Is there any easy to understand guide on how to enable secure boot support for arch?
#Enable Secure Boot
meager sluice
pulsar prism
.aw secure boot
thorn summitBOT
.aw secure boot
last sage
Is there any easy to understand guide on how to enable secure boot support for a...
why?
last sage
Secure Boot is fucking useless (talking from experience)
meager sluice
im dualbooting with windows and i dont want to waste time in enabling it when i want to boot on windows to play games and change disk order and stuff every time
last sage
im dualbooting with windows and i dont want to waste time in enabling it when i ...
riot?
storm linden
Personnaly I use sbctl (arch wiki link) 'cause Vanguard (Riot) and Windows...
meager sluice
Personnaly I use [sbctl (arch wiki link)](https://wiki.archlinux.org/title/Unifi...
yeah i want that too
storm linden
Then just follow the guide :,)
meager sluice
may i ask, will secure boot mess with my devices in general? i do passthrough and stuff in qemu
@storm linden
storm linden
having tested it, not normally
meager sluice
having tested it, not normally
so its pretty much safe to do?
storm linden
If I understand correctly what Secure Boot is, it's just protecting you from changing Linux or another OS before booting into the OS soo... it's pretty much safe
meager sluice
If I understand correctly what Secure Boot is, it's just protecting you from cha...
cool, can you mention from which part of the doc should i start focusing please?
meager sluice
But it's "Assissted process with sbctl"
i get this
❯ sbctl status
Installed: ✓ sbctl is installed
Owner GUID: 65665e97-7cbb-4e6f-8269-a1f8b1a71c7e
Setup Mode: ✓ Disabled
Secure Boot: ✗ Disabled
Vendor Keys: microsoft builtin-PK
~
❯ sbctl create-keys
Created Owner UUID 65665e97-7cbb-4e6f-8269-a1f8b1a71c7e
✓ Secure boot keys have already been created!
~
❯ sbctl enroll-keys -m
Your system is not in Setup Mode! Please reboot your machine and reset secure boot keys before attempting to enroll the keys.
You need to remove secure boot keys from your bios
And then I think you have to sign some boot files
Wait I'll watch for the guide
Yes,
# Setup Mode = Disable and Remove Secure Boot keys, Then
sbctl enroll-keys -m
sbctl verify # To see what files you need to sign
sbctl sign -s <file/to/sign>
And it's pretty much all you need to do, if you have windows on the same disk than Linux you have to do more I think
No, ok, it's the same, you just have to sign more files. If you want to sign every file without typing the same command again, you can use sbctl verify | sed 's/✗ /sbctl sign -s /e' as it's written in the manual.
meager sluice
You need to remove secure boot keys from your bios
so i gotta get into bios and do stuff or i can do from terminal in linux?
storm linden
You have to go onto the bios and clear existing keys if there is one
An then you boot into Linux and follow the guide
(It's litteraly written on what you've send)
storm linden
"Reset to Setup Mode"
storm linden
You disabled Secure Boot in the bios ?
last sage
@meager sluice
meager sluice
You disabled Secure Boot in the bios ?
yeah