Currently, Secure Boot can be enabled on NixOS with lanzaboote; it’s a fairly straightforward process. Work to get it upstreamed is still on-going though, which you can follow here.
1 Like
Fedora seems to be running to keep up as well
2 Likes
I guess with this information the question of the topic becomes irrelevant once all the distros recommended even if not having a strong or complete secure boot implementation or an out of the box functionality they are with some sort of secure boot involvement and therefore this will be marked as the solution.
Thank you all for the contributions. The discussion really helped me to learn a few things.
What about using CA certs instead of shims?