Hello, basically the title. It is one of the newer cards and it is fedora 40 the distro.
You must log in or register to comment.
No. You can use either a Fedora distro or regular default vanilla Ubuntu. Both of these package managers have a special shim keys that are signed by a 3rd party program from Microsoft.
If you want to run anything else, you need to self sign your key for secure boot. Gentoo has killer documentation on how to do this. It doesn’t matter what distro you use. Secure Boot is outside of the Linux kernel. With Fedora, it is handled by their Anaconda system, (no relationship to the Python containers system by the same name).
For Fedora you can follow the RPM Fusion documentation or have a look to this guide
Looks interesting. A bit scary enrolling keys because i am scared of accidentaly deleting the default ones (unless i am being unreasonable)
The procedure is much hassle free than it looks. Keeping the secure boot on enrolled is a good practice. I read recently that Fedora was approving the sign automatically to be part of the gnome-software. So things may become even easier soon.
Not necessarily, but doing so will make your life alot easier, especially when it comes time to update the drivers.
By not necessarily, do you mean that I need to enroll keys?
The last time I had secure boot enabled on any of my systems was several years ago, but yes. At that time you had to enroll the keys both on the initial install and every update. It was such a headache for limited benefits (for me) that I just started disabling secure boot whenever I was setting up a system.
Things might have gotten easier, but I doubt it as he secure boot system is not really under the control of open source developers (for good reason) and the end user can really only choose whether it is enabled or disabled.
I am asking because I am looking to dual-boot with windows 11 which requires secure-boot afaik. I could disable it whilst switching (each os will be in it’s own drive with the corresponding bootloader) so any os will be on a different drive.
Should be doable either way, but swapping secure boot on and off may cause problems with Windows in your proposed setup. I would pick one and stick with it. I know Linux is compatible with secure boot, I just never bothered to learn how to work with it. If I remember correctly, every time a change was made to the kernel, the keys would need to be reenrolled. This includes whenever the Nvidia driver’s updated.
Might want to read up on secure boot.
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot
https://wiki.gentoo.org/wiki/User:Sakaki/Sakaki's_EFI_Install_Guide/Configuring_Secure_Boot
