There is an update to script I have been meaning to do for quite some time.
It is time… and done 0.7 - wonky/secure-boot-setup - Codeberg.org
A reminder:
- Ensure your firmware’s Secure Boot is in setup mode
- It was created as PoC
- Adjust variables at the top of the script
- Uses btrfs as filesystem
- Match a default Manjaro layout
- Added
@snapshotsubvolume
- It is an absolute minimal working installation
- No boot loader
- Minimised attack surface
- Encrypted systems do not hibernate
- Swap is re-encrypted at every boot
- No dual-boot - unless the system has two (2) disks
- Remember to lock your firmware to prevent disabling secure boot
For ideas on how to get a complete Manjaro Desktop