To be honest, disabling secure boot is the first thing I do with a new computer 
Just to say that I never know what happens when secure boot is on
It is all in the extensive documentation given by Rod Smith.
Just remember that the shim only contains the certificate for one distribution. You have to onroll the certificate for the other distributions.
If you wish to use secure boot with fedora and using akmods to build your kernel modules then this is the best source I have found for how to sign the modules and enable booting with them.
https://rpmfusion.org/Howto/Secure%20Boot
Note that after doing the steps there, the currently installed modules will still not be signed because they have already been built.
The way to continue and have the signed modules available for the currently installed kernels is to
-
sudo dnf remove kmod-nvidia
to remove the unsigned modules. -
sudo dnf reinstall akmod-nvidia
which should build and sign the new modules. - wait at least 5 minutes for the modules to finish building then reboot so the newly signed modules will be loaded. During this boot, enter the bios and enable secure boot then everything should be working normally with secure boot enabled.
I plan to install Microsoft Windows 11, making it a triple boot.
Just a bit of advice.
Do not install windows in any form on a system that already has operating linux installs since it will wipe out the efi partition for linux.
If you install windows after-the-fact, you should first disconnect all the linux drives and install windows on a new drive, then recover linux after reconnecting the drives. It still will require some manipulation of grub to enable triple booting with fedora, debian, and windows.
Also worth reading is this file already on your system /usr/share/doc/akmods/README.secureboot
1 Like
My dear friend, I really appreciate it…
What did you mean by “wipe out”? The way you put it sounds so scary…
What is “after-the-fact”? Please explain.
What if I have only one drive?
I also have Windows, but with secure boot disabled
Exactly what I said. Windows install will remove an existing efi partition and create its own new efi partition, which will then necessitate an excrutiating recovery process to recover the existing linux installs.
After the fact – after you have an installed and functioning linux system then you decide “after the fact” to install windows. You are installing windows after you have already installed linux and recovery will be painful.
The normal and painless way is to install windows first then install linux to dual boot second or third or later. Linux does not destroy a windows install, but windows will most often destroy booting for a pre-existing linux install.
I have assisted a couple times in recovery with a windows install done after the linux install and it is not easy, though it is possible.
This thread is one where recovery was necessary after a windows (re)install and did succeed.