Dual‑Boot Pop!_OS 24.04 + Windows 11 with SecureBoot

Enable SecureBoot with default options.
Wait for Windows installation normally.
After windows setup finishes, enter in BIOS and complettly disable secure boot.
cleanup all SecureBoot keys from BIOS, disable plataform key injection and then disable SecureBoot, be sure all keys are delete before continue.
Install PopOS normally.
After PopOS setup finishes, ensure that the boot order in bios is setted to firstly boot to the disk used to install PopOS not to the system partition.
Boot into PopOS and install/reinstall shim-signed, mokutil and sbctl.

check sbctl status, u should see something like:

# sbctl status
Installed:   ✘ Sbctl is not installed
Setup Mode:  ✘ Enabled
Secure Boot: ✘ Disabled

Setup the sbctl, sbctl setup --migrate
Check if keys are created with sbctl status, if not, create it sbctl create-keys
After keys creation, enroll the keys sbctl enroll-keys ---microsoft
Sign the EFIs, use sbctl verify list all entries, os-probe can help too, and sbctl sign -s <file> to sign.
- /boot/efi/EFI/Pop_OS-6e009c73-3743-49b8-8204-10494b681a60/vmlinuz.efi
- /boot/efi/EFI/Recovery-742A-6D9F/vmlinuz.efi
- /boot/efi/EFI/systemd/systemd-bootx64-signed.efi
- /boot/efi/EFI/systemd/systemd-bootx64.efi
- /boot/efi/EFI/BOOT/mmx64.efi
- /boot/efi/EFI/Microsoft/Boot/bootmgfw.efi

Edit DKMS config file /etc/dkms/framework.conf, to setup mok keys

mok_signing_key=/var/lib/shim-signed/mok/MOK.priv
mok_certificate=/var/lib/shim-signed/mok/MOK.der

Disable sbat policy sudo mokutil --set-sbat-policy delete
Install MOK certificate sudo update-secureboot-policy --enroll-key, it will ask for some password, this will be used in the MokManager screen in the next step.
Reboot, u should see MokManager screen, enroll the key, u will bee asked for the password from the previous step, reboot again.
After PopOS bootup, check if keys was enrolled, mokutil --list-enrolled, if don't, try to import the shim key again, mokutil -i /var/lib/shim-signed/mok/MOK.der

aschiavon91/popos+win11_secureboot.md