I have been trying to set up a multi boot with Windows 10, 11, and Manjaro witch normally I can do without secure boot. In that case I have been trying different means including multiple fresh installs trying to get Manjaro to boot with “Windows UEFI mode” nicely without the security integrity violation error to occur.
Now I want to point out that my motherboard is a Asus brand motherboard in witch I assumed that “Other OS” would still enable secure boot from the looks of it enabling secure boot with “Other OS” just essentially disables the secure boot functionality.
The furthest I have manage to get from the firmware not booting with the integrity violation to a :
Error: prohibited by secure boot policy
Witch drops me into a grub recovery shell with “Windows UEFI mode” enabled (witch I guess is somewhere).
I can tell that grub is at least accepted by the firmware, but what causes issues beyond that is unknown.
Manjaro doesn’t boot with Secure Boot enabled. You need to follow instructions from linked thread above in order to be able to. I wouldn’t bother to enable Secure Boot at all, but if you want to try new things go ahead.
I really didn’t want to work with secure boot either, but with Windows 11, and now games (that only work on windows) that use a kernel anti-cheat they require secure boot in order for the game to be playable. That the issue. Otherwise I’m fine without it.
A wrong assumption, I’d guess. You need to actually disable Secure Boot by whatever mechanism your BIOS provides - “Other OS” is not it - you may for example need to delete the keys.
In any case, your Mainboard manual(s) likely have the information needed. Provide enough system information (see below) and someone might point you in the right direction, if you don’t have the manual.
Regards.
Welcome to the Manjaro community
As a new or infrequent forum user, please take some time to familiarise yourself with Forum requirements, and the many ways to use the forum to your benefit:
Update Announcements
The Update Announcements contain important information and a Known Issues and Solutions section that should generally be checked before posting a request for support.
System Information
While information from *-fetch type apps might be fine for someone wishing to buy your computer, for Support purposes it’s better to ask your system directly;
Output of the inxi command with appropriate parameters will achieve this (naturally, formatted according to forum guidelines) and will generally be more useful for those wishing to help:
Be prepared to provide output from other commands whenever asked. It’s equally important to provide as much actionable information as possible in your first post, rather than simply indicating there is a problem.
I was a little confused with their assumption. On my Asus motherboard, to enable secure boot, you need to go to the Boot tab/menu, and from there you need to change Other OS to Windows UEFI mode. Other OS secure boot is disabled.
It’s interesting to see how the technology changes over time. In very basic terms (before UEFI) one would select “Other OS” to not have BIOS strictly tailored for a Windows installation. Selecting it was the natural choice for those who wished to install BSD or Linux; Secure Boot wasn’t even in the picture.
I use an Asus mainboard myself, and Secure Boot is disabled simply by deleting the keys. Disabling by switching to “Other OS” somehow seems counter-intuitive (to me).
Then again, most assume Secure Boot to be a M$ technology; implementations are often influenced accordingly; so it isn’t entirely unexpected.
In a way, it is a Microsoft thing. Microsoft is on the UEFI Committee, and on the TPM Committee.
Even the whole UEFI design is Microsoft-influenced. UEFI executables are in the Windows binary format, the UEFI Shell uses the Windows CMD.EXE commands and syntax, and with the exception of the Apple-specific implementation, UEFI only supports FAT-derivative filesystems.
Asus gives the follow info when were are selecting one or the other:
🛈 [Windows UEFI mode:] Execute the Microsoft secure boot check. Only select this option when booting on Windows UEFI mode or other Microsoft secure boot compliant operating systems.
[Other OS]: Select this option to get the optimized functions when booting on Windows non-UEFI mode and Microsoft secure boot non-compliant operating systems.
*The Microsoft secure boot can only function property on Windows UEFI mode.
