I know that it's possible to full install a linux distro on an external drive or a USB flash drive. But with Windows 11 and secure boot, things start to get more difficult: I'd like to have a full install USB because I need persistence, encrypted drive and a password for admin privileges, but I need also to boot from this USB drive from different PCs, notebooks and desktops, with both legacy and UEFI BIOS. Before Windows 11, I could do it with almost no problems, but now I need to boot into Windows 11 (which requires secure boot enabled) and from the linux USB drive, and it's unthinkable that every time, I have to access the bios and enable/disable the secure boot to switch OS. Is there anything I can do?
1
-
Unless you need to load unsigned drivers Secure Boot has no impact whatsoever.– ChanganAutoCommented Nov 24, 2021 at 10:09
Add a comment
|
1 Answer
Microsoft provides a signing service that Linux distros can use, allowing them to boot on most Secure Boot-enabled PCs.
The catch here that this Microsoft signing key needs to be recognized by the manufacturer of your PC, but most PC manufacturers do install this Microsoft key by default.
Modern versions of Ubuntu, Fedora, openSUSE, and Red Hat Enterprise Linux should all just work without disabling Secure Boot, but this field is in constant evolution from year to year.
However, third-party drivers that were not signed with the Microsoft signing key will not load when Secure Boot is enabled. You will need to sign them manually using the provided tools.
For details see UEFl/SecureBoot - Ubuntu Wiki.
