Has anyone here experimented with or had luck with building the grub bootloader with all required modules pre-loaded?
Reason I ask is that I dual boot Windows and a couple games I play require secure boot, but unfortunately when I switch back to Garuda I have to turn off secure boot, since the grub bootloader tries to load modules at runtime, which is against the secure boot policy.
After some research, it seems this can be avoided by baking those modules into the bootloader at build-time (grub-install or grub-mkstandalone). Before I consider messing around with the bootloader, was wondering if anyone else has tried this already.
I don’t have any experience with this, because I have always considered it an unnecessary constraint for me and especially a complicated and risky process.
However, the guide should be this: https://wiki.archlinux.org/title/GRUB#Secure_Boot_support
(especially 2.2.2 and the linked exemplary script, I’d say).
IIUC, setting up Secure Boot affects only bootloader installation.
AFAIK there shouldn’t be any pacman hook that would re-install grub during updates, but you should confirm this on your own system, inspecting your system’s hooks.
Nevertheless, from a Risk Management POV, IMO the risk to have issues from some software, hardware, or firmware malfunction seems too high for… playing games . It’s your own decision how you value your time in seconds lost and the profit and cost. You may forget this after reading .
Looks like my /usr/share/libalpm/hooks directory has a 99-grub-install.hook which invokes /usr/share/libalpm/scripts/garuda-hooks-runner grub-update, which invokes grub-install
Ok, maybe I’ll just stick with manually switching to secure boot on when I need to