What is this update and how to treat it?

Can someone tell me what this is and what to do? I am getting it recently whenever there is an update. I don't think it gets updated. And it doesn't show as standalone.

First question, are you dual booting with Windows and thus have SECURE BOOT enabled?

If you answer "NO"

Then my answer is to never install that package if SECURE BOOT is disabled in the BIOS.

That package is only for the use of signed signatures with Microsoft's proprietary SECURE BOOT protocal. And like I said, unless you are dual booting with Windows and have SECURE BOOT enabled, that package is not needed, and has the possibility of doing more damage then good.

Found this to back up my argument...

1 Like

no. I don't dual boot and secure boot is disabled. I also get an update list in the terminal: "shim" and "shim-signed". but they don't get updated, and even ignored.
so the question now is: why do they keep appearing?

1 Like

Probably because it comes with one of the Ubuntu packages from the REPO. To be honest, I am not sure which package it comes from, but it can be ignored for now.

Also, go ahead and install the best package manager for Linux, Synaptic Package Manager.

CTRL ALT T to enter terminal.

sudo apt install synaptic

Once its installed, Click the Zorin :zorin: logo and type SYNAPTIC. Enter password once launched.

Type in the search box... shim-signed

As you can see, its not installed on my system, for if it was, there would be a checkmark in it, and it would be GREEN in color to signify installed. If yours is green, you can mark it for removal by right clicking on it, and then you hit the APPLY button after to finalize.

To prevent this package from updating, you can also select it, then go to PACKAGE, and put a lock on it, you can do this for any software on your system.

Hope this helps!

  StarTreker

yoda
Your Tech Support Guru

As I understand it, the shim-signed - bootloader chained update only appears if secure boot is enabled in BIOS.

In the words of Spock

I already had synaptic installed. I checked shim there and it seems that it is installed.

what should I do?

Right click on it, and mark for removal, then click the APPLY button.

what abut mokutil?

Are you absolutely certain that SecureBoot is disabled? Because those packages are only installed if SecureBoot is enabled.
Perhaps you disabled SecureBoot after the installation was done?

secure boot is disabled. but I don't exclude the possibility that I enabled/disabled it after installation.
I did install it maybe 6 months ago and until now I didn't have to deal with this

Well you could remove Mokutils and such and see what happens.

deleted all three. let's see if it will break anything or not

1 Like

It should be fine. The procedure to remove shim-signed is

sudo apt remove --purge shim-signed

Nothing fancy to look out for there... So removing it via Synaptic would have the exact same effect.

You may want to use sudo apt clean && sudo apt autoremove after.

1 Like