I should preface the following by saying to the OP - Ray, if you wish, I can carve off everything from #2 onwards to a new thread with ownership of that to Brian
@Condobloke - since he started the debate with his questions.
That would allow you to have this tutorial back in a concise format, although I suggest you may wish to add a line or two, if you follow my reasoning below. I will leave that to you.
In
my environment, I run currently, 70 Linux distros, from 4 "Families" - RPM, Debian (includes Mint and Ubuntu), Arch, and Gentoo.
I installed all of these with my BIOS settings on this Dell set to
not have Secure Boot on. I have not used Secure Boot since 2014, when I had Windows 7 (which did not have Secure Boot, it came in with Windows 8).
When my late wife and I bought two new laptops in 2015, they had Windows 8, I did my research on Secure Boot and blew away both sets of Windows and installed Linux, without Secure Boot.
In mid-2019, we purchsed two identical Dell Inspiron laptops with Windows 10 on them, and it was rinse and repeat on mine. With hers, I left Windows on it, but I installed a then current Linux Mint for her to work from. I do not recall if I left Secure Boot on her computer.
In any event, after she passed away in May 2022, I moved into the study and onto her laptop when the Australian winter chill was making it too cool in the garage for my aging bones, and promptly blew away Windows 10, dismantled Secure Boot, and used Timeshift to restore all the garage Linux distros to the Dell in the study.
YESTERDAY
I decided, following reading the posts at this thread. to enable Secure Boot and see what happens.
If you have read those links I provided, you will see, in part
Administrators can use a Linux distribution in a Hyper-V VM as long as the
digital signature of the distribution's boot loader corresponds with a cryptographic key in the UEFI firmware. Currently, the following Linux versions can use Secure Boot in Hyper-V generation 2 VMs:
- CentOS 7.0 and later.
- Debian 7.0 and later.
- Fedora version 18 and later.
- OpenSUSE version 12.3 and later.
- Oracle Linux 7.0 and later.
- Red Hat Enterprise Linux (RHEL) 7.0 and later.
- SUSE Linux Enterprise Server (SLES) 12 and later.
- Ubuntu 16.04 and later.
I was surprised not to see Arch there.
For me, enabling Secure Boot required three (3) steps -
Turning off Legacy Support
then turning on Secure Boot
AND
I also enabled PTT - Platform Trust Technology, some people may know this as CSM - Compatibility Support Module.
It is this last step that I alluded to Ray earlier with
...although I suggest you may wish to add a line or two, if you follow my reasoning below. I will leave that to you.
As I understand it you need to have that PTT/CSM option switched on if the user wishes to have the ability to dual-boot Windows alongside of Linux.
After saving the changes to the BIOS, I rebooted.
How did I go?
Dismally, I am afraid.
My Fedora boots.
My Ultramarine (based on Fedora) boots. So I can speculate that Nobara (also Fedora-based), and other RPM-based distros such as CentOS and similar will work.
As for my other 68 distros?
My hands were a little unsteady but that says
"bad shim signature
you need to laod the kernel first"
Obviously it would be a nightmare for me to have to rebuild my stable, reinstalling distros (if they installed) under Secure Boot conditions, so I won't be using Secure Boot.
Cheers
Wizard