Secure boot protects your system from bootkit attacks by signing the boot loader with a key, ensuring that only authenticated software is executed. Do you know where this key comes from? Why is it that the first step in every Linux installation tutorial is to ask you to disable secure boot, and then nothing else? This talk takes you from the UEFI start, through the secure boot to the Linux kernel loading, and introduces you to the open source world of how to get out from under the control of the evil corporations through the machine owner key, and use your own key to sign your own boot loader and kernel. Booting into an operating system is the first step to success, and there are many more security mechanisms that can be enabled besides secure boot. Full disk encryption prevents people from stealing your computer and reading its contents directly, but there are some limitations in the boot loader’s support for full disk encryption, and an in-depth analysis of grub reveals that it doesn’t have write-on-file behavior. This article will also introduce how to view these advanced security settings in Linux through tools, and share the experience of using LLM to analyze the code during debugging, and trace the kernel all the way back from the GNOME desktop. (Notice: The English content is automatically translated and may contain inaccuracies or misinterpretations. Please refer to the original version for the most accurate information.)