I am new to using the Linux OS, and I just installed Manjaro. Is it still the case that there is no way to enable Secure Boot while using Manjaro? I installed Manjaro on a Toshiba Satellite P55W laptop running Windows 10. After installing Manjaro, I am getting this error message after enabling Secure Boot: “boot failure: a proper digital signature was not found. One of the files on the selected boot device was rejected by the Secure Boot feature”.
Google Gemini suggested this path: Enabling Secure Boot with Manjaro (More complex):
This method involves enrolling a key for Manjaro’s bootloader (shim) into your UEFI secure boot database. It’s a more complex process, but allows you to keep Secure Boot enabled for better security. However, it’s important to note that this is not officially supported by Manjaro.
Well, yeah, you cant simply enable it and expect %Random Software% to be recognized as secure.
Unlike the hardware manufacturer and m$oft, there is no existing framework or agreement for there to be acceptable keys for %Random Software%. At least not ‘preloaded’.
This is pretty much accurate.
Never was.
Its still in the same state it was always in - you can, but you have to do it yourself.
But - don’t be misled by the description Secure Boot - it is only secure in the sense that the firmware contains a signature which signals to the firmware - you my give over control to the loader signed with this signature.
It is possible - on some systems - to sign and enroll other efi loaders into the secure boot database.
Doesn’t matter much, just keep it disabled. There’s no Canonical or Red Hat for Manjaro anyway, who needs it for their enterprise customers. Maybe someday when Manjaro has a proper company backing…
That’s exactly my case - I’ve been using Manjaro for work for years and now corporate mandates secure boot. I’m unsure I want to go through the hoops of dealing with UEFI keys on corporate’s property so I may just pass and install something else
Commenting to show there are use cases for supporting it
I’m using Manjaro as my main OS, but I’m just too much of a hardcore gamer to pass on Windows, which I dual boot just to play games. I enjoy playing CS2 on FACEIT, but its anti-cheat, which is the main reason I chose to play FACEIT in the first place, requires Secure Boot to be enabled. I end up needing to go into the bios to turn the SB on and off and it’s simply annoying.
Alternatively, some motherboard BIOS let you change the Secure Boot image execution policy (so it tells Windows that Secure Boot is enabled but will still boot unsigned images like Manjaro). It’s an easy solution if your BIOS has that option.
There was a bit of a kerfuffle last year when MSI enabled that option by default…
