I’m currently dual booting Windows and Manjaro on my laptop, but since Windows 11 requires secure boot and Manjaro doesn’t, I have to enter the BIOS and enable/disable it every time I want to switch between the two. To fix this, I followed the Arch Linux wiki tutorial on how to add UEFI Secure Boot using Preloader-Signed. I successfully added a new preloader boot option but after I restart to try to boot into it, it removes the option and boots into the non-secure boot Manjaro boot option. I know the issue is likely because the tutorial is for Arch, but it was the only tutorial I could find, and I figured it could work with some modification since Manjaro is Arch based. (i would add a link or image or something, but apparently new users cant.)
AFAIK persistently modifying boot or kernel parameters requires two steps:
- edit a configuration file
- execute a command to apply the changes
Have you done the second step?
the arch wiki told me to move the preloader.efi files into the systemd folder, rename the systemd efi file to loader.efi, and then run this command to add it to the boot config:
sudo efibootmgr --unicode --disk /dev/nvme0n1 --part 4 --create --label "PreLoader" --loader /usr/lib/systemd/boot/efi/PreLoader.efi .
I did all this, now running efibootmgr returns:
BootOrder: 0000,0003,0002,2001,2002,2003
followed by a bunch of boot options, then
Boot0000* PreLoader HD(4,GPT,bf1887c5-fbbe-8746-bfce-49e50df906bb,0x30610800,0x9c3f800)/File(\usr\lib\systemd\boot\efi\PreLoader.efi)
which i assume means that the preloader bootloader was successfully installed and set as the first boot option. however, when i restart, the Boot0000 is gone and 0003 (default manjaro) is the first one in the BootOrder.
(the arch wiki command is not identical to the one i posted here, i updated mine to work with manjaro’s file structure.)
Is your ESP used by your UEFI-BIOS the same partition as the one mounted in manjaro?
They could be different, please post output of lsblk --fs to check if there are multiple ESP’s available on different disks…
This is at least wrong, because the loader needs to be on the ESP and not on any other partition to be accesible by the UEFI-BIOS.
NAME FSTYPE FSVER LABEL UUID FSAVAIL FSUSE% MOUNTPOINTS
nvme0n1
├─nvme0n1p1 vfat FAT32 E88E-B3E0 66.3M 31% /boot/efi
├─nvme0n1p2
├─nvme0n1p3 BitLocker 2
├─nvme0n1p4 ext4 1.0 7a6e3999-bd58-4a5a-abd7-52160a5ec531 33.8G 51% /
└─nvme0n1p5 ntfs AC5AD5375AD4FED0
here it is. p3 should be my Windows install, and p4 is Manjaro.
Ok nice, that means you only have one ESP so no confusion there 
So what you need to change is place the loader inside a subdir of nvme0n1p1 and mention that in the loader option.
fe:
- If you have mounted your
ESP(nvme0n1p1) on/boot/efi - If you placed the loader at lets say
/boot/efi/Manjaro/PreLoader.efi - Then you would use
--loader /Manjaro/PreLoader.efi
Because thats the full path relative to theESProot.
That way the boot entry should not be removed by your UEFI-BIOS because it can access it when checking the entries.