This document discusses Secure Boot and its implementation for Linux distributions. It begins by introducing UEFI firmware and Secure Boot, which verifies that only signed operating systems load. It then outlines the solution used by SUSE, which involves expanding the shim loader to give users freedom and flexibility by supporting enrollment of user-generated keys. The document concludes by detailing the various components like the kernel, bootloaders, build systems, and user tools that would need to be adapted to fully implement Secure Boot support for a Linux distribution.