How to enable Secure Boot?

I am new to using the Linux OS, and I just installed Manjaro. Is it still the case that there is no way to enable Secure Boot while using Manjaro? I installed Manjaro on a Toshiba Satellite P55W laptop running Windows 10. After installing Manjaro, I am getting this error message after enabling Secure Boot: “boot failure: a proper digital signature was not found. One of the files on the selected boot device was rejected by the Secure Boot feature”.

Google Gemini suggested this path:
Enabling Secure Boot with Manjaro (More complex):

This method involves enrolling a key for Manjaro’s bootloader (shim) into your UEFI secure boot database. It’s a more complex process, but allows you to keep Secure Boot enabled for better security. However, it’s important to note that this is not officially supported by Manjaro.


Thanks in advance!

Well, yeah, you cant simply enable it and expect %Random Software% to be recognized as secure.
Unlike the hardware manufacturer and m$oft, there is no existing framework or agreement for there to be acceptable keys for %Random Software%. At least not ‘preloaded’.

This is pretty much accurate.

Never was.

Its still in the same state it was always in - you can, but you have to do it yourself.

Almost the same as here, with the exception of some differences like our kernels:

@linux-aarhus has done so I believe

But - don’t be misled by the description Secure Boot - it is only secure in the sense that the firmware contains a signature which signals to the firmware - you my give over control to the loader signed with this signature.

It is possible - on some systems - to sign and enroll other efi loaders into the secure boot database.

See Unified Extensible Firmware Interface/Secure Boot - ArchWiki

An example of installing a Manjaro only encrypted system using Secure Boot

If you have the necessary knowledge, it can be modified for dual boot with e.g. Windows.

1 Like

Doesn’t matter much, just keep it disabled. There’s no Canonical or Red Hat for Manjaro anyway, who needs it for their enterprise customers. Maybe someday when Manjaro has a proper company backing…

That’s exactly my case - I’ve been using Manjaro for work for years and now corporate mandates secure boot. I’m unsure I want to go through the hoops of dealing with UEFI keys on corporate’s property so I may just pass and install something else

Commenting to show there are use cases for supporting it

It is a bit cumbersome, but rather easy to do.

What is getting secure -
more secure
is the question

… is this a case of:
don’t try to answer that question
just implement the solution and be done with it?

full disclosure:
I’m as far away of any corporate environment as it can possibly get.

not in the industry

I’m using Manjaro as my main OS, but I’m just too much of a hardcore gamer to pass on Windows, which I dual boot just to play games. I enjoy playing CS2 on FACEIT, but its anti-cheat, which is the main reason I chose to play FACEIT in the first place, requires Secure Boot to be enabled. I end up needing to go into the bios to turn the SB on and off and it’s simply annoying.

third post here in this thread has links to the instructions

1 Like

Alternatively, some motherboard BIOS let you change the Secure Boot image execution policy (so it tells Windows that Secure Boot is enabled but will still boot unsigned images like Manjaro). It’s an easy solution if your BIOS has that option.

There was a bit of a kerfuffle last year when MSI enabled that option by default… :rofl:

1 Like