Manjaro Linux

Can I install Manjaro with Secure Boot

Secure boot or SB is a verification technique that is utilized for ensuring the code released by a system’s Unified Extensible Firmware Interface (UEFI) firmware is trusted or not. Before an operating system starts working, the secure boot prevents a computer from loading and executing harmful malware early in the boot process. It relies on cryptographic checksums and signatures to perform its functionality.

When firmware loads a program, it has a checksum and signature, and when you want to execute it, the firmware validates both the signature and the checksum to ensure that the application is trustworthy. Any attempt to run an untrusted program will be blocked when secure boot is enabled on a system. This action does not permit unauthorized or unexpected programs from running in the UEFI environment. Now, let’s move towards the discussion of the main topic.

Can I install Manjaro with Secure Boot

No, you cannot install Manjaro with the secure boot as it is not supported by default. If you want to boot your Manjaro kernel with the secure boot, it must be signed using a Microsoft License, which most Linux users are unlikely to do. Also, there are no major benefits of enabling secure boot on Linux-based systems such as Manjaro other than offering a good feeling of security from the user’s perspective.

Secure boot is neither supported by Arch nor Manjaro. However, this statement does not mean that you cannot sign the boot image yourself. To do so, you can check out the Unified Extensible Firmware Interface/Secure boot documentation.

Linux commands to check boot status

For checking out the boot status of your Manjaro system, you can utilize the below-given command:

$ bootctl status

On our Manjaro system, we have not enabled secure boot; that’s why the below-given output shows system boot status as “Not booted with EFI“. In the other case, you will see the information related to the setup mode, firmware, secure boot:

The following command can also be used for checking if the machine was booted with Secure Boot or not:

$ od --address-radix=n --format=u1 /sys/firmware/efi/efivars/SecureBoot*

The execution of the above-given command will return “1” if your Manjaro system is booted with secure boot enabled. In the other case, it will show that no file or directory exists related to the secure boot in Manjaro firmware files.

Secure Boot is a security feature that prevents malicious code and applications from being loaded and executed early in the booting process before the operating system gets started. This action assists in avoiding malicious software and keeping control over a system to hide its presence. You cannot install Manjaro with secure boot, as Manjaro Linux does not support secure boot by default. However, by following the UEFI guide, you can do it by yourself.

About the author

Sharqa Hameed

I am a Linux enthusiast, I love to read Every Linux blog on the internet. I hold masters degree in computer science and am passionate about learning and teaching.