You are not logged in.
Edit:
I no longer need help with this as I am no longer running Arch on this setup.
I am running a dual boot with Win11 and Arch on separate drives. I did a manual install following the wiki and I chose grub as my bootloader.
I'd like to enable secure boot with grub for Arch and Windows. After digging through the wiki and the web I read about a few ways to accomplish this, but I am having trouble getting my head around this and I don't want to try anything without being sure I know what I'm doing.
The first method I read about with grub is to make use of CA Keys by running this command quoting the wiki:
# grub-install --target=x86_64-efi --efi-directory=esp --bootloader-id=GRUB --modules="tpm" --disable-shim-lock
With secure boot in setup mode. Is it okay to run this command with grub already installed and will this sign anything that needs to be signed for secure boot?
The second method is with shim but as far as I understand I don't need to use shim if I chose to use CA Keys.
The other method is with sbctl. I'm not sure if this needs to be combined with the first method or if it's a even a separate method in the first place. Can sbctl be used with grub? Do I need to sign the Windows files if it's installed on a separate drive? Will sbctl automatically make a pacman hook to sign files again after a system update?
I am a little lost on how to properly implement this with grub and a windows dual boot. I hope I provided enough info, if not let me know and thanks!
Last edited by Boomstomp (2024-08-22 15:03:25)
Offline