😂 So for last month or two I've been figuring out how to DIY make MX Linux work with Secure Boot, since distro doesn't support it natively; I've taken more heroic measures than usual because MX Linux might be the next Ubuntu, since that distro is on a significant decline in user-friendliness and quality...Open Suse Leap is okay...but more work to get multimedia codecs and Nvidia driver soft-repositories working. So after cross-reading many LONG tedious technical manuals including this snippet: https://forums.gentoo.org/viewtopic-...0-start-0.html 🤔. To further complicate things...if you read I used the read-only mount which doesn't work when doing any writes to part of 'non-violatile ram' of UEFI that has UEFI variables...and was the shallower learning curve - I spent a FULL two weeks on figuring out how to change the keystore parts of UEFI variables, which meant having to both preserve my 'factory default keys' -INCLUDING CRITICAL HARDWARE-RECOGNITION SIGNINGS BY ASUS, US OH and EVEN Microsoft keys- AND also 'appending' my own keys. To avoid bricking my UEFI firmware😱 possibly irreversibably I checked NOT once, NOT twice, but THREE times to assure that I saved a precise mult-file state of Platform Key store, Key-Exchange-Key store, database store and forbidden-database store! I vigilantly spaced out this triple-checking to make sure I actually clicked 'Save Secure Boot Keys' option like I had thought...since there would otherwise be HELL. Wait...it gets better I had to find an "aftermarket" version of efitools package, since the original distro package database didn't include this and only included efivar package - a day or two just to find that!😤 Finally I followed guide: https://wiki.gentoo.org/wiki/Sakaki%...ng_Secure_Boot. https://wiki.gentoo.org/wiki/Sakaki%..._efi-updatevar 😂. Then I had to spend a day googling about how to use these new enrolled keys and further figuring out more tedious command-line syntax of sbsign program! Also, I had to delete original PK key, to allow any key storage programming...disabling Secure Boot on ASUS-brand motherboards counterintiuvely doesn't unload keys!!!!!!😈 So, the moment came -drums rolling- to test out whether I passed to Secure Boot's satisfaction...with a dissappointing Secure Boot telling me that it detected an invalid signature...or SAW no signature -UGGGGGGH!😋-...a week or two went by and I read god-knows-how-many forum postings...guides...just to find that shim wasn't already signed by my enrolled Microsoft UEFI Certificate Authority key...even though it was originally made by Microsoft itself to allow linux users to have same Secure Boot protections from pre-boot environment malware while allowing a different-sig signed bootloader by distro -a firmware-level malware wouldn't care whether I run Linux, Windows or BOTH- https://www.standard.net/news/busine...3ef6edf73.html... so I got one package that explicitly says its signed and debian-signed distro-shipped Grub bootloader. A step forward, but then I got a 🤔cryptic error of Secure Boot forbids loading module from"...so back to googling...(this is starting to get tiresome by this point)...I try "grub --install --uefi-secure-boot" but same result came boot time...so then I tried looking up how to sign all 260 -was-it?- grub modules after I tried for a few hours😫 there to figure out if sbsign or a better signing program would allow me to mass-sign-in-a-batch! But no avail...so I was, crazy as it sounds, going to do a mind-numbing and physically exhausting task of repetitvely signing EVERY module-one-by-one!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! If only that would of worked cause now I have hit a brick wall for the last few hours...IT STILL BITCHES ABOUT IT SOMEHOW WANTS SIGNING MODULES!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!😪 So, I'm reaching out to the MX Linux forum...😂