This might be helpful if you guys can put, this stuff in your linux distro for Booting with Secure Boot Enabled, solus 4.4 distro's

Since Solus 4.4 secure boot is now supported. When you first boot the ISO, and, if you have secure boot enabled in your UEFI firmware; you will have to perform the one-time-step of manually enrolling the Solus certificate. The following guide will walk you through this. If you already have Solus installed and wish to enable secure boot, skip ahead here.

Note that this only applies to machines with UEFI firmware, if your machine uses the older BIOS firmware you can safely ignore this article. If you wish to avoid having to do this step then you may disable secure boot in your machine’s UEFI firmware interface.

I think maybe if arch linux based ones use something like this, they would be able to also find a fix for that whole secure boot thing, I know fedora, kubuntu, ubuntu and OpenSuse already have their own method, but I think the registering an .cer file into the secure boot that then allows you to boot into linux with secure boot on, seems to work on all my pc’s so far, for the Solus version, I wanted to post this somewhere like here, anyway I hope this can be put into other linux distros too, it might help people that don’t want to touch their bios settings.

In Archlinux not having Secure Boot is a feature not a bug.

Wasn’t Secure Boot just talked about in another thread with someone wanting Endeavour to add it to the OS. I think the general consensus was its not wanted,needed or even cared about.

I read somewhere online that some new pc’s have secure boot turned on, and the settings are not accesable in their bios, anyway I read about that online, I don’t know if that’s true about new pc’s being released that their now locked into microsoft windows. otherwise secure boot on by default on some systems, and not everone wants to go into bios settings to disable it, plus its a security risk if you turn it off, I read that too, again something to do with maid attacks, or at least theirs a post online about that in the secure boot linux thing, I am not sure where I read about the maid attacks thing, I think it was a heading in a linux for enabling secure boot like opensuse tumbleweed or fedora 38, I don’t recall it was some linux distro I was testing or playing with and I had disabled secure boot to use, it but then under its how to for making that distro to work, they had in the secure boot enable step by step thing, it read something about evil maid attacks in its topic for secure boot and the arch apps to make it work or to enable it but I found its fix for making secure boot work broke that arch based off distro, and then I had to reinstall it, since it cause the bootup to not load grub2 and only have a menu for the firmware acess, so I did something wrong in its steps for getting secure boot to work from the terminal under linux, since I do use sudo su and stuff to install things or update the system still with that type of acess under linux,

but yes not sure secure boot is really needed or if it was just created for TPM and windows 11, I don’t know for sure, my older gigabyte has secure boot but no TPM 2.0 device in it, only my new gigabyte desktop and my laptop has a TPM thing in it. not that that matters. its been around for a long time but only windows 11 requires it on default now from my understands it only stops linux from booting, besides that new solus 4.4 that cen now boot and install and run with secure boot on, but its a linux built from scratch and not an debian, fedora, or gentoo or opensuse based linux distro. also I wil not run linux on my new pc, too many games still require windows, and games like ubisoft connect and epic games stores don’t support linux, other reason linux is only for old pc’s or playing with it on old hardware, I have no plans on installing linux on my new systems, I don’t like how plasma gnome all shells work ok, for say desktop is kde good but then I think the laptop gnome is better, but some like mate shell I just don’t like or need, and Pantheon is a mac clone shell if I recall for linux, otherwise I am still not inpressed with the options for the linux gui desktop systems yet on that topic, its been years of new versions of these things, and they still don’t work as good as windows shell like explorer.exe, they try but have not perfect features even today, don’t get me wrong I like how secure some are like fedora silverblue and its kde versions but at the same time on them I find the software is slow to install, and I can’t say I understand its update system structure from a home user, I don’t understand all the stuff linux does on the console terminal level I only understand some of it. plus windows 11 is needed for xbox cross compatable games, and there is no working apps for xbox games like there is for epic games non offical support software or ubiosoft connect sure some things work with wine but other gaming titles don’t run even today I think again why only my older pc is using linux, its fine for video media or graphics but gaming on linux is not very supported even from gog games or steam games only some of them will run, but I own more epic games than steam based ones. and I own only a few gog game titles. for me linux gaming been a hit and miss thing, some things work and others don’t work still after all these years since red hat gave out free dvds of linux. which I think was my first linux version I played with on even older pc’s desktops.

Secure Boot, TPM2, LUKS, and a potential security hole in the Wiki / GNU/Linux Discussion / Arch Linux Forums

there was just a thread about Endeavour offering secure boot less than a month ago

ubuntu has some graphic problems with the NVidia drivers, not the open source Nvidia drivers theses don’t play well with my NVidia rtx 2070 3D card, I do prefer kubuntu to ubuntu, but I tried it, for some reason ubuntu seems to run a bit slower than arch Linux, and even openSUSE tumbleweed seems faster than ubuntu on my older gigabyte’s hardware. ubuntu I read is not good for gaming but I am not sure, its very easy with apt-get apt-get updat and apt-get dist- upgrade, but they all have their own versions of these commands and I only used snap like once or twice on a version of Linux, I am also not trying to start a flame war, sorry if I over typed sometimes I do so, but not always, I am not mad about Linux, just disappointed that I haven’t found the right shell for it yet, I tried a lot of them and I go back between using plasma and gnome all the time, I used windows and mac’s back in school, so I also know them pretty well, but wasn’t trying to educate but there are some limitations to using Linux, that stop me from using it on all my pc’s hardware mostly it has to do with some games I own that I can access from windows but not from Linux yet. but it’s not your fault Linux is still limited after all these years, I keep seeing new releases at distrowatch website,

I used it to look into different distro’s I tried a lot of them, I like deb packages, arch packages, I don’t like red hat, fedora is ok, I like how openSUSE tumbleweed uses packages, to install, but I don’t like how gentoo distro has to compile every installed packages and system updates, it takes forever if you ever used gentoo and its package system can take days and hours to update it, that is the one distro I stay far away from all these years, I tried gentoo back when it had live distro like kde and gnome, but I found that I really didn’t like its package system gentoo has. I like tumbleweed for openSUSE but don’t like its older distro’s they didn’t work well on my hardware, and I like its new MicroOS which is just like Fedora’s Silverblue versions, they are very good if you want a stable system like all the time. and if you don’t like playing with unstable versions of Linux, but that depends on your Linux skill level I think, as people have different skill levels when it comes to even using Linux as you might know already.

Endeavour installer distro is ok, but from what I recall it disabled me to using my Bluetooth hardware for my Bluetooth ear pods and sound systems, was not able to connect to them with Endeavour distro version I had tried while ago, I prefer USB ISOs that can be installed in an offline mode installer mode without needing to download a lot, I would rather download a big ISO image than have it each time its installed or reinstalling to have to download files each time takes too long, and its easier to install software afterwards or update it after its installed to the HD, this one works best for online access to download all the files it seems to need to run, and I was not happy with Endeavour when it took it upon itself to disable toe Bluetooth Linux drivers needed for Bluetooth hardware because of some sort of flow in the drivers that allowed hackers to access your Bluetooth hardware I don’t know if this effected home users, or just people at work, in any case this version of Linux hard the Bluetooth drivers disabled, and when you tried to reenable the Bluetooth drivers, it then failed to find or access the Bluetooth hardware I don’t recall but at the time there where two distro’s of Linux that had Bluetooth hardware disabled on default from the kernel startup this was one of them., which is why I don’t like Endeavour, and would use some other Linux distro like Carmar installer or whatever the other one is that also is built like its installer, at this time I can’t think of the name of it, either at GitHub or that other website that hosts Linux distro’s.

one last thing I wanted to bring up, on the topic go logging into kde or gnome I do prefer X11 still, Wayland doesn’t like the NVidia drivers, and I noticed on screen graphic bugs or glitches with Wayland still in openSUSE tumbleweed and a few others, I think Wayland might like the open source NVidia drivers more, but they don’t work right still on all of the Linux distro’s. otherwise, I am logging off to do other things, then talk about this anymore today.

well that all, I am going to talk about on Linux topic’s, hope you have a nice day or week

Anything with Windows has for a very long time.

There some who think that, there’s many who absolutely disagree. With that, there’s some distros that can work with secure boot. Fedora does for instance, but I still need it off to work with my xpadneo package anyways. Most folks here will tell you it’s worthless.

If you’re interested in having secure boot work out of the box, I hate to tell you, you’re in the wrong place. You will really need to move this plea to the Arch Linux forum.

You can already install Arch, or even Endeavour and then sign the packages post install yourself and turn on secure boot after, although I don’t actually know of anyone that does.

But if you’re interested in this feature, You gotta go above us. Head to Arch, unless Arch offers it, there’s not a chance in the world we could.

If you’re interested in signing your own keys and creating a secure boot installation, this is a great start for you.

Good luck.

(Also, PLEASE, capitalization and punctuation, holy hell was that tough to read)

https://bbs.archlinux.org/viewtopic.php?id=278709

then maybe you should reconsider using a rolling release distro. Rolling releases are constantly updating. Installing from an old ISO not being online can make the update process a very lengthy one not to mention the greater increase in things going wrong

FYI this is a feature, not a bug. Please check out the wiki for Bluetooth info. Nothing was disabled, it was just never enabled in the first place.

Sounds like you are comparing Windows to Linux and using Windows as a measuring tape, while they are two different Operating systems(and yes I know it’s GNU/Linux since Linux is the kernel) so you can’t really compare them. You should have seen Linux 15 years ago, Linux is a walk in the park compared to then. Complaining so much about opensource and free software, have you contributed to any opensource projects or have you donated to any opensource projects? I haven’t come across a game that I haven’t been able to play since the launch of Proton and I wouldn’t want to play a game with kernel level anti-cheat anyways. I think you should just stick to Windows since Windows is perfect and without flaws in your eyes. I’ll just stick to Linux even though it isn’t perfect but still good and a better choice than Windows because of the freedom it gives you.

That’s quite bold and generalized statement regarding secure boot.
Theoretically it can protect you from certain attack vectors, for example malware that infects bootloader.

As a concept secure boot has many upsides, but the way it has been implemented provides more drawbacks than upsides, imho. Secure boot can also be used to vendor lock hardware and limit ways user can use their own PC.

Whether secure boot provides any real security benefits is up to an argument and should be considered in relevance to your use case and threat assessment.

Secure boots benefits in Windows environment is not directly comparable to Gnu/Linux.

@MaximalLinux thanks for your suggestion.

It is interesting what Solus is doing by using a generic signed shim.

We don’t current have anything like that planned but it is possibly something that may be looked at in the future.

Since secureboot tends to be a controversial subject which people are very passionate about, I am going to close this topic for now.