I am trying to enable secure boot, but I do not know what modules I should add when reinstalling grub with the TPM module enabled. Is there anywhere I can see the modules that manjaro uses by default?
it’s a fair bit of work and understanding of the process involved to achieve that:
Unified Extensible Firmware Interface/Secure Boot - ArchWiki
This is a good tutorial, but it only preloads the tpm module and nothing else. The issue is I don’t know what are the other modules that are supposed to be preloaded
mkay - if that is what you got out of it …
I think it tells way more than that …
Why? It’s neither supported by Arch nor Manjaro. It’s up to you to do it yourself if you wish. @Nachlese linked the relevant documentation.
FYI, Secure Boot actually being secure is not as secure as it seems. Research, learn and prove all things.
The command used in the tutorial only loads tpm when installing grub, the issue is idk what are the default ones that manjaro needs to boot that I need to add to the command
# grub-install --target=x86_64-efi --efi-directory=*esp* --modules="tpm" --sbat /usr/share/grub/sbat.csv
Moderator edit: In the future, please use proper formatting: [HowTo] Post command output and file content as formatted text
I dont want to have to keep turning it off and on everytime I switch between windows and manjaro
… don’t argue
you are the one who had got questions a minute ago
instead, read and understand
I’m sorry, I don’t understand what you are trying to say. I do have secure boot working right now. The issue is that I get sent to the grub recovery screen at boot because I only have the TPM module preloaded and nothing else right now. What I am asking is what are the other modules that manjaro requires to boot?
hmm - apparently not
What is needed is detailed in this wiki article.
could you cite somewhere in the wiki?
no
and as that is a too short answer to give as a reply
according to the board system
I’ll just repeat it once more:
no
You should read all of it, because you have a misunderstanding that GRUB’s tpm module will somehow enable you to use secure boot. It’s not that simple.
I have installed the shim-signed files into the ESP boot directory
I have created an NVRAM entry with efibootmgr
I have created a MOK key and cert and used the cert to sign my kernel
I have reinstalled grub and signed the bootloader with my MOK key
I have enabled secure boot in the UEFI and enrolled the key in MOKManager
However grub gets stuck at the recovery screen, what am I doing wrong?
The procedure is described.
If you cannot make it work - or work along it - I cannot help.
I never bothered with secure boot - and never will.
Because it does NOT add any security … for my use case.
only adds complexity … more points of potential failure …
You would probably spare a lot of comments if you included all of this in the first post.
I don’t know what you are missing exactly, because I have never done it myself. I wonder if it can be replicated with secure boot in a VM.
If I were you I would try it with systemd-boot though.
Got it working found this which had the proper modules I needed to load.
I also added the modules: png and gfxmenu and manjaro boots without errors
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.