Myself EndeavourOS + 11 I’m using Windows. Linux Windows etc on a daily basis valorant anti-cheat that I use it for games. Who knows, the Windows 10 secure boot is turned off, even while at play valorant is requested when the game opens smoothly. 11 but the windows secure boot policy and riot dictate precise thanks to our brother, my guess would be 3 years before the opening of 11 for Windows with Secure Boot can’t play Valorant, our brother, and instantly open it again and stepped Vanguard gives you a warning that prompts you to enter a secure boot. Turn on Secure Boot in the BIOS if I say I’ll going to enjoy this time you are having a problem in Linux. Because of Secure Boot and the GRUB menu does not open and also closed-source NVIDIA drivers(Nvidia’s personally made for Linux), stable, secure boot is turned on when does not work on Linux. When I upgrade my Windows 10 to Windows 11 unfortunately, I stayed alone with this problem. I tried for 7 hours just to fix this problem. On the Internet Limited and piecemeal information that I managed to solve my own problem for me because all this research I tried to offer the book as a whole. Open the boot on a system that is Secure in this guide Arch Linux-based distribution (e.g. EndeavourOS) sbctl I’ll tell you how to use the tool for it to work seamlessly.
Secure boot Arch Linux, EndeavourOS) steps towards compliance with:
1. BIOS settings
In the BIOS secure boot to enter the menu and do the following settings:
- Delete all existing Secure Boot keys:
- Reset to setup mode
- Clear all Secure Boot keys
Purpose : Setup Mode " is “enabled”. Briefly is to enter into setup mode.
For example I have the MSI BIOS. So, from there I’ll give you a sample. (Different manufacturers, different steps may be, but our goal is the same.)
The DEL key to enter BIOS menu after another constantly the BIOS menu, and press and press until we need to stop. Different manufacturers in the DEL key instead of pressing different keys can be. (F12, F9, etc, etc)
You see above is where we make our adjustments related to secure boot. However, this is down to the carpet he is useless to us. We need to clear the hidden BIOS, MSI hidden BIOS setup mode in the bios of the reason have been removed. Hidden in my model of my laptop to open the BIOS press ALT + F2 + right Ctrl right Ctrl key press the Fn key if you need to be able to be Copilot) + we needed to press the right Shift key simultaneously. According to your model may require different combinations. Finally, in the following image, such as is supposed to be setting a lot of.
What we need to do here is " key management “e to enter. Of course before you do this,” Secure Boot Support "u Enabled and the standard instead of Custom, we have chosen, click.
(Sometimes called Secure Boot this step when we walked by opening, you can’t log in to Linux. After completing the steps below if the BIOS is still grub menu during boot(Linux or windows a window that asks you to enter) if you do get Secure Boot enabled , BIOS, follow the steps for the following.)
This key management department. From here on is the factory default Key Provisioning , click Disabled, we’re doing it. In order to do this, the BIOS when you save the encryption keys back to factory settings, the teats are provided.
Remaining below 3 lines then reset to setup mode 'to questions from a Entering Yes at the end said after setup mode ', we provide a pass.
If the BIOS if the system has been serviced, concludes by saying, save all our steps in the BIOS. We can view the event log to Linux from the GRUB menu. The other steps in our console commands in Linux with a secure boot system BIOS to recognize we’ll make some adjustments.
2. installation and Adjusting sbctl
sbctl, user-friendly and secure boot complete with a working arch system management tool.
a) sbctl install:
Bash:
sudo pacman -S sbctl
b) check the status:
Bash:
sbctl status
If you see the following if the entire process is:
YAML:
✘ Sbctl is not installed
Setup Mode: ✘ Enabled
Secure Boot: ✘ Disabled
But setup mode: Disabled "if it says in the BIOS, secure boot keys you didn’t clean means.
3. Don’t Enroll and create a key
Create and introduce your keys to the system:
For this, enter these commands in the terminal screen sequence.
Bash:
sudo sbctl create-keys
sudo sbctl enroll-keys -m
The-M parameter in Microsoft adds keys, thus will also work seamlessly with secure boot Windows.
Then check again:
Bash:
sbctl status
The output should be like this:
YAML:
✔ Sbctl is installed
Setup Mode: ✔ Disabled
Secure Boot: ✘ Disabled
Owner GUID: xxxxxxxxxx...
4. Without The Use Of The Shim, The Group Re-Setup (Optional But Recommended)
If a shim or you don’t want to use the group if you are not using, we recommend that you reinstall as follows:
Bash:
sudo grub-install --target=x86_64-efi --efi-directory=/efi/dizini --bootloader-id=EndeavourOS --modules="tpm" --disable-shim-lock
sudo grub-mkconfig -o /boot/grub/grub.cfg
/efi/directory of the part depends on your system:
Usually /boot/efi or /efi is. To be sure lsblk or findmnt /boot/efi with check.
Systemd-boot if you are using you can skip this step.
5. Signing The Necessary Files
Now we’re signing the relevant files to allow the secure boot EFI.
First unsigned files list:
Bash:
sudo sbctl verify
You will see lines like the following in the output:
YAML:
✘ /boot/vmlinuz-linux is not signed
✘ /boot/EFI/BOOT/BOOTX64.EFI is not signed
✘ /boot/EFI/GRUB/grubx64.efi is not signed
The signing process:
Bash:
sudo sbctl sign -s /boot/vmlinuz-linux
sudo sbctl sign -s /boot/EFI/BOOT/BOOTX64.EFI
sudo sbctl sign -s /boot/EFI/GRUB/grubx64.efi
Other necessary EFI files also sign the same way.
If a different kernel (e.g. Linux-Zen) if you are using him should be signed note ni. For example:
Bash:
sudo sbctl sign -s /boot/vmlinuz-linux-zen
This I jumped in detail; the GRUB menu comes up, but the operating system back to before the opening of back to the group if that is actively used probably because the kernel (vmlinuz-Linux-zen-such as it is not signed. Carefully check the output to verify sbctl.
After signing let’s check again:
Bash:
sudo sbctl verify
Everything 
should appear as.
6. Open up the BIOS secure boot and start again
After all processing is complete, restart your computer. Go into the BIOS and secure boot 'u Enabled to make.
Now:
- Windows opens at 11 Valorant,
- Linux does not give an error at boot
- The Nvidia driver works,
- Makes signing in sbctl updates automatically.
Extra Info:
- If the kernel or the EFI file by hand if you are adding sbctl sign-s /file/path manual you will need to do a signing.
- Each kernel and the bootloader automatically makes sbctl signing in Update (package thanks to the hook).
We hope this guide helps you to enable secure boot without my tribulations on effortlessly — if you like to share, archive, and don’t neglect to remember that you may need one day!
My own guide has been added by being translated from my local language, Turkish. To reach…