I've been using Kubuntu and am now interested in trying out some Arch-based distros like Endeavour and CachyOS. However, I've noticed that these distros don't support Secure Boot by default, unlike Ubuntu, since Arch doesn't include that in its upstream support. I've never disabled Secure Boot before and find the manual configurations mentioned in the Arch Wiki a bit cumbersome. I've read that in some cases, disabling it could potentially mess up my laptop, especially with some brands like Lenovo. It seems easier just to turn it off completely. However, whenever I bring this up in forums, it often gets dismissed as a Microsoft ploy to block Linux installations, without really discussing what disabling Secure Boot means for security, particularly in a dual-boot setup. What are the real security implications of going this route?
1 Answer
Disabling Secure Boot can increase the risk of malware that targets the boot sector of your system. Without it, you might allow unsigned drivers and other software to run that could potentially compromise your system. Secure Boot ensures that only trusted software is loaded during startup, which helps protect your firmware and kernel from various threats.
True, but the chances of getting infected are often tied to user behavior. If you avoid sketchy downloads and remain cautious online, the risks from disabling it may not be as severe.