Secure boot on Fedora Spin?

Hi. I had some problems with my workstation. Im using Windows 11 with Secure boot and i want to dual boot with Fedora. But i really dont like Gnome. Tried to install Fedora KDE, but noticed problems with secure boot. Any advice?

1 Like

There shouldn’t be any difference for secureboot between Workstations and KDE. They’re the same kernel and bootloader. Can you please be more specific about the problems you encountered with secureboot?


Basicly, i have not problem with the regular workstation. But while trying to boot with KDE version, secure boot jumped to my face and i couldn’t boot. Had to switch to another distro. But wanna come back. I can try again but… Im pretty sure i didnt screw anything.

1 Like

This is not very informative.

What exactly did you see that told you it was secure boot interfering?
What happened that it did not boot?
Did you install the fedora kde spin or use some other method to try and start kde?

Did you boot from the live fedora kde spin image then do the install? or install it in some other way?

Did it install and boot properly then after installing something else it failed to boot?

All these are possibilities, but without your description we really cannot tell what you are interpreting as secure boot preventing a system boot.

1 Like

Sorry about that.

This “invalid signature detected” is my problem. I never could boot. I installed Fedora KDE (the spin one, didnt try anything weird like changing my DE). Fedora KDE Plasma Desktop
And yes, I used the live CD to boot the first time, installed from gui installer and then rebooted.

Then, when my instalation finished, reboot into that error. I cant select Linux on the bootloader. It jump direct to Windows.

1 Like

Fedora inherits Microsoft EFI secure boot key through Red Hat (old story about Intel, initial developer of EFI on Itanium hardware, Debian, Red Hat and FOSS). Dual booting W11 with anything is a mistake as Microsoft uses extensive telemetry relying on EFI and TPM 2.0 for obvious security reasons as Windows Enterprise edition is the mainline operating system of many corporate systems similar to users of Red Hat Enterprise Linux. Best advice … use different devices, Fedora catalogue has a lot of closed source drivers allowing use on modern hardware.

Using only Fedora on original Microsoft Surface Go, tiny device with Microsoft Edge using OneDrive and Office online … dual booting is an old idea promoting use of Linux, now mainline operating system on HPC clusters.


I’m afraid none of this is factually true. it’s perfectly fine to dual boot Fedora (or other Linux distributions) with other operating systems (Windows/mac/other Linux distributions).

Let’s please try to help the users on the forum with their specific issues by keeping our comments strongly related to the issue at hand.


That’s very interesting that it happened on the KDE one and not Workstation, since it’s the same kernel and keys. One thing you might try is running sudo fwupdmgr update and seeing if there’s a UEFI store update available. Note that running this will require a reboot, but it might fix the issue if your BIOS has outdated key definitions.

Thanks for ur help. How can i use that? i mean, the bootloader jump directly to windows, i cant access to linux (if secure boot is not allowed). I can try to disable it, use the command and enable it again. Is any other way? just in case.

I would appreciate it if you could read my post Dual boot with Microsoft Windows 11: Workaround for two bugs in Fedora 37 Everything installer

I have some questions for you. They are:

  1. What is the OS build of your installed Microsoft Windows 11? Mine is 22621.819 after applying the latest November 2022 updates.

  2. What is the version of Fedora KDE that you were trying to install unsuccessfully? Is it Fedora 34, 35, 36 or 37 version of the KDE desktop?

  1. What is the name of the other distro that is working without problem with Secure Boot?

I agree with you on this point. But how many of us can afford to buy two laptop or desktop computers, one dedicated to Linux while the other is dedicated to Microsoft Windows? Of if I am using a third distro such as OpenBSD, I would have to buy three computers/devices, one for OpenBSD, the second for Linux and the third for Microsoft Windows.

What if I am a digital nomad or need to attend an international conference hosted in a different continent? It is impractical to lug along three different laptop computers with me when I travel from one country to the next or from continent to continent.

That one is important because shim and grub2 that came with the older versions has been blacklisted due to the boot hole vulnerability.

Which is the last version of Fedora that has the boot hole vulnerability? I am asking it because I am not a regular user of Fedora.

Ok, first. THANKS a lot. I understand what Marko said and i agree. But i cant just install linux in a different computer (in this moment). But i will in the future (i hope soon).

Now: My windows 11 build is 22000.1219. All the updates apllied. Not 22H2.
I tried to install Fedora 37 KDE (BETA). Now it is officially out, maybe i can try again with the new ISO?
My current distro is Linux Lite. It worked out of the box.
I could boot on Linuxmint, ubuntu (i really dont like ubuntu tbh) and OpenSuse. But ye, now im on Linux lite.
Thanks again. Im downloading the new Fedora 37 KDE ISO.

I don’t know exactly; it got fixed about a year ago or thereabout. It seems, though, that this issue is not relevant here as booting from the LiveUSB would also have faled, I would guess.

Let us know the status/progress of the installation of Fedora 37 KDE.

By the way, can I assume that Microsoft Windows 11 is the first OS that is installed on your computer?

I mean, i had Windows 10 and it uploaded to 11. And now i wanna go back to Windows 10 tbh. Probably one of the worst editions of Windows (11)

Ok, problem solved. Thanks you so much everyone. The problem was simple, im dumb. Fedora 37 was in BETA, thats why it didnt work. Now it is working great. 0 problems now.


Microsoft with W10 and Azure cognitive services began to use aggressive telemetry to secure ressources being effectively important as targeted towards corporate users with Enterprise edition. Going further with W11 so if you use your device just twiddling around it can work, anything else using Azure ressources you will probably be kicked out. This includes T-SQL … nothing against open source, Microsoft implementation allows different analyse and tweaking.

Fedora is a spin of Red Hat Enterprise Linux linked to IBM Cloud … same target, same audience, … Windows Enterprise edition and RHEL have similar licence agreement, Azure and IBM Cloud similar pricing agreement … one or the other brings you close and I’m not sure that Red Hat likes dual booting.

When you make such a statement, please be sure to link in the source so others may see where that statement comes from. Without a source such statements are purely conjecture with no backing facts.

Additionally your post seems a bit off topic. Please make your posts on-topic and relevant to the discussion.

1 Like