diff --git a/pacman-hooks/Desktop/98-secureboot-grub.hook b/pacman-hooks/Desktop/98-secureboot-grub.hook
new file mode 100644
index 0000000..5482d49
--- /dev/null
+++ b/pacman-hooks/Desktop/98-secureboot-grub.hook
@@ -0,0 +1,13 @@
+[Trigger]
+Operation = Install
+Operation = Upgrade
+Type = Package
+Target = grub
+
+[Action]
+Description = Signing GRUB for SecureBoot
+When = PostTransaction
+Exec = /usr/bin/find /efi/ -name 'grubx64' -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key /db.key --cert /db.crt --output {} {}; fi' \ ;
+Depends = sbsigntools
+Depends = findutils
+Depends = grep
diff --git a/pacman-hooks/Desktop/99-secureboot-linux.hook b/pacman-hooks/Desktop/99-secureboot-linux.hook
new file mode 100644
index 0000000..0e0f8a9
--- /dev/null
+++ b/pacman-hooks/Desktop/99-secureboot-linux.hook
@@ -0,0 +1,13 @@
+[Trigger]
+Operation = Install
+Operation = Upgrade
+Type = Package
+Target = linux
+
+[Action]
+Description = Signing Kernel for SecureBoot
+When = PostTransaction
+Exec = /usr/bin/find /boot/ -maxdepth 1 -name 'vmlinuz-*' -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key /db.key --cert /db.crt --output {} {}; fi' \ ;
+Depends = sbsigntools
+Depends = findutils
+Depends = grep