0

I've tried archboot, but no luck as I was stuck due to the plymouth missing. Now I want to try to install arch or nixos alongside Win 11. The problem lies in secure boot. I don't have spare linux to sign nixos or arch preliminary, so the question is: can I disable secure boot, boot into linux, and enable secure boot when I want to boot back to Win 11? My main worry is in secure boot regenerating keys after reenabling. I have some proprietary software in Win 11 that can be activated only certain amount of times. I am worried about it being wiped out if Secure Boot changes something.

Secure Boot does not regenerate keys/certificates, but on certain models of motherboards disabling Secure Boot can require deleting or disabling certificates. (I use ASUS Prime Z270-P)

I've tried to follow their guideline to disable Secure Boot. In BIOS, there is Boot menu in which there is OS Type. They've written you can change from Windows UEFI mode to Other OS and Secure Boot will be disabled. When pressing F10 and rebooting, this option goes back to Windows UEFI mode. And I even selected bootable USB as Boot Option #1.
Okay, there seems to be Boot Override option which I will investigate. And also my CSM is set to disabled. And maybe I should write NixOS as GPT instead of MBR. I'll test this.

After reading some articles, I've managed to boot into the NixOS from GPT formatted USB flash drive. First, I've disabled Fast Boot. Then I've moved NixOS to first boot option and disabled second boot option (Windows UEFI). Then I've changed Boot/OS Type to Other OS. Then instead of Save and Exit (F10) I've pressed on my flash drive in boot override. After confirming and rebooting, OS Type was saved in BIOS and I've successfully booted into NixOS.

Improve this question
8
  • Secure Boot would be useless if you could just bypass its protection. Secure Boot should not require you “regenerate” keys to enable and disable it. Why are you dual booting instead of using WSL or a VM? Secure Boot being enabled or disable should not have any effect on the activation status of installed software
    – Ramhound
    Commented Jun 26 at 19:26
  • Secure Boot does not “regenerate keys”.
    – Daniel B
    Commented Jun 26 at 19:43
  • @DanielB - On some motherboard in order to disable Secure Boot you delete or disable the certificate required for Secure Boot. This process often is confusingly worded in USFI.
    – Ramhound
    Commented Jun 26 at 20:32
  • @Ramhound I use ASUS Prime Z270-P. I want to dual boot because with WSL I can not try desktop environment Hyprland. Even kali-win-kex is not working properly all the time. I know that running in dual-boot won't magically solve all of that. And there is no Arch for WSL as far as I know. Okay, I will try to disable secure boot as long as it does not say me anything about deleting or disabling certificates.
    – Futman
    Commented Jun 26 at 21:11
  • @Ramhound the main idea is to: boot into bios -> disable secure boot -> boot into linux -> reboot into bios -> enable secure boot -> boot into windows -> everything in windows is intact
    – Futman
    Commented Jun 26 at 21:17

1 Answer 1

Reset to default
1

Solution for ASUS Prime boards:

  1. disable Fastboot setting in BIOS
  2. change OS Type to Other OS in Boot/Secure boot
  3. ( maybe press one time on boot override option choosing installation media )

Additionally, image should be formatted in GPT rather than MBR (to support UEFI).
And no, just selecting "Other OS" will not delete any keys, so good to go.

Improve this answer
2
  • 1
    It’s worth pointing out that GPT is required for Secure Boot. So indicating to use GPT is implied if you want to disable CSM. I am pretty sure that “Other OS” effectively disables Secure Boot on ASUS motherboards.
    – Ramhound
    Commented Jun 28 at 3:47
  • @Ramhound yes, "Other OS" does disable Secure Boot. Other options are mostly for information on setup for any in need.
    – Futman
    Commented Jun 28 at 8:47

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .