I dual-boot Windows 11 Pro 25H2 with Garuda Mokka Linux on all three of my devices. I keep secure boot enabled on all three computers, and all six OSes simply because it adds yet another layer in my security onion (make ’em work as hard as possible for what little they’ll get!). Windows 11 want’s it, although it will run with the option disabled, albeit with fewer security options active. Fortunately for me, Garuda has a secure boot package that automatically signs the Grub boot manager and kernel images as an after-install hook, so I never have to deal with all that anymore, and the setup is as simple as installing the package, then executing a command that does the rest, both one-time requirements. After rebooting and re-enabling secure boot, I also had to perform the secure boot registration process, but the process is clearly documented in the item linked below. If you’re interested, you can read all about Enable Secure Boot support.
AFAIK secure boot keys are a way of verifying the os on boot through signed keys - if a pc recognizes the signed key - the os or distro can boot in uefi or secure boot mode - if it does not, it can only boot in legacy mode… Ubuntu and Fedora can usually boot in uefi mode, as have gone through the process of registering signed keys - FD64 is a distro some users have been able to secure boot by adding a FD64 key -while other distros openly require booting in legacy mode. There are other projects like Coreboot trying to provide an open-source alternative to Windows Secure Boot.
Thanks Ernie.
I guess if most motherbards come to require secure boot, then most linux distros will provide support, like Garuda.
I just wish it would all go away … but that looks unlikely.
I guess using TPM chips as sentinel / monitoring devices concerns me more than the ability or inability to turn off SB. And the constant ratcheting up of hardware ‘requirements’ is another thing making me pull the rip cord from the Redmond drone fleet.
I guess I’m not a card carrying capitalist, but materialism seems to be part of American DNA.
I used to mess up a bicycle that I used to get around campus in my undergrad days, with skillful application of a chain to the painted frame. Nobody would steal such a rusty hulk, and I rarely locked it. But hey, still beats walking!
The good news is that while modern motherboards support UEFI, and it’s the user interface to the board’s configuration, secure boot can be enabled, or sisabled in the UEFI settings, so if you use GNU/Linux, and don’t want to use secure boot, you don’t have to, but it’s there if you should change your mind!
A lot of people would consider that installing Linux in a computer messes it up. BSD even more so. Perhaps we should go for the most esoteric unwanted OS on the planet… but even that will not circumvent malicious hardware like SB.
Not only American.
We all fall for this business of figuratively building more barns to store excess produce, when we ought to be giving it away.
FOSS has demonstrated that the best way to ensure software survives is to give it away. It ends up everywhere. Trying to hide it then sell restricted copies is a dead end.
@4dandl4 said that motherboards are now appearing without the ability to turn SB off.
I hope noone buys them. We dont want malicious hardware with no ability to switch it off or remove it.
I agree! I suppose that’s yet another thing we have to look out for when we purchase new hardware! Since I assemble my own desktop PCs, I’ll have to check that the m-boards include the ability to activate/deactivate secure boot - something I’m surprised to ever need to avoid!
Most of the OEM boards from Dell and HP are already like this and most of the hardware is soldered to the board, it is a freaking nightmare!!! Most of the DIY boards can still be switched!! New laptops or even worse, but no one is buying Desktop PC’s and laptops will soon be replaced, and all we will have then is AI, giving instructions!!!
His does AI come into this secure boot issue? Are you saying all new laptops will be AI instruments? Workstations and servers , on the other hand , might escape AI?
I am thinking a lot of OEM pc’s are moving toward a AI generated OS, especially laptops and tablets!! I will run my two old Dell laptops, as long as I can !!
From what I gather AI will be the assistant for everything that the PC will do, and will more than likely be locked down to MS and probably even Google specs!!
More than a GUI replacement … more like changing your work pattern or even replacing apps with some sort of super-app?
End of computers as we know them.!
Maybe I should retire now.