Is it possible to enable Secure Boot?

How to enable secure boot in manjaro?! Is it even possible? Using Manjaro 20.1 Gnome(uefi)

Hello,

Please post your inxi information, this will help us to determine your system. I would like to suggest that you use the Manjaro/Arch wiki’s where most answers are provided. Here is a link to the Manjaro wiki.
https://wiki.manjaro.org/index.php?title=Main_Page

Also a quick search using the topic of this post in DDG will give you links to most resolutions on this subject.

1 Like

You cannot boot Manjaro’s kernel with secure boot enabled.
To my understanding, in order for Manjaro kernel to boot with with secure boot enabled, it has to be signed through a licence bought from Microsoft.

1 Like

possible but difficult and not supported
https://wiki.archlinux.org/index.php/Unified_Extensible_Firmware_Interface/Secure_Boot

1 Like

I used ubuntu,it supports secure boot… shouldn’t manjaro include secure boot functionality? I mean in a more convenient way…secure boot in arch looks very complicated to me r8 now!

Like @pebcak said, the Developers will have to buy a key from Microsoft. Which they are not very likely to do. And I would have to ask:why would you want to Secure Boot enable to begin with? It doesn’t really do worthwhile anyway.

1 Like

I was just curious…:grinning:
And ya…if u have 2 pay MS for secure boot…then don’t pay😅

1 Like

The main developer of Rufus really dislikes Secure Boot
FAQ · pbatard/rufus Wiki · GitHub

that page has a link to official policy this:

Microsoft UEFI CA Signing policy updates
While Microsoft reserves the right to sign or not sign submissions at its discretion, this list of requirements should be adhered to…

  1. Code submitted for UEFI signing must not be subject to GPLv3 or any license that purports to give someone the right to demand authorization keys to be able to install modified forms of the code on a device. Code that is subject to such a license that has already been signed might have that signature revoked. For example, GRUB 2 is licensed under GPLv3 and won’t be signed

But I ticked the box on your post because your solution looks so much better

4 Likes

As an End-User and the Person who owns the Computer in question, I reserve the the Right to use whatever Software of my choice, on hardware I own, including The OS and Firmware.

What Legal and Marketing Departments dreamed up Secure Boot in the first place?

2 Likes

So not using secure boot is completely secure?
No need of secure boot?

Short Answer? Not really. However there are a few Use Cases, but I’ll leave to the actual Computer Security Experts to explain farther more on this subject.

1 Like

in short: No.

UEFI Secure Boot (SB) is a verification mechanism for ensuring that code launched by a computer’s UEFI firmware is trusted. It is designed to protect a system against malicious code being loaded and executed early in the boot process, before the operating system has been loaded.

Since everything is installed by a package manager from a trusted source (packages are signed and have checksums like secure boot does), malicious code is not a problem, but Windows has potentially such a problem. The drivers are not builtin the kernel, but have to be installed from other sources etc etc…

Myself i don’t see a real benefit from using secure boot on a linux system, but more or less having a good feeling to be secure from users point of view.

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.