Feature Request: User-Friendly "Secure Boot" Solution

Arch-wiki is very cryptic on the subject; relevant Reddit topics are scattered and sourced poorly. Too many git scripts claiming to solve some 10+ yr. old issue keeping linux from achieving feature-parity with Windows.

No efforts to curb above-average Joe from making examples out of average Linux users.

In layman’s terms, Qubes OS AEM (“Anti Evil Maid”) for dummies.

Encrypting /boot only shifts the goalpost for attackers (i.e. the bootloader).

User friendlynsecure boot idk…

But in some efi bios you can simply disable or a option to identify grub and make it trustable

My understanding of secure boot is that it was designed in UEFI for the purpose of stopping attempted access to the EFI partition on boot. Microsoft wanted this feature implemented. On some distro’s it can be used if you setup grub-efi after install supposedly from what i have read. Haven’t tried it i just turn it off.

1 Like

in this old acer laptop, i selected grub some how i dont remember in efi bios is stil old version of it lol… but it did boot intoo it and installed on secureboot but in mean time i disabled it… those options should be in efi bios or the distro has bring some code ?

Then I’d rather go in the complete other direction using Libreboot or coreboot. I haven’t gotten around to fiddling about with them, but they most certainly are on my look into list.

https://libreboot.org
https://www.coreboot.org