[OPEN] Trouble getting secure boot working on Dell Inspiron 15 3525

Post Reply
Zebastjan
Crewman
Posts: 4
Joined: Sun Dec 04, 2022 11:51 am

I've been trying to get secure boot working on my new laptop, following the directions for sbctl.

Code: Select all

[zebastjan@yggdrasil ~]$ sbctl status 
Installed:      ✓ sbctl is installed
Setup Mode:     ✓ Disabled
Secure Boot:    ✗ Disabled
Vendor Keys:    none
Earlier, I had the "Owner GUID: ..." line in the output. But after more fiddling, it's disappeared.

Code: Select all

[[zebastjan@yggdrasil ~]$ sudo sbctl verify 
Verifying file database and EFI images in /boot/efi...
✓ /boot/efi/EFI/ArcoLinux/grubx64.efi is signed
✓ /boot/efi/EFI/boot/bootx64.efi is signed
✓ /boot/vmlinuz-linux is signed
With secure boot enabled, after running 'sbctl enroll-keys' I'm able to get to the unlocking luks part of the boot process, and "slot 0 opened". Then I get "Not permitted by secure boot policy." So, I've made some progress. I tried signing /boot/vmlinuz*. There was also a comment on one of the fora about using systemd-boot rather than grub. I tried that, but frankly, I'm not sure I set that up correctly, as it still looked like grub. I'm not sure what else to try at this point.
User avatar
erikdubois
Captain
Posts: 5870
Joined: Tue Nov 07, 2017 3:45 pm
Location: Belgium
Contact:

I have no knowledge about secure boot.

I can not help you.
Learn, have fun and enjoy.
But first use the power of the Arch Wiki
use the tutorials on https://www.youtube.com/erikdubois
then use the power of google
then use the power of our moderators.
Zebastjan
Crewman
Posts: 4
Joined: Sun Dec 04, 2022 11:51 am

I've got some addition information, which may be helpful.

Code: Select all

zebastjan@yggdrasil ~> yay
...
:: Prilaborante pakaĵajn ŝanĝojn...
(1/9) promociado arcolinux-system-config-git                                                          [------------------------------------------------------------] 100%

WARNING:

If you are on Grub then install the following package
sudo pacman -S arcolinux-bootloader-grub-git

If you are on Systemd-boot then install the following package
sudo pacman -S arcolinux-bootloader-systemd-boot-git

WARNING:

systemd-boot not installed in ESP.
The bootloader is GRUB.
Install the package for your safety

sudo pacman -S arcolinux-bootloader-grub-git

It contains all the pacman hooks it needs.


Congrats the package is installed - you are safe
I've been trying to use systemd-boot, as it was suggested to be easier to get working with secure boot. So this message is saying what I suspected, that the system is still using grub to boot. This is the output when I try installing the systemd-bootloader from the message:

Code: Select all

zebastjan@yggdrasil ~> yay arcolinux-bootloader-systemd-boot-git
1 arcolinux_repo/arcolinux-bootloader-systemd-boot-git 24.03-06 (14.1 KiB 34.5 KiB) (Installed)
It shows that the package is already installed. So I reinstalled it, w/out seeing any messages about removing grub. The warning message then disappeared at the next system update.
User avatar
erikdubois
Captain
Posts: 5870
Joined: Tue Nov 07, 2017 3:45 pm
Location: Belgium
Contact:

Is there a question in here or is it just for information?

Check out these scripts

toboot
togrub
torefind

the content might help you understand how bootloaders need to be set up
Learn, have fun and enjoy.
But first use the power of the Arch Wiki
use the tutorials on https://www.youtube.com/erikdubois
then use the power of google
then use the power of our moderators.
Zebastjan
Crewman
Posts: 4
Joined: Sun Dec 04, 2022 11:51 am

Thanks! Not sure if switching toboot will work, but it's worth a shot.
User avatar
erikdubois
Captain
Posts: 5870
Joined: Tue Nov 07, 2017 3:45 pm
Location: Belgium
Contact:

Try.
Fail.
Try again.
Succeed.
Learn, have fun and enjoy.
But first use the power of the Arch Wiki
use the tutorials on https://www.youtube.com/erikdubois
then use the power of google
then use the power of our moderators.
Post Reply

Return to “Kernel & Hardware”