So, Secure Boot for Windows is basically a mode of running your system that cryptographically links your Windows OS to the BIOS/UEFI… and the way that this works is almost always incompatible with a dual boot setup that includes Linux… maybe unless you have literally physically distinct harddrives/ssds/microsd/usb drives that each OS lives on?
The Steam Deck does not officially support Windows Secure boot.
Because…
Basically, Secure Boot means that … no other OS is allowed to boot.
That’s what ‘Secure’ means, to Windows/MSFT.
There are basically workaround hacks to attempt to get Win 10 Secure Boot working on a Deck, but they are not official, unsupported, could break at any time with any Windows update.
…
So yeah, you cannot do a Win 10 + Linux dual boot where that Win 10 boot is also ‘Secure’, at the same time.
If you start with a dual boot config, and then manage to enable secure boot for Win 10… chances are very high that Win 10 will then reconfigure your boot config to disable dual boot, it’ll wipe out GRUB, and now your linux stuff … is still there, but you can’t access it.
…
This isn’t really a direct answer to your question, but MSFT and … more or less, everything it touches, hardware, software… have been making it harder and harder to successfully dual boot Windows and Linux for over a decade now.
If you or others in this thread somehow can figure this out, in a reliably stable way, well, that’s honestly impressive…
But imo, it isn’t worth the effort.
Any game update, or Windows update, or Mobo firmware level BIOS/UEFI update… could blow up your entire solution, because your entire solution basically by definition is actually going to be a hacky workaround that tricks Win 10 into thinking it is Secure Boot mode, when it actually isn’t.
MSFT really, really wants you to use its virtualized version of linux (WSL), or run a linux VM, but keep everything on bare metal Windows.
…
All that being said:
github.com/ryanrudolfoba/SecureBootForSteamDeck
You may or may not be able to get this to work, but absolutely back up your entire linux system and every personal document and file and program on it, back it up to another physical drive of some kind before you do it, as you should expect more or less catastrophic failure if anything goes wrong, like fucking up a ROM flash of a smartphone.
Kazumara@discuss.tchncs.de 2 days ago
Of course it has Secure Boot, that’s a required part of the UEFI spec. “Windows Secure Boot” is not a thing.
No it means only EFI files that are signed with a known key are loaded. I use secure boot to load my signed GRUB.
What the Steam Deck doesn’t have is the Microsoft signing keys pre-installed in its factory state. If you buy other computers or bare mainboards they usually have this.
sp3ctr4l@lemmy.dbzer0.com 2 days ago
Part 1:
Yep. The Deck and SteamOS have Secure Boot.
I never said they did not.
I said:
Not sure if you struggle with reading comprehension in English, but when you read all of this, together, it is obvious that I am saying that the Windows specific implenentation of Secure Boot is exclusionary, only works with Windows.
This is true, by default, unless you do a bunch of other extra work, which is easy to fuck up and likely to fail at some future point, because the way Windows ‘does’ Secure Boot is very different from how basically every other OS does, and will constantly change in subtle and esoteric ways that often result in a user being unable to access any other OS than Windows.
Windows Secure Boot is thus functionally a distinct thing, even if Windows/MSFT act otherwise and insist on confusing and obfuscatory terminology… which they have a long track record of doing with basically all of their software and related nomenclature, for decades.
Part 2:
Yep, which is why I described that in layman’s terms by saying:
Yep, you can do some extra bullshit, and it might work for a while, untill a new Windows update of some kind rewrites your UEFI config, requires some new arcane dependency setting or config of some kind, which then will lock out your non Windows OS.
Yep, other Mobos often come with everything preconfigured for Windows and their specific implenentation of Secure Boot.
The Steam Deck doesn’t, and that is what we are talking about.
Also, its entirely possible and even common for dual boot and linux users to either intentionally or unintentionally wipe out those Windows EFI files, alter the crypotgraphic signing process in some other way, and then you run into this same problem on other Mobos.