What grub modules are preloaded by default?

I am trying to enable secure boot, but I do not know what modules I should add when reinstalling grub with the TPM module enabled. Is there anywhere I can see the modules that manjaro uses by default?

it’s a fair bit of work and understanding of the process involved to achieve that:

Unified Extensible Firmware Interface/Secure Boot - ArchWiki

This is a good tutorial, but it only preloads the tpm module and nothing else. The issue is I don’t know what are the other modules that are supposed to be preloaded

mkay - if that is what you got out of it …
I think it tells way more than that …

Why? It’s neither supported by Arch nor Manjaro. It’s up to you to do it yourself if you wish. @Nachlese linked the relevant documentation.

FYI, Secure Boot actually being secure is not as secure as it seems. Research, learn and prove all things.

2 Likes

The command used in the tutorial only loads tpm when installing grub, the issue is idk what are the default ones that manjaro needs to boot that I need to add to the command

# grub-install --target=x86_64-efi --efi-directory=*esp* --modules="tpm" --sbat /usr/share/grub/sbat.csv

Moderator edit: In the future, please use proper formatting: [HowTo] Post command output and file content as formatted text

I dont want to have to keep turning it off and on everytime I switch between windows and manjaro

… don’t argue
you are the one who had got questions a minute ago :wink:

instead, read and understand :wink:

I’m sorry, I don’t understand what you are trying to say. I do have secure boot working right now. The issue is that I get sent to the grub recovery screen at boot because I only have the TPM module preloaded and nothing else right now. What I am asking is what are the other modules that manjaro requires to boot?

hmm - apparently not

What is needed is detailed in this wiki article.

could you cite somewhere in the wiki?

no

and as that is a too short answer to give as a reply
according to the board system
I’ll just repeat it once more:

no

You should read all of it, because you have a misunderstanding that GRUB’s tpm module will somehow enable you to use secure boot. It’s not that simple.

1 Like

I have installed the shim-signed files into the ESP boot directory
I have created an NVRAM entry with efibootmgr
I have created a MOK key and cert and used the cert to sign my kernel
I have reinstalled grub and signed the bootloader with my MOK key
I have enabled secure boot in the UEFI and enrolled the key in MOKManager

However grub gets stuck at the recovery screen, what am I doing wrong?

The procedure is described.
If you cannot make it work - or work along it - I cannot help.

I never bothered with secure boot - and never will.

Because it does NOT add any security … for my use case.

only adds complexity … more points of potential failure …

1 Like

You would probably spare a lot of comments if you included all of this in the first post.

I don’t know what you are missing exactly, because I have never done it myself. I wonder if it can be replicated with secure boot in a VM.

If I were you I would try it with systemd-boot though.

1 Like

Got it working found this which had the proper modules I needed to load.

I also added the modules: png and gfxmenu and manjaro boots without errors

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.