Jump to content

Linux install and Windows TPM / secure boot?

Mark Kaine
 Share
Go to solution Solved by Eigenvektor,

You can enable TPM, that won't prevent Linux from being installed or boot. So I wouldn't touch that one, just in case it holds encryption keys or other secrets you still need.

 

Enabling secure boot on the other hand prevents most Linux distributions from being installed, since secure boot doesn't like their boot loader. There are ways to sign a Linux boot loader to make it work with secure boot, but haven't so far bothered to do it myself.

 

Thankfully Windows 11 only needs an UEFI that is secure boot capable. You can actually leave it disabled and still dual boot Windows 11.

 

The only reason you might be forced enable it is, if you play games like BF6 that insist on it being enabled. I don't play these types of games, hence why I never really bothered looking into signing a boot loader myself.

Posted

So I'm about to install bazzite, however one last thing scares me, I want to turn off TPM and secure boot in BIOS before installing, I'm pretty sure that won't make issues with installing Linux, however what if I want to go back to my old Windows install? I'll be using seperate drives and also remove any windows drives before installing, but who tells me it won't ask for a "TPM key" or something at this point, afterall that's the main reason for tpm/secure boot, to lock your hardware permanently to a windows install (to my understanding)?

 

Encryption is off btw (I know that would make issues)

 

So anyone actually did this? No issues with secure boot etc after moving back to windows? 

The direction tells you... the direction

-Scott Manley, 2021

 

 

Link to comment
https://linustechtips.com/topic/1629190-linux-install-and-windows-tpm-secure-boot/
Share on other sites
Link to post
Share on other sites
Posted

You seem to confuse a lot of things. Tpm is not a key. It’s a module that holds things like bit locker encryption key.
 

if you don’t have bit locker enabled then you don’t even need TPM enabled.

 

Secure Boot is a bootloader signature checking utility. It won’t let your bootloader use unsigned drivers or unsigned binaries.

 

TPM is a key storage that keeps things like Bitlocker key inside so that user won’t have to unlock their boot drive every time they turn their pc on.

 

TPM and Secure Boot has no correlation whatsoever.

mY sYsTeM iS Not pErfoRmInG aS gOOd As I sAW oN yOuTuBe. WhA t IS a GoOd FaN CuRVe??!!? wHat aRe tEh GoOd OvERclok SeTTinGS FoR My CaRd??  HoW CaN I foRcE my GpU to uSe 1o0%? BuT WiLL i HaVE Bo0tllEnEcKs? RyZEN dOeS NoT peRfORm BetTer wItH HiGhER sPEED RaM!!dId i WiN teH SiLiCON LotTerrYyOu ShoUlD dEsHrOuD uR GPUmy SYstEm iS UNDerPerforMiNg iN WarzONEcan mY Pc Run WiNdOwS 11 ?woUld BaKInG MY GRaPHics card fIX it? MultimETeR TeSTiNG!! aMd'S GpU DrIvErS aRe as goOD aS NviDia's YOU SHoUlD oVERCloCk yOUR ramS To 5000C18! jellYfIn Client siDE TRanscoDinG

Link to post
Share on other sites
Posted
  • Solution

You can enable TPM, that won't prevent Linux from being installed or boot. So I wouldn't touch that one, just in case it holds encryption keys or other secrets you still need.

 

Enabling secure boot on the other hand prevents most Linux distributions from being installed, since secure boot doesn't like their boot loader. There are ways to sign a Linux boot loader to make it work with secure boot, but haven't so far bothered to do it myself.

 

Thankfully Windows 11 only needs an UEFI that is secure boot capable. You can actually leave it disabled and still dual boot Windows 11.

 

The only reason you might be forced enable it is, if you play games like BF6 that insist on it being enabled. I don't play these types of games, hence why I never really bothered looking into signing a boot loader myself.

Remember to either quote or @mention others, so they are notified of your reply

Link to post
Share on other sites
Posted
  • Author
1 hour ago, Levent said:

Tpm is not a key. It’s a module that holds things like bit locker encryption key.
 

if you don’t have bit locker enabled then you don’t even need TPM enabled.

A TPM (Trusted Platform Module) key is a cryptographic key securely generated and stored within a dedicated chip on a computer's motherboard, protected from extraction, used for device authentication, data encryption (like BitLocker), and establishing a secure computing environment by binding digital identities to the hardware itself, with unique keys like the Endorsement Key (EK) verifying the TPM's authenticity.

 

(it can have more stuff tied to the hardware btw...as I said it's all made to tie windows to the hardware...)

 

 

35 minutes ago, Eigenvektor said:

You can enable TPM, that won't prevent Linux from being installed or boot. So I wouldn't touch that one, just in case it holds encryption keys or other secrets you still need.

Ok so I only disable secure boot, ig... 👀

 

The direction tells you... the direction

-Scott Manley, 2021

 

 

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Linux, macOS and Everything Not-Windows

×