I ran into a problem while trying to certificate manjaro to be able secure boot

I have to enable secure boot, as I need to double boot win11 and this manjaro installation for work and studies. I’ve been trying via multiple online instructions on forums, different ways of enabling secure boot via giving my manjaro installation a certificate that won’t trigger. Non of this solutions thus far have worked. I’ve watched this video (called “Enable secure boot on Linux | Dual boot Windows 11 and Linux” by “TechModder Aryan”, I can’t put links), and it seemed like a pretty short and straight forward process, so I gave it a go. I ran into problems only in the last part, wherein I had to run the following command:

efibootmgr -v -d /dev/nvme0n1p -p 1 --create --label “Shim” --loader /boot/efi/EFI/Boot/bootx64.efi

Which threw the following error:

Could not prepare Boot variable: No such file or directory
error trace:
creator.c:174 efi_va_generate_file_device_path_from_esp(): could not open device for ESP: No such file or directory
creator.c:335 efi_generate_file_device_path_from_esp(): could not generate File DP from ESP: No such file or directory
efi.c:225 make_linux_load_option(): efi_generate_file_device_path_from_esp() = -1 (failed): No such file or directory
efibootmgr.c:295 make_var(): make_linux_load_option() failed: No such file or directory
efibootmgr.c:344 make_var(): Could not set variable: No such file or directory

Even though my bootx64.efi exists and is called that way, the case sensitive path is well written, and, I made sure to use the appropriate /dev/ (through “fdisk -l” I got: “/dev/nvme0n1p1 2048 534527 532480 260M Sistema EFI” among the rest of my partitions).

I don’t know how to proceed, or if indeed I should use another method (I’d prefer to pull through with this one as it is something I can wrap my head around what I’m doing and not blindly following instructions).

Just disable secure boot and everything will work (unless you broke something trying to fix what was not broken).
Secure boot is still not a requirement for running windows, thank God. It has to be available but can be disabled.

It is a requirement, both because my win11 won’t start unless secure boot is enabled, which I think I can change, at the spense of some services, which is part two, I need to use some services which require secure boot to be enabled in order tu function, and going through all of those loops in windows is more of a nightmare than this process in manjaro should really be. Right now I have to go through the bios and activate/deactivate secure boot each time, which is a very poorly usable dualboot

Better and more detailed and structured is following the Arch Wiki on this.

Unified Extensible Firmware Interface/Secure Boot - ArchWiki

I have never done it - didn’t need to.
But I trust that the procedure works.

It looks like quite a lot of work.

I think @Teo was right - I have not heard of Windows (or some services within it) absolutely insisting on secure boot being active.
After disabling it, it should work just as well as it did before.
But you seem to know what I only have heard and have no experience with. :man_shrugging:

Some weird and intrusive abomination of “Anti-Cheat” software does this.

1 Like

You are right, although I already ended up in that wiki article, but got stuck in the same spot, the video loosely follows it anyways, but going again through it just to make sure didn’t yield any new results, it throws the same error on the same command.

Depending on what motherboard you have there may be an option in the BIOS to allow execution of untrusted images even with Secure Boot turned on. On my MSI motherboard it’s under Security → Secure Boot → Image Execution Policy.

This is a far easier solution as long as you don’t care about it actually being “secure”. Win11 is happy because Secure Boot is enabled but untrusted images like Manjaro will still run.

There was actually a bit a bit of a fuss recently because MSI had this as the default for Secure Boot (changed in later firmware). They probably shouldn’t have done that but the scaremongering is way over the top.

So … back to the issue

“No such file or directory” may mean exactly what it says.

Does /boot/efi/EFI/Boot/ exist? Does /dev/nvme0n1p exist? (or rather nvme0n1p1)

Maybe we can start with lsblk for some general partition rundown.