a USB stick. Overview of Components to Set Up Using EFI Secure Boot for booting (multiple) OS images requires that a binary image be signed with a trusted key before it can be booted. It involves: EFI System Partition (ESP): The so-called Extensible Firmware Interface partition stores all the binary boot images loaded by the BIOS and Boot Manager (rEFInd in our case). It is a FAT partition with a special file system type ID, and flags. shim (signed by developers): This is the binary that will be loaded by the BIOS. It will validate the cryptographic signature of the rEFInd binary and launch it. It will also enroll new certificates you create for signing binary images you want to boot, such as kernels you compile. Machine Owner Key (MOK): The new private key and certificate pair that you will use to designate which kernel images are allowed to be booted. Keep the pri