diff --git a/build-uki.sh b/build-uki.sh
index 7ee2398..18131b6 100755
--- a/build-uki.sh
+++ b/build-uki.sh
@@ -19,7 +19,9 @@ $sudo objcopy \
   /usr/lib/systemd/boot/efi/linuxx64.efi.stub $path_to_uki
 
 # Sign UKI
-$sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki
+if [[ -v secureboot_enabled ]] && [[ $secureboot_enabled = "yes" ]]; then
+  $sudo sbsign --key /etc/secureboot/full/db.key --cert /etc/secureboot/full/db.crt --output $path_to_uki $path_to_uki
+fi
 
 # if needed, copy UKI to EFI default boot path
 if [[ -v set_efi_default_image ]] && [[ $set_efi_default_image = "yes" ]]; then
diff --git a/variables.conf.template b/variables.conf.template
index 1d828ec..5fb8d12 100644
--- a/variables.conf.template
+++ b/variables.conf.template
@@ -4,4 +4,5 @@
 
 path_to_vmlinuz_link=/boot # /boot in Ubuntu 22.04, / in Debian 11-12
 path_to_uki=/efi/EFI/debian/debian-linux.efi
+secureboot_enabled="yes" # change to "no" if you did not setup Secure Boot
 set_efi_default_image="no" # change to "yes" if you need to boot from EFI\BOOT\BOOTX64.EFI