Is Secure Boot supported?

After having tested the last release of EndeavourOS in a virtual machine and found it fast, stable and powerful via the yay package manager, I had the intention of replacing a xubuntu installation in one of my dual-boot computers (with windows 10), but before I started the installation I tested a live flash drive with EndeavourOS. It didn’t start in UEFI with Secure Boot only in old bios mode, then I found some website that mentioned EndeavourOS does not support Secure Boot. Is it true? There are already so many linux distros that support Secure Boot, if this is true I hope you are working in a version that supports Secure Boot, it is important for the many dual-boot machines out there.

Thank goodness, it is not! You can be at ease.

3 Likes

Out of the box secure boot isn’t supported.

However, you can setup secure boot yourself as described in the Arch wiki.

That being said, I am not sure why secure boot is a requirement for dual-boot. Windows 11 allows you to disable secure boot.

As for why it isn’t supported, it is primarily because it isn’t supported upstream by Arch by default. When that changes, EOS will inherit that support.

2 Likes

Tks for the reply and suggestion. I checked and Arch Linux temporarily had support for Secure Boot but later removed it. It is indeed possible to create an installation ISO with secure boot support but it does involve some tweaking, which I am not really interested in doing it. Secure Boot is supposed to improve the security of the OS that use it. I use both windows 10 and xubuntu on a daily basis and it is a fact that I haven’t got any virus or malicious attacks in many years, windows had become a stable and reliable system, and years had passed since the last time I had a BSOD. The same can be said from many major linux distros I have been using or testing, mainly in VMs.

Secure boot is not needed for dual boot Win 11. What is needed is :enos: :lock:

2 Likes

Good one! Ha ha! :rofl:

“Secure” Boot is just a failed attempt at racketeering by Microsoft. Failed because some lawyer at Redmond cleverly noticed that it would be an anti-trust nightmare. There is nothing secure about giving money to Microsoft for a licence to boot.

2 Likes

While certainly not a perfect system it sure adds a security layer. For Windows users it’s definitely a pretty good thing. So if you use Windows, it does not hurt at all. Just somewhat useless for Linux.

For windoze users, having their computer catch on fire would be a pretty good thing, as they wouldn’t have to deal with Microsoft :ox::poop: any more then (I pray every night that my work laptop catches on fire).

Having “Secure” Boot turned on is useless on any OS – it does absolutely nothing, except prevent you from booting if you haven’t given money to Microsoft.

3 Likes

Yeah, fantastic thing! :rofl:

Read some of that sometimes.

1 Like

It’s useless as far as I’m concerned. As @Kresimir say’s and i agree! Coreboot would be better. :wink:

3 Likes

If you have a Windows license and are running Windows it is actually better to have secure boot than not to have it. Best case scenario it prevents some attacks or malware. Worst case scenario it doesn’t do anything.

It clearly doesn’t do that. Instead, it lets you install windoze. It also lets you install Buntu.

While I find your anti Windows rhetoric mostly funny, it sometimes really is annoying… :frog: :frog: :frog:

Secure boot is annoying! :rofl:

1 Like

Speaking of windoze being reliable, let me tell you how I start my work day:

I arrive at the office and I dock and turn on the work laptop given to me by the company I work for (as a software developer). It’s a HP EliteBook 840 G5, running windoze 10, a nice little laptop, decently powerful (16 GiB of RAM, 4 core Intel CPU, SSD) though crap build quality…

At the same time, or a few seconds later, I turn on my personal laptop, which is a really, really old HP ProBook 4540s from 2013, which has 5 GiB of RAM and a 2 core Intel CPU, and a WD Blue HDD… Really, it’s a potato. It runs Arch Linux.

The potato laptop boots first, I enter the password, and KDE Plasma loads up. I open a terminal and type in: sudo pacman -Syu, I type my sudo password and run a full update. It downloads some 500-1000 MiB of updates, it installs them, runs post-transaction hooks. I reboot it.

Half way through the second boot process of my potato laptop, my powerful work laptop asks me for my windoze password and by the time I type it in, my potato laptop asks me for the password, too, the second time. I type it in again.

About 30 seconds later, KDE Plasma on my potato laptop has loaded and I open LibreWolf, log in to to this forum, read my messages, browse the web a bit, etc… By that time, my powerful work laptop starts loading MS outlook and teams :rofl:

So yeah, a potato laptop running Linux boots up, updates, reboots and is ready for use before a much, much more powerful laptop running windoze boots up and is ready. And this is very reliable, every time it’s the same thing.

1 Like

And I turn on my desktop work windows PC on for 5 years and never had any problems. It also just works. I like Linux way more and would love to use my own Linux setup, but sadly most companies in the world rely on Windows and its software.

Windows updates never broke anything for me, programs always work and since there are SSDs I don’t have any problems with speed on Windows. From a user perspective Windows is fine, if it weren’t for all the shitty bloat, telemetry, etc. which you can somewhat act against with debloaters.

My point is, there are millions of Windows users and secure boot does help them. Secure Boot is not perfect, as already stated in my first comment, but it sure is another security layer and probably does more good than harm for Windows users.

It’s not necessary. It like TMP was designed to tie your installed OS to the specific hardware you currently have. Just disable it along with TMP.

This should cover most everything you need to know to implement secure boot. That being said as many have mentioned it’s up to you if you care to use it. Most don’t (I don’t).

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot

2 Likes