Our great sponsors
-
SecureFakePkg
Simple EFI runtime driver that hooks GetVariable function and returns data expected by Windows to make it think that it's running with secure boot enabled (faking secure boot)
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
fully custom keys and signed windows bootloader Remember it can cause to unbootable or even bricked motherboard if you do it without --tpm-eventlog option. It's because of OpROMs you can read more about it here. Then you can sign windows bootloader with sbctl and it should work fine. I have such setup with sbupdate
In theory last method is most secure as it rely only on your generated keys but remember for secure bootchain everything need to be secured so both your arch installation and windows. If you are doing it just to have secure boot on inside windows not secure bootchain then I would go for shim or the fake secure boot (not tried but sounds fun so worth mentioning.