Secure boot? MS cutting out most other OSs

Will Manjaro not boot under UEFI? Seems like MS is being unfair.

Not out of the box.

I believe you can sign your own kernels somehow, but it’s not easy.

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Implementing_Secure_Boot

OMG, any plans for the devs to do that. There is Ubuntu, but it is not rolling.

I don’t believe so, no. As it’s using custom keys, only the user can do that.

UEFI works fine … just not ‘secure boot’ setting.
Unless its faulty like mine and seems to work regardless :woman_shrugging:

2 Likes

Hmmm, well, Ubunto is none rolling & alwys being upfated is good. Seems MS shouldn’t ne able to do this.

I don’t know what Windows 11 needs, but Manjaro should boot as long as you turn SecureBoot off.

Thought UEFI was secure boot, hmmm.

Nope. They are not the same.

UEFI is the firmware on your motherboard. A feature of UEFI, is that it can enable SecureBoot, which means the system can be set to only boot signed kernels.

2 Likes

Well that is good accept that most OSs outside Windows is out. Like is there a easy way to get Manjaro to boot up? That link is not easy looking.

Yes. Disable SecureBoot in your UEFI settings. :slight_smile:

1 Like

Hey @Edward78 ,
I am on dual boot with windows 11 and Manjaro, and Everything works fine if secure boot is off.
you can use this article for creating keys and enrolling them in BIOS.
I have installed sbupdate for maintaing he keys and signing the kernel everytime when it is updated.

So Windows 11 doesn’t require Secure boot & it works fine? I don’t want to have to worry about doing anything to get Manjaro to boot. Any plans to enable linux to Secure boot in the future? I do not want to lock myself out of all other OSs accept Ununtu when I have to get Windows 11.

Yes For now I don’t think they are strict on Secure Boot. Also, it is easy to sign your Linux kernel with the keys. I have attached two hyperlinks for you to the above message.
PS: Please try it at your own risk, and backup all your stuff.

I think secure boot is not the only problem with Win11 (besides Win11 is cancer and should never get pushed with all the sign’s to a golden cage for PC Users, like Apple!), take a look at TPM…

As far as i know, TPM is against Open Source/ Free Ware (If Microsoft don’t like it, they getting blocked and the Developers are History!) and if you disable TPM and Secure Boot you don’t get updates (also no security updates) in Win11.

Don’t get me wrong, its not bad to make a few steps and take a look at the future, but what M$ is doing is really sick and the most people don’t see this, because no one is talking about.

2 Likes

Hm. I didnt realize that was in effect for win11 - but searching around it seems it is.
In case anyone cares - there are apparently ways around this, such as by using rufus:
Create a bootable drive to bypass TPM Secure Boot and RAM requirements for Windows 11 - gHacks Tech News

Just as i said befor, when you disable this stuff, yes you can install Win11 with that (atleast at the moment) but your Updates are disabled because M$ try to force people to TPM.
TPM requires also Secure Boot, so in this case it comes hand in hand and the Golden Cage is coming.

Atleast this are the Infos that i could collected, if anyone prefer video content… here is a video about that problem from a little youtube streamer that i found few days ago:

2 Likes

Well, for some security obscurity you want to have only one OS installed on a machine. Why you even need Linux Distros on that machine if you can load those Linux Apps even graphically via WSL. Sure at some point you might need secureboot enabled also on Manjaro to support the latest stock hardware. However, we have also hardware partners designing hardware especially for Linux. So in the end we will have the OS supported by hardware we have somehow control over.

Could this issue be solved by Manjaro devs in the same way as in Ubuntu?
https://wiki.ubuntu.com/UEFI/SecureBoot

1 Like

Update on Secure Boot on Windows:
I made a bootable Pendrive with Rufus, It might have made a bootable media without secure boot. Will try making a bootable Pendrive with Windows bootable media creator.