You are not logged in.
Hi, I installed arch on my windows PC. I can't disable secure boot because windows 11 requires it, so I tried to setup secure boot on arch using shim-signed and GRUB.
I followed the instruction described here: https://wiki.archlinux.org/title/Unifie … _Boot#shim
Since I don't really need secure boot on arch, I tried to disable the verification process with
mokutil --disable-validationHowever, I still get "security violation" error when trying to chainload GRUB from shim.
So I guess I have to sign GRUB with a MOK for shim to work.
If I understand correctly, if I want to setup secure boot properly, I'll have to sign both GRUB and the kernel each time they update.
Is it possible to automate the process with a pacman hook similar to this?
[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux
Target = grub
[Action]
Description = signing kernel and bootloader
When = PostTransaction
Exec = /usr/local/bin/sign-securebootOr are there steps than can only be done manually?
Thanks for any advise or clarification.
Offline