CSM is BIOS boot.
CSM - UEFI Compatibility Support Module (CSM), which emulates a BIOS mode
The only way you might be booting with CSM on, is that UEFI, tries that first, sees you have no BIOS boot loader in gpt's protective MBR and reverts to an UEFI boot.
Almost all systems will not let you turn on CSM, if Secure Boot is on. CSM is not secure as it is the old BIOS boot.
But a few BIOS, do seem to want CSM on to boot, but you have to select UEFI boot.
You are showing some signed kernels, but grub menu is not using them.
I might run the suggested repair:
Code:
=================== Suggested repair
The default repair of the Boot-Repair utility would reinstall the grub-efi-amd64-signed of sda5, using the following options: sda2/boot/efi,
Additional repair would be performed: unhide-bootmenu-10s fix-windows-boot use-standard-efi-file restore-efi-backups
If you have installed any proprietary drivers for video or WiFi, then you probably cannot turn secure boot on as they are not signed, so Ubuntu cannot fully say system is secure.
Bookmarks