This way I can enable secure boot after importing the public key in the UEFI firmware setting interface.
It is usually more troublesome to sign the launcher and kernel by the user himself…
see this
https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/Secure_Boot
as we need to compile kernels with nvidia drivers ,
you will have to choose , Secure boot or nvidia
1 Like
Signing the kernel and bootloader without enabling secure boot does not seem to affect the nvidia driver.
Whether to enable secure boot is of course up to the user’s decision.
But signing the kernel and booter by default and providing the public key can certainly improve the ease of use of the OS, and ease of use is the purpose of manjaro, isn’t it?
Or as long as you sign the kernel and the bootloader, no matter whether secure boot is enabled or not, the nvidia driver will not work?
I am also interested in this issue - now that at least XFCE is supported with a persistent usb boot loader this would enable me to use Manjaro on the go together with more “security enforced” environments like … my work Laptop.
Quickly jumped into the Arch linux article mentioned above and found that this could be workable with not that much effort… did anybody already try this out?