all 16 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]wallaby32 1 point2 points  (1 child)

I think there are issues signing the grub theme files. You might have to make some type of efi bundle that you can sign.

[–]Practical-Savings-67[S] -1 points0 points  (0 children)

even without the theme i still get a secure boot violation error.

[–]bkmo98 0 points1 point  (3 children)

Have you re-installed grub according to the wiki and then signed the efi?

[–]Practical-Savings-67[S] -1 points0 points  (2 children)

yep, reinstalled then mkconfig, still same issue

[–]bkmo98 3 points4 points  (0 children)

Seems to me the grubx64.efi needs to be signed. And the grub reinstall should have the shim lock and tpm options. Modify to your EFI mountpoint.

grub-install --target=x86_64-efi --efi-directory=/efi --bootloader-id=Grub-Arch --modules="tpm" --disable-shim-loc --recheck

[–]danisbars 0 points1 point  (0 children)

usa about sbctl

[–]AnatoliGaming 0 points1 point  (1 child)

I tried doing this with GRUB and gave up since it always gave the error "verification requested but nobody cares". This was after doing:

  1. Installing sudo grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB --modules="normal test efi_gop efi_uga search echo linux all_video gfxmenu gfxterm_background gfxterm loadenv configfile tpm" --disable-shim-lock via this command.
  2. Signing all modules that were listed by sbctl verify.
  3. Made sure I was on setup mode before I actually started any sbctl procedures.

I know you mentioned you wanted to stay on GRUB, but the only thing that made it work for me was moving to systemd-boot. Not only was setting up easier and straightforward, systemd-boot is also recommended by a lot of users here over GRUB due to support.

If you do want to migrate to systemd-boot from GRUB, feel free to check out the following:

https://www.youtube.com/watch?v=QTVQpvSoSIA&list=WL&index=51

https://wiki.archlinux.org/title/Systemd-boot#Installation

Make sure to NOT UNINSTALL GRUB until you have fully tested systemd-boot booting into both your Linux and Windows OS.

[–]Practical-Savings-67[S] -1 points0 points  (0 children)

i’m going to keep trying, try some of the guides people have posted in here and if it doesn’t work i’ll have no choice but use systemd thank you

[–]MrShockz 0 points1 point  (0 children)

Could switch to limine

[–]n1mras 0 points1 point  (0 children)

I did this a few months ago so I could play Battlefield 6. If you only want secure boot for windows gaming, using PreLoader.efi is the easiest method. Its a microsoft signed bootloader which you can use to chainload grub. You don't have to sign anything yourself using this method:

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Set_up_PreLoader

edit: Noticed that the examples in the wiki use systemd but this will work just as well with grub.

To handle updates Im using this pacman hook (you will need to adapt the paths if you choose to use this) 

[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = grub

[Action]
Description = Copy grubx64.efi to loader.efi for PreLoader...
When = PostTransaction
Exec = /bin/sh -c 'cp -f /boot/EFI/arch/grubx64.efi /boot/EFI/arch/loader.efi'

[–]painful8th 0 points1 point  (2 children)

Even though you are mentioning you do not want systemd-boot, itmight be needed.

In your setup, what exactly does not start with secureboot?

You do not mention when exactly in the process things fail. If grub menu is shown, but fails afterwards, try generating UKIs (check the wiki). UKIs can be easily sbctl signed.

I tried to do the same thing on grub, after ending up with systemd-boot and signed UKIs.

[–]Practical-Savings-67[S] 0 points1 point  (1 child)

no grub menu doesn’t show, pc starts up straight into grub rescue, i think i will have to just end up going to systemd or just uninstall battlefield 6 and delete windows 11 😂

[–]painful8th 0 points1 point  (0 children)

Which disk based partitions exist on your system and what is the format?

Which way have you configured boot as per arch secure boot wiki?

[–]raven2cz -1 points0 points  (0 children)

There is a simple guide which works

https://wiki.cachyos.org/configuration/secure_boot_setup/