Language: English | 中文
- First clone this repository from GitHub
git clone https://github.com/BigfootACA/secureboot-utils
cd secureboot-utils Or clone from Code Cloud
git clone https://gitee.com/ClassFun/secureboot-utils
cd secureboot-utils- Run makepkg
makepkgAfter the build is successful, an ArchLinux software package will be generated
- Use pacman to install the package
pacman -U secureboot-utils-1.1-1-any.pkg.tar.xzUse yaourt:
yaourt -S secureboot-utilsUse yay:
yay -S secureboot-utils- First you must support UEFI on your computer
ls /sys/firmware/efi Or check from the BIOS.
- Then confirm that your computer supports SecureBoot
ls /sys/firmware/efi/efivars/SecureBoot-* Or check from the BIOS.
- Adjust the SecureBoot mode from the BIOS to custom mode to prepare to import the generated public key
- Generate public and private keys and write them into the firmware system
secureboot-keygenSecureBoot has been initialized, but the kernel or boot loader needs to be signed before enabling SecureBoot. Please check the following related content.
If you need to rewrite the public key to the system, execute the following command:
secure-writesecureboot-sign --replace /boot/vmlinuz-linuxThis software package comes with the standard kernel package linux and linux-lts, when reinstalling the kernel or upgrading the kernel, it will automatically resign the kernel to ensure normal use after the kernel is upgraded and restarted.
secureboot-sign --systemd-boot
bootctl installThis package comes with systemd the installation hook of will automatically re-sign systemd-boot when reinstalling the kernel or upgrading systemd to ensure normal use after restart.
secureboot-sign --replace /boot/efi/EFI/boot/bootx64.efi
secureboot-sign --replace /boot/efi/EFI/arch/grubx64.efi