Language: English | 中文
- First clone this repository from GitHub
git clone https://github.com/BigfootACA/secureboot-utils
cd secureboot-utils
Or clone from Code Cloud
git clone https://gitee.com/ClassFun/secureboot-utils
cd secureboot-utils
- Run makepkg
makepkg
After the build is successful, an ArchLinux software package will be generated
- Use pacman to install the package
pacman -U secureboot-utils-1.1-1-any.pkg.tar.xz
Use yaourt:
yaourt -S secureboot-utils
Use yay:
yay -S secureboot-utils
- First you must support UEFI on your computer
ls /sys/firmware/efi
Or check from the BIOS.
- Then confirm that your computer supports SecureBoot
ls /sys/firmware/efi/efivars/SecureBoot-*
Or check from the BIOS.
- Adjust the SecureBoot mode from the BIOS to custom mode to prepare to import the generated public key
- Generate public and private keys and write them into the firmware system
secureboot-keygen
SecureBoot has been initialized, but the kernel or boot loader needs to be signed before enabling SecureBoot. Please check the following related content.
If you need to rewrite the public key to the system, execute the following command:
secure-write
secureboot-sign --replace /boot/vmlinuz-linux
This software package comes with the standard kernel package linux and linux-lts, when reinstalling the kernel or upgrading the kernel, it will automatically resign the kernel to ensure normal use after the kernel is upgraded and restarted.
secureboot-sign --systemd-boot
bootctl install
This package comes with systemd the installation hook of will automatically re-sign systemd-boot when reinstalling the kernel or upgrading systemd to ensure normal use after restart.
secureboot-sign --replace /boot/efi/EFI/boot/bootx64.efi
secureboot-sign --replace /boot/efi/EFI/arch/grubx64.efi