diff --git a/profiles/ManuSurface/Arch/install.sh b/profiles/ManuSurface/Arch/install.sh
index 122baaf3..3cd193e3 100755
--- a/profiles/ManuSurface/Arch/install.sh
+++ b/profiles/ManuSurface/Arch/install.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 pushd "${BASH_SOURCE%/*}" > /dev/null;
 
+. "../../../scripts/Arch/Conig/SecureBoot/install.sh";
 . "../../../scripts/Arch/Devices/SurfaceBook2/install.sh";
 . "../../../scripts/Arch/Software/sddm/install.sh";
 . "../../../scripts/Arch/Config/ssh-agent/install.sh";
diff --git a/scripts/Arch/Config/SecureBoot/install.sh b/scripts/Arch/Config/SecureBoot/install.sh
new file mode 100755
index 00000000..e9cea228
--- /dev/null
+++ b/scripts/Arch/Config/SecureBoot/install.sh
@@ -0,0 +1,18 @@
+#!/bin/bash
+EFI_BOOT_DIR="${EFI_BOOT_DIR:-"/boot"}";
+BOOTLOADER_ID=${BOOTLOADER_ID:-"Arch"};
+bootNum="$(efibootmgr | sed "/$BOOTLOADER_ID/{ s/^.*Boot\([[:digit:]]\+\)\*.*$/\1/; p; }; d")";
+
+echo $EFI_BOOT_DIR;
+
+yay --noconfirm -Syu secureboot-grub;
+sudo efibootmgr --delete-bootnum --bootnum "$bootNum";
+
+sudo sed -i \
+    -e "/esp=/{" \
+        -e "a esp=\"$EFI_BOOT_DIR\"" \
+        -e "d" \
+    -e "}" \
+    /etc/secureboot.conf;
+
+sudo secure-grub-install;