Enable Secure Boot on Pop!OS Linux on Surface Pro

I'm surprised that there's not a single guide talking about this, even within pop!os community. They just blame systemd-boot for the reason behind it and just call it a day.

Meanwhile, I managed to enable Secure Boot in Pop!OS Linux on my Surface Pro 2017 thanks to the guide hidden beneath a single SuperUser post. There's some adjustment I have to make.

Main Goal for achieving this

• Has nothing to do with security
• Remove that ugly red bar whenever you boot to linux
• Won't bother to install refind or some other uefi boot manager.

Assumptions

• You have freshly-installed Pop!OS
• You don't have any important data inside your system
• You haven't fuck around UEFI boot manager ( other than changing boot order)
• You have Secure Boot disabled
• You have turned off Bitlocker on Windows
• You know that Secure Boot only hardens Windows Security and just want to get rid of that ugly red bar.
• You haven't delete Windows Boot Manager from UEFI boot manager

Here's the guide

• Download PreLoader.efi and HashTool.efi from linux foundation
• Mount efi boot directory ( default: /boot/efi/ )
• Make a backup file for systemd-bootx64.efi on /boot/efi/EFI/systemd/
• Copy and rename PreLoader.efi to /boot/efi/EFI/systemd/systemd-bootx64.efi
• Copy HashTool.efi to /boot/efi/EFI/systemd/HashTool.efi
• Poweroff
• Enable Secure Boot and set 'Microsoft & 3rd Party CA'
• Restart and you will be greeted with PreTool boot not finding loader.efi, this is normal.
• Press OK and install new Hash from ../Pop_OS-*UUID_string*/vmlinuz.efi
• Reboot System

Essentially, I just ignore the original systemd-boot.efi and just make Preloader target Pop!OS' vmlinuz.efi instead. Didn't I mentioned before that this setup has nothing to do to increase security? Now enjoy your boot without the annoying red bar.