Novato en apuros con Secure Boot / Newbie with Secure Boot problems

Hola a tod@s
He instalado Manjaro como único sistema en mi ordenador, instalación automática, vengo de openSUSE Tumbleweed donde arrancaba sin problemas con Secure Boot, aquí sencillamente no sé qué hacer para configurarlo.
En modo Legacy funciona sin problemas y si escojo UEFI en el GRUB se reinicia abriendo el software de la placa madre, cambio la opción a Secure Boot y entonces el GRUB no se carga.
¿Alguna idea?
Gracias por adelantado

Hello everyone

I have installed Manjaro as the only system on my computer, automatic installation, I come from openSUSE Tumbleweed where it booted without problems with Secure Boot, here I simply do not know what to do to configure it.

In Legacy mode it works without problems and if I choose UEFI in GRUB it reboots opening the motherboard software, I change the option to Secure Boot and then GRUB does not load.

Any ideas?

Thanks in advance

disable secure boot
or
test sbctl
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot

volver a comprobar las opciones en la placa base UEFI

SecureBoot desactivado
Fast Boot desactivado
No CSM
No Legacy
todos los discos en AHCI

a partir de la clave USB iso live manjaro

arrancar en UEFI <partición 1>

abrir el terminal

inxi -Fza
test -d /sys/firmware/efi && echo efi || echo bios
sudo efibootmgr -v
sudo parted -l 

in english
recheck the options on the UEFI motherboard

SecureBoot disabled
Fast Boot disabled
No CSM
No Legacy
all disks in AHCI

from the live manjaro USB iso key

boot into UEFI <vendor’s name> <partition 1>

open terminal

inxi -Fza
test -d /sys/firmware/efi && echo efi || echo bios
sudo efibootmgr -v
sudo parted -l 

Manjaro does not support Secure Boot

Secure Boot is not supported by Manjaro (by default) and must be disabled in your BIOS. The procedure can vary depending on the Mainboard/BIOS manufacturer. Consult your Mainboard documentation or Manufacturer website for required information.

Windows 11 and Secure Boot - Informational

A common misconception is that Windows 11 requires Secure Boot to be enabled - this is, however, inaccurate. It is required that Windows 11 be installed on a Secure Boot capable computer, but there is no actual requirement for Secure Boot to be enabled.

Secure Boot must be disabled in BIOS

In order to boot Manjaro, or rather GRUB 2, Secure Boot must be disabled in your BIOS.

UEFI binary signing for Secure Boot - Informational

Microsoft provides a UEFI signing service for developers and has positioned itself as the sole signing authority for Windows machines using Secure Boot. Microsoft reserves the right to allow (or disallow) signed binaries at it’s absolute discretion.

The Microsoft 3rd Party UEFI CA allows for Linux boot binaries to be signed and used with Secure Boot. Microsoft permits the Linux Kernel to be signed, as it is subject to the GPLv2 license, but not any software subject to the GPLv3 license (this includes GRUB 2).

• Linux distributions typically use GRUB 2 as the default bootloader.
• Costs of Microsoft’s binary signing can be prohibitive for GNU/Linux.

Related:

• UEFI Signing Requirements
• GNU General Public License
• Linux kernel licensing rules

Microsoft is not the only game in town

The apparent monopoly that Microsoft has on UEFI binary signing is artificial, at best, and mainly relevant for the purposes of the ‘Microsoft Marketing Machine’.

It’s possible to self-sign Linux binaries for Secure Boot purposes; the rEFInd boot loader (as one example) has extensive documentation on the topic.

You are encouraged to do your own research and make your own judgement on the merits of Secure Boot. For the time being, at least, it remains unsupported on Manjaro, and many other Linux distributions.

I hope this goes some way to answering your questions.

Cheers.