Why does my bootmanager only with with secure boot disabled?

I used arch linux. I used either grub and systemd-boot. With secure boot enabled, it will only flash a black screen. When secure boot is disabled my computer loads fine.

Why is this?

Linux requires secure boot to be off, right in the base of Linux this happens, even in the most lightweight version. I’m not a software developer so I have no clue.

Not all versions of Linux

Secure Boot relies upon a digital certificate signed by Microsoft to establish Root of Trust

A few distros have such certificates, such as Debian, Ubuntu, Fedora, RHEL and OPEN Suse

You should be able to generate your own MOK,enroll this to the bios and use this to boot your self signed kernel if you desire to boot into your custom kernel, using your own keys.

In some linux distro even with older kernels such as RHEL, CentOS, Almalinux and Rocky, UEFI and secure boot is no longer an issue.

You can follow the steps here:

To enable secure boot for arch. The gist also sets up other things which you can optionally use (or not). I have secure boot running successfully for Manjaro using this idea. Unfortunately the boot entries get messed up every kernel update so I have this script:

set -ex

pacman -Syu
sed -i 's#linux.*$#efi     /EFI/Linux/5.14-x86_64-signed.efi#' /boot/loader/entries/manjarolinux5.14.conf
mkinitcpio -P

to fix the EFI/ path for the bootloader.

My sbupdate.conf settings look like this:




EXTRA_SIGN=('/boot/EFI/BOOT/BOOTX64.EFI' '/boot/EFI/systemd/systemd-bootx64.efi')
CMDLINE_DEFAULT="initrd=\amd-ucode.img initrd=\intel-ucode.img initrd=\initramfs-5.14-x86_64.img root=UUID=692da64a-1de3-4554-ac67-2ac60e5107b3 rw rootflags=subvol=/@ cryptdevice=UUID=afff539f-cc12-4fbc-988e-d616b8776fa0:defloofed quiet mem_sleep_default=deep splash"
1 Like