I own a late 2019 Computer Upgrade King Hewlett Packard Omen 15t gaming notebook PC. It uses the UEFI and it does not use the legacy CSM. I disabled Secure Boot in order to install Manjaro 20.0.3 64-bit “Mikah” GNU/Linux which later updated to 20.1 64-bit “Mikah.” I also used the command pacaur -S mokutil recently and it is installed with the current version.
In the Chris Titus web page that I linked, he describes the easy and hard way to install, enable, and turn on Secure Boot for Debian and Arch-based GNU/Linux distributions. I have not done this beforehand as I almost always disable Secure Boot when installing a GNU/Linux distribution on former PCs.
I would like to know if my late 2019 CUK HP Omen 15t is going to work with Manjaro 20.1 64-bit “Mikah” GNU/Linux if I install, configure, enable, and turn on Secure Boot in the future. I would like to know the detailed steps by which to get it to work. I know little about this specialized subject matter so please be patient with me as I learn and understand where I am coming from. The reason why I want to enable Secure Boot is to prevent malware and Evil Maid attacks, but I also have Microsoft Windows 10 64-bit Pro edition version 1909 as of the current September 2020 Microsoft Patch Tuesdays security updates installed on my ADATA SX8100NP M.2 PCI-e NVMe x4 2 TB solid-state disk so I would like to re-enable Secure Boot for it as well as Manjaro in the future. If this community would help me to do that successfully so that both Manjaro and Windows 10 boot up with Secure Boot enabled and turned on without too much technical difficulties, then I am going to appreciate your help. Thank you.
I did more research on this forum and it seems that Secure Boot is not officially supported by Manjaro and it results in false security by giving the customer or end-user the illusion of peace of mind as a security feature. I have not decided whether it is worth it to investigate how to install, configure, enable, and turn it on yet, but I think it is unnecessary at this point. I shall continue my research here and on the web to learn more about the pros and cons of Secure Boot with respect to Arch and Manjaro, but I think it is not worth it. I would appreciate more feedback from this community about this subject matter. Thank you.
It depends on your UEFI firmware. Some allow you to add your own cryptographic hashed and then you can make Manjaro GRUB boot as securely as any other certified UEFI application.
However
Every time the Manjaro team re-compiles GRUB resulting in a different cryptographic hash, you’ll have to remove the previous key and add the new one.
As this is a function of your UEFI Firmware, not Manjaro, you’d better contact HP to find the detailed steps you’re seeking…
