Windows 11 only with Secure Boot - will Dual Boot work?

Hi all,
Sorry - I was not sure which categorie would fit the best, so I picked “Feature Request”, as my question concerns a functionality / feature of Manjaro.

As far as I understand, it is difficult to bring Manjaro to work with secure boot enabled. If that understanding is correct, with Windows 11 it will be difficult to make dual boot Windows 11 + Manjaro as Windows 11 will only work with secure boot - is there currently an easy and good solution to bring Manjaro to work with secure boot?

Here in the Forum I found some topics regarding Manjaro + Secure Boot that state that secure boot is not supported, somehow you can bring it to work, and so - but the relevant topics are from last year.

Many thanks.
Kind regards,
D.

To support secure boot out of the box, I believe that an EFI bootloader signed by Microsoft is required. You can configure secure boot yourself, this guide on the Arch wiki may be of use: Arch wiki UEFI Secure Boot. As you note, doing this yourself is “unsupported”, i.e. the Manjaro team do not provide official support for this (but you may be able to find help on the forum with any issues).

2 Likes

There are ways to use Windows 11 without secure boot, so that Manjaro can be easily installed afterwards.

I have not tested if it works, though.

2 Likes

Hi Summrum, hi Archisman,

Thanks alot for your quick responses.

And thank you for the information, that Win 11 will be possible to run without secure boot - the information I got concerning Windows 11 on another side was, that Windows 11 works only with secure boot enabled - that seems not to be correct - I think in a few weeks we will understand better…

Kind regards,
D.

Kinda hard to know right now as Windows 11 does not release until October-November this year
however Insider Beta releases is coming out later during this week

I don’t plan to purchase a compliant PC so Win 11 is not in my plans. Besides, there seems to be confusion and outrage right now so I’ll just let the dust settle and see what gives at Win 11 release time. I only “need” Windows for a couple of things and with 4 or so more years of support for Win 10 I can comfortably wait it out.

I am now using Windows 11 with Secure Boot disabled and I have no problem with dual-booting Manjaro.

2 Likes

There’s no easy way to enable Secure Boot in Manjaro. Same is applicable to Windows 11, the only difference is that one needs to undertake several steps to disable Secure Boot and have Windows 11 bootable at the same time. So you have to choose which way to go. Having Secure Boot enabled for both systems is way more secure than simply disabling it and believing that everything will be OK.

I believe it’s possible, but a lot of hassle.

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

Go to your UEFI and shut the Secure Boot down.

My computer: Surface Pro 6 with Surface UEFI

My understanding is that MS has disabled the compatibility checks for installation of the Win 11 preview but will enable and enforce the checks in the final release or maybe even earlier. They are interested in seeing Win 11 on Gen 7 Intels and AMD Zen which are currently not on the compatibility list. In other words, Win 11 preview will install on any system and a successful install of Win 11 now is not necessarily an indication of any aspect of compatibility with the final release.

Edit: I probably don’t have my Windows release nomenclature right so Win 11 Preview may not be what they are calling the current version available to Insiders. My comments are meant to apply to the currently available Insider version.

Oh, thanks, my phone’s keyboard thinks it is smarter than me. I meant “easy way”. Corrected.

When you read the Windoze 11 requirements, it just says:

System firmware: UEFI, Secure Boot capable.

“Secure Boot capable” for me means that your device has to support that “feature”.
It does not say it has to be enabled though. :man_shrugging:

https://docs.microsoft.com/en-us/windows/whats-new/windows-11-requirements

Anyways, guys, just switch to Linux only and don’t even bother :wink:

2 Likes

This does not belong to the feature request category.

Share with us any innovative ideas you might have.

Moved to support , as it’s the typical secure-boot M$ bs, and this does not concern Manjaro, but Linux as a whole.

Cannot confirm if this still works!

“Secure Boot capable” for me means that your device has to support that “feature”.
It does not say it has to be enabled though.

I made an account just to confirm that this seems to be the case so far. I have windows 10 (now 11 dev build) and Manjaro KDE duel booted on my laptop with secure boot off. I was able to upgrade to the 11 dev build without any issues and it did not mess up grub or anything. I also did not have to do anything special in windows 10 to do the upgrade with secure boot off, no reg edits or anything. Just switch to the dev build channel and it installed with no issues.

1 Like

There is a very good chance that this may change as Microsoft is not enforcing a lot of the “Security” features in the dev build.

Forget dev builds. Perhaps we will need to decide: Windows or Linux.
Nevertheless, i still do want Secure Boot in Manjaro, even if it was the only boot partition, because it should be a common feature just like in Ubuntu, OpenSuse etc. Secure Boot is simply great and it’s my top search in distros. I’d also like to have Hello like authorization in Linux, instead of the fossil give-me-a-break-already password typing.

Secure boot by default on most PCs uses Microsoft’s keys so for a distro to work with secure boot out of the box, the devs have to pay Microsoft $99 and is a very long process in general so I don’t think that is really necessary.
The other option is to sign using your own keys and provide the user with the public key to enroll it in their system, it is a very easy process and the UEFI will ask you to do it at boot if secure boot is enabled and the distro doesn’t use Microsoft’s keys.

And I don’t agree that secure boot is great
I had bitlocker on in windows with secure boot, I turned off secure boot, booted into Manjaro, turned it back on and booted into Windows and it did not care at all.

Because you turned it back on with the same values it had before. Next time try booting in Windows with some bootable USB stick plugged in. You’ll get a recovery key prompt instead of a smooth process.
Also consider setting a password for UEFI, that will prevent from altering your settings like turning SB off.

2 Likes