Comments (12)
Can you clear the current secure boot keys in the firmware and try again?
from sbctl.
from sbctl.
Okay, so what I did was - boot the livecd, bootctl --esp-path=/boot install
, disable secure boot, finally boot into arch (not livecd), then do the rest of the instructions in the readme (signatures, generate efi stub), enable secure boot again, and then it won't let me boot, says /EFI/Linux/linux-linux.efi not trusted
or something
from sbctl.
Okay, I've figured it out. I had to sign /boot/EFI/Linux/linux-linux.efi
too, I did not at first because it was created after the Signatures
step. Now it works!
from sbctl.
Awesome :) Is there any instructions that should be made clearer? I have contemplated making a webpage with better documentation for sbctl
and goefi
.
from sbctl.
Dunno, tbh. But one thing for certain is that all $'s should be substituted with #'s, because It doesn't work without root
from sbctl.
Oh, btw, I assume it's not safe to store the keys in /usr/share/secureboot
on an unencrypted partition? I use systemd-homed
, and only my home folder is encrypted. Where do I put the keys?
from sbctl.
Dunno, tbh. But one thing for certain is that all $'s should be substituted with #'s, because It doesn't work without root
Good point.
Oh, btw, I assume it's not safe to store the keys in /usr/share/secureboot on an unencrypted partition? I use systemd-homed, and only my home folder is encrypted. Where do I put the keys?
You are correct. There isn't support for secure storage for the keys yet. I want to try have some support for yubikeys, and potentially some key encryption.
I want to write support for a config file, but haven't gotten that far yet. It would allow you to have other storage locations.
from sbctl.
hey Morten! i know i'm supposed to create a new issue, but i'm sorry i just don't know where to begin
please take a look at https://www.reddit.com/r/archlinux/comments/hx7tar/failed_to_boot_after_upgrading_to_5710/
tldr: kernel can't find modules after upgrade to 5.7.10, it's still looking at the modules/5.7.9 directory, and even when i downgraded to 5.7.8, it still looked at modules/5.7.9.
i think this has to do with sbctl
from sbctl.
Reboot your computer. Look at the output from uname -r
and pacman -Q linux
.
from sbctl.
this is very weird
p.s. uname -r shows 5.7.9 in both cases (before and after upgrade). pacman -Q linux not sure, before upgrade it's 5.7.9
from sbctl.
Did you reboot?
from sbctl.
Related Issues (20)
- Include Target= for linux-firmware HOT 1
- Allow export also in user mode HOT 2
- sbctl skips signing remaining items if one is not found HOT 1
- create-keys fails with "mkdir : no such file or directory" HOT 7
- Pacman hook doesn't work while installing wireless-regdb HOT 1
- Mkinitcpio post hook not included in Arch package HOT 3
- Move code to GitLab or Codeberg HOT 1
- Why does sbctl return "‼ /boot/efi/EFI/systemd/systemd-bootx64.efi does not exist" HOT 1
- Current minimum required go version is at least 1.20 HOT 4
- The point of the create-keys -e and -d options? HOT 2
- `sbctl verify` different output everytime HOT 2
- Enabling Secure Boot with enroll-keys HOT 3
- Automatic signing mkinitcpio post hook not working in latest archlinux package HOT 1
- Mkinitcpio post hook error HOT 4
- In the README the Ubuntu package link is not available, it takes the reader to the OpenSUSE package HOT 3
- Implement sbctl debug HOT 1
- Multiple displays and resolution doesn't work HOT 9
- Cannot re-enroll keys after upgrading system HOT 4
- Kernel removal fails if image file is already removed, resulting in multiple installed kernels on fedora HOT 2
- Unable to make secure boot to work on Surface Go 1st Gen and Arch Linux
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sbctl.