Fedora 40 + and Secure BOOT

I recently read Fedora Magazine: Announcing Fedora Linux 41 Beta, Proprietary Nvidia driver installation with Secure Boot support. Fedora WIKI Secureboot, 13 February 2020, at 13:39 : “Secure boot activates a lock-down mode in the Linux kernel which disables various features kernel functionality.” What features? Should I care? Fedora 33 was out around this time.

I have a Dell Precision 3571 Laptop. I’ve had nothing but problems with fresh Fedora installs since Fedora 38 and with the Nouveau Drivers. They have caused extremely long boot times. The cooling fans were pumping out an extreme amount of heat. I installed NVIDIA drivers and all is good - I think.

My laptop came with with Windows 11 installed, but I pulled it’s drive out and wished to the corn field. Is UEFI & Secure Boot a MS Windows thing? I’d gladly turn them off if Fedora prefers. I want to be ready for Fedora 41. Should I turn off UEFI and Secure Boot and leave them off in BIOS before installing Fedora 41? Do I need to install the 3rd party repositories?

UEFI is a good thing - you want it on - its prefered by all modern OS.

Secure boot is up to you. Only issue is that when installing the nvidia drivers you must enrole a signing key in the UEFI BIOS.
This is covered in the rpmfusion nvidia docs.

Nouveau does have issues with newer GPUs, rpmfusion drivers are recommended.

As far as I know it turns off the abiltity to load unsigned drivers.

I would expect that if you have a working f40 install it will upgrade without issue to f41.

Run man kernel_lockdown and it will tell the details.
This one may be relevant if you want to hibernate the system

Unencrypted hibernation/suspend to swap are disallowed as the
kernel image is saved to a medium that can then be accessed.

a lot of us run with Secure boot enabled without problems. Just remember, if you install the nvidia driver, refer to https://rpmfusion.org/Howto/NVIDIA for how to do that.

Secure Boot is a low-level security feature. It makes sure that only EFI programs with the correct “signatures” can boot. This is actually a very useful feature. You can ensure that your EFI programs haven’t been tampered with to add, for example, a keylogger, because if the program is tampered with, it won’t boot unless you re-sign it.

UEFI is just how computers load operating systems nowadays. Think of it as BIOS 2.0. Most computers still call their UEFI firmware “the BIOS”, but it’s all UEFI and has been for years. (Apple’s been using a subset of UEFI [called just EFI without the U] since 2005 (until they switched to their own custom silicon), and Windows wasn’t far behind.) You should be using UEFI. Avoid booting in compatibility/old-style BIOS mode.

Secure Boot is more of an “if you want” thing, but (at least on my ThinkPad) installing and using Fedora with Secure Boot didn’t require any manual signing or fuss; it just works. I’ve never had issues that were caused by Secure Boot.

As for third-party repos, I do recommend RPM Fusion just for the codecs. (Disclaimer: I’m not a Red Hat employee, my opinion on RPM Fusion is my own and not that of the Fedora Project, etc. etc.)

Hmm… I’ve been studying German for a couple years. Ich spreche kein Fedora.

Off-topic, but I really should get back into learning Dutch. Dutch Is a very fun language.