Secure boot? MS cutting out most other OSs

UEFI works fine … just not ‘secure boot’ setting.
Unless its faulty like mine and seems to work regardless :woman_shrugging:

2 Likes

Hmmm, well, Ubunto is none rolling & alwys being upfated is good. Seems MS shouldn’t ne able to do this.

I don’t know what Windows 11 needs, but Manjaro should boot as long as you turn SecureBoot off.

Thought UEFI was secure boot, hmmm.

Nope. They are not the same.

UEFI is the firmware on your motherboard. A feature of UEFI, is that it can enable SecureBoot, which means the system can be set to only boot signed kernels.

2 Likes

Well that is good accept that most OSs outside Windows is out. Like is there a easy way to get Manjaro to boot up? That link is not easy looking.

Yes. Disable SecureBoot in your UEFI settings. :slight_smile:

1 Like

Hey @Edward78 ,
I am on dual boot with windows 11 and Manjaro, and Everything works fine if secure boot is off.
you can use this article for creating keys and enrolling them in BIOS.
I have installed sbupdate for maintaing he keys and signing the kernel everytime when it is updated.

So Windows 11 doesn’t require Secure boot & it works fine? I don’t want to have to worry about doing anything to get Manjaro to boot. Any plans to enable linux to Secure boot in the future? I do not want to lock myself out of all other OSs accept Ununtu when I have to get Windows 11.

Yes For now I don’t think they are strict on Secure Boot. Also, it is easy to sign your Linux kernel with the keys. I have attached two hyperlinks for you to the above message.
PS: Please try it at your own risk, and backup all your stuff.

I think secure boot is not the only problem with Win11 (besides Win11 is cancer and should never get pushed with all the sign’s to a golden cage for PC Users, like Apple!), take a look at TPM…

As far as i know, TPM is against Open Source/ Free Ware (If Microsoft don’t like it, they getting blocked and the Developers are History!) and if you disable TPM and Secure Boot you don’t get updates (also no security updates) in Win11.

Don’t get me wrong, its not bad to make a few steps and take a look at the future, but what M$ is doing is really sick and the most people don’t see this, because no one is talking about.

2 Likes

Hm. I didnt realize that was in effect for win11 - but searching around it seems it is.
In case anyone cares - there are apparently ways around this, such as by using rufus:
Create a bootable drive to bypass TPM Secure Boot and RAM requirements for Windows 11 - gHacks Tech News

Just as i said befor, when you disable this stuff, yes you can install Win11 with that (atleast at the moment) but your Updates are disabled because M$ try to force people to TPM.
TPM requires also Secure Boot, so in this case it comes hand in hand and the Golden Cage is coming.

Atleast this are the Infos that i could collected, if anyone prefer video content… here is a video about that problem from a little youtube streamer that i found few days ago:

2 Likes

Well, for some security obscurity you want to have only one OS installed on a machine. Why you even need Linux Distros on that machine if you can load those Linux Apps even graphically via WSL. Sure at some point you might need secureboot enabled also on Manjaro to support the latest stock hardware. However, we have also hardware partners designing hardware especially for Linux. So in the end we will have the OS supported by hardware we have somehow control over.

Could this issue be solved by Manjaro devs in the same way as in Ubuntu?
https://wiki.ubuntu.com/UEFI/SecureBoot

1 Like

Update on Secure Boot on Windows:
I made a bootable Pendrive with Rufus, It might have made a bootable media without secure boot. Will try making a bootable Pendrive with Windows bootable media creator.

I always hope that manjaro signs the boot manager and kernel in the software source, and then publishes the public key as a software package in the software source. Finally, the user can import the public key in the BIOS, and the secure boot can be enabled.

However, some developers replied that because of the nvidia driver, you need to turn off secure boot, but I think even after signing the boot manager and kernel, you can still turn off secure boot in the BIOS, and users who do not use NVIDIA drivers can still choose to enable it. Safe booting can obviously improve system security and ease of use. It is obviously a troublesome and repetitive thing for users to sign the kernel and boot manager by themselves.

And if the kernel and boot manager are automatically signed when the software package is compiled and the private key is unchanged, it seems that you only need to import the public key into the BIOS once.

I wonder what arch distro will be the first to bring secure boot. I periodically check the forums as i’m waiting for this achievement. Secure boot is simply great. Hope M$ pushes everyone, and users will profit.

Linux distributions can sign the kernel and boot loader themselves, even if they don’t use Microsoft’s key to sign the kernel and boot loader. Users only need to import the public key once for the secure startup to work. If the Linux distribution doesn’t sign the kernel and boot loader, To use Secure boot, users have to sign the kernel and boot loader themselves.
And Microsoft has announced that they will no longer sign up for grub2 as a versatile bootloader.

1 Like