How to enable UEFI Secure Boot in GNU/Linux

I dual-boot Manjaro with Windows 10 on my older laptop PC using the rEFInd boot manager with Secure Boot enabled. I like rEFInd so much, I’d love to learn how to switch to it on my Lenovo Legion 5 laptop PC and my home brew desktop PC, both of which dual boot Fedora 38 with Windows 11 using the grub2 boot manager and with Secure Boot enabled. Since Fedora correctly supports secure boot out of the box, it would appear to be a rather straightforward proposition switching to rEFInd, but when I attempted to make the change on my Lenovo Legion 5 laptop PC, no joy. I think I need to better understand how UEFI Secure Boot works and how to implement it on any GNU/Linux distribution before I can use that knowledge to choose the boot loader I want (for me it would be rEFInd). I view Secure Boot as another security layer for any PC that supports UEFI, so I want to keep it enabled while dual booting any version of Windows with any GNU/Linux distribution.



We could do a separate tutorial on rEFInd. It is not covered on It’s FOSS.

If you switched the bootloader/manager to rEFInd, you made changes to the boot again, it should have triggered MOK ( a blue screen with options at the boot time). This is just my guess and I have not tried it on my own.

I’ll see if I can replicate the scenario with another distro by changing the boot manager to rEFInd.