Hi. I have Windows 11 Pro 24H2 installed with TPM and Secure Boot enabled. I want to set up a dual boot, but I would like CachyOS to support Secure Boot (since some games require it). I found something like this on the wiki:
If I understand correctly (though my English isn’t great, I use ChatGPT for translation), Secure Boot support is installed in GRUB, and then the kernel image and bootloader are signed. How do I sign the NVIDIA driver? My graphics card is an RTX 4060. Another question I have is whether I need to sign everything every time, or will this be done automatically, like after a system update? Please help and explain the topic. This is my first time setting up Secure Boot.
IIRC games like valorant requires secure boot to ensure that no unsigned drivers are loaded after boot. Unsigned drivers are usually used for kernel level cheats but then again only AFAIK only valorant does this
Not sure how dual booting affects it, but the wiki (which you linked) has clear steps how to sign the kernels. You have too turn secure boot of while you install Cachy, then after install you install sbctl, create and enroll the keys and sign the kernels with sbctl-batch-sign.
Then boot to bios and turn secure boot back on. sbctl will sign future kernel automatically
If you used the prebuilt modules from repos, you don’t need to think about it as it’s part of the kernel. If you’re using dkms, then dkms will sign it.