Now that Matthew Garrett's shim is fully featured and publicly available, will Arch be implementing support for secure boot in the near future? For those who haven't seen the news yet: http://mjg59.dreamwidth.org/17542.html and http://mjg59.dreamwidth.org/20303.html give a pretty in-depth description of how to implement this distro-generic solution to secure boot. More technical details on the shim are available here: http://mjg59.dreamwidth.org/19448.html Finally, I found this OpenSUSE dev post pretty helpful in understanding how the MOKs work but it's not a necessary article to read: https://www.suse.com/blogs/uefi-secure-boot-details/ The only work necessary on the packager's part is using Peter Jones' signing tool to sign GRUB2, kernel modules, and the Arch Linux distributed kernel binaries with an Arch Linux "key" that the users would place into the shim's trusted key database. This isn't any more cumbersome than the current package signing procedures, and I think it would go a long way to be one of the first distributions to support secure-boot without having to fiddle with the UEFI. A final note: the shim currently only supports x86_64 machines and it's unknown if Garrett will ever work on a 32-bit binary. That, on top of the fact that Garrett won't be working on an ARM solution because of licensing issues, means that secure boot would simply be an Arch64 specific feature. I'd really like to hear the community's thoughts on this.