meetdilip
Adept
Do you enable secure boot? Does it actually help you somehow? What if we disable it? I am not able to boot from USB unless I turn the secure boot off.
nRiTeCh
Skilled
Better to let it be enabled...
ankushv
Adept
If you boot a secure boot enabled os , i.e. win 10/11 or Linux mint or Ubuntu it's best to leave the setting enabled . Some os ( older Linux versions ) do not support secure boot . Hence the option in bios to leave it off for these os to boot and run successfully .
meetdilip
Adept
Thanks. A few people told me otherwise. That is why I thought about asking it here.
Yeah I disable secure boot for multiple distro boot.
Even if it works initially I had faced an issue after installing virtualbox which install kernel dkms module which breaks secure boot.
Not sure about current situation but I don't bother.
Even if it works initially I had faced an issue after installing virtualbox which install kernel dkms module which breaks secure boot.
Not sure about current situation but I don't bother.
meetdilip
Adept
I had the same issue. Added the key and it works.
dvader
Disciple
On a personal system you can disable it. Secure boot restricts system boot from random bootable drives, only a signed EFI binary will be booted if enabled. You can however add a custom key and sign all your EFI binaries with it but that's extra work for no gain on a personal system. DC servers on the other hand enforce secure boot without fail.
J0sh
Recruit
If you're on Arch, you can automate it.
GitHub - andreyv/sbupdate: Generate and sign kernel images for UEFI Secure Boot on Arch Linux
Generate and sign kernel images for UEFI Secure Boot on Arch Linux - GitHub - andreyv/sbupdate: Generate and sign kernel images for UEFI Secure Boot on Arch Linux
github.com meetdilip
Adept
Not using Arch. Thanks 
dvader
Disciple
Not using Arch. Thanks
he/she is just excited to share.Yup, good to know you are learning about Arch/Use Arch. However, you can automate this in any Linux distro (BSDs and Windows too for that matter) it's a simple signing process.
kiran6680
Disciple
With security, one needs to think what one is securing against. Which threat are you protecting against? Typical threats to secure against are :
1. Loss of hardware : secure boot doedn't protect against it, theft can still happen.
2. Data becoming unavailable to oneself : someone can overwrite the disk drives by taking out of PC case/laptop. Secure boot doesn't help.
3. Data being read by unauthorised persons : disk encryption helps with it, not secure boot.
4. Install a Trojan in your regular OS: this can be prevented by disk encryption. Secure boot doesn't help particularly with it.
4a. A Trojan, completely replacing our original OS, but pretending to be the original OS: the criminal needs to be extremely smart and familiar to the victim to pull it off. And again, decide not doesn't help because it would include replacement of hardware.
5. Unauthorised use of resources e.g. network : a thief can abuse our home network by bringing in their own laptop, so secure boot doesn't help much.
1. Loss of hardware : secure boot doedn't protect against it, theft can still happen.
2. Data becoming unavailable to oneself : someone can overwrite the disk drives by taking out of PC case/laptop. Secure boot doesn't help.
3. Data being read by unauthorised persons : disk encryption helps with it, not secure boot.
4. Install a Trojan in your regular OS: this can be prevented by disk encryption. Secure boot doesn't help particularly with it.
4a. A Trojan, completely replacing our original OS, but pretending to be the original OS: the criminal needs to be extremely smart and familiar to the victim to pull it off. And again, decide not doesn't help because it would include replacement of hardware.
5. Unauthorised use of resources e.g. network : a thief can abuse our home network by bringing in their own laptop, so secure boot doesn't help much.
TEUser2K1
Adept
It's official: BlackLotus malware can bypass secure boot
The myth 'is now a reality'
BlackLotus, a UEFI bootkit that's sold on hacking forums for about $5,000, can now bypass Secure Boot, making it the first known malware to run on Windows systems even with the firmware security feature enabled.
Secure Boot is supposed to prevent devices from running unauthorized software on Microsoft machines. But by targeting UEFI the BlackLotus malware loads before anything else in the booting process, including the operating system and any security tools that could stop it.