You are not logged in.

Pages: 1

#1 2015-09-14 01:29:11

hgabreu
Member
From: Brasil
Registered: 2009-10-19
Posts: 34

[SOLVED] Install Arch UEFI secure boot enabled - Invalid Signature err

I've followed the beginners' install guide and systemd-boot but my system won't boot. I get a red dialog with a "Secure boot error" title and a "Invalid Signature error" message.

Disabling the secure boot is not an option for me, it's a company laptop and the setup is locked.

I have wiped the whole disk and created an EFI partition (sda1) as instructed in the guides along with a swap (sda2) and root partition (sda3). Mounted the EFI partition as /boot, here's its tree.

/boot
- EFI
  - Boot
    - BOOTX64.EFI
  - systemd
    - systemd-bootx64.efi
- loader
  - entries
    - arch.conf
  - loader.conf
- initramfs-linux-fallback.img
- initramfs-linux.img
- vmlinux-linux

`efibootmgr -v` shows the Linux Boot Manager as first option, and it is pointed to \EFI\systemd\systemd-bootx64.efi

I have the arch iso on a usb thumb and after adding all the hashes I could boot into it normally. But my newly installed system won't boot.

I have no idea where to look to solve this. Can anyone help?

Last edited by hgabreu (2015-09-14 12:11:30)

Offline

#2 2015-09-14 02:16:29

jackro
Member
Registered: 2014-09-21
Posts: 14

Re: [SOLVED] Install Arch UEFI secure boot enabled - Invalid Signature err

You will need to enroll the bootloader's hashes in the system. This is pretty complicated, but see here:
http://www.rodsbooks.com/efi-bootloader … eboot.html

You may be best off asking someone at your company with access to disable secureboot for you, as if they are OK with you installing arch on there, they should be OK disabling secure boot.

#include <stddisclaimer.h>
Or, pull the CMOS battery and disable it yourself.

Offline

#3 2015-09-14 10:45:32

hgabreu
Member
From: Brasil
Registered: 2009-10-19
Posts: 34

Re: [SOLVED] Install Arch UEFI secure boot enabled - Invalid Signature err

Thanks a lot for your answer, it pointed me to right direction.

But it was a lot easier than the rodsbooks link that you and the wiki pointed me to. After reading a lot, I found this post on reddit and followed it.

Here is what I did:
I've booted into Arch USB, mounted my root and boot partitions and arch-chroot to it. Then

pacman -S prebootloader
cd /boot/EFI/systemd
mv systemd-bootx64.efi loader.efi
cp /usr/lib/prebootloader/* .
efibootmgr -c -l /EFI/systemd/HashTool.efi -L HashTool
efibootmgr -c -l /EFI/systemd/PreLoader.efi -L PreLoader

And just like that, it worked like magic. I will find a place (and time) to add this to the wiki. Anyway, it is so easy that should be mentioned even in the beginners guide.

Offline

#4 2016-01-20 22:26:57

sandstorm
Member
From: Zurich [CH] & Mannheim [DE]
Registered: 2005-08-13
Posts: 169

Re: [SOLVED] Install Arch UEFI secure boot enabled - Invalid Signature err

Wow, that really worked. You should add this to the wiki! I did not see it yet.
I could also do it. Would this be the right place?
https://wiki.archlinux.org/index.php/Un … leshooting

Offline

#5 2016-01-20 22:29:35

Head_on_a_Stick
Member
From: London
Registered: 2014-02-20
Posts: 7,732
Website

Re: [SOLVED] Install Arch UEFI secure boot enabled - Invalid Signature err

sandstorm wrote:

You should add this to the wiki! I did not see it yet.

https://wiki.archlinux.org/index.php/Se … led_system

Are you infected with Wetiko?

Offline

Pages: 1

Board footer

Powered by FluxBB