You are not logged in.
- Topics: Active | Unanswered
#1 2025-02-19 03:16:09
- eizengan
- Member
- Registered: 2025-02-13
- Posts: 11
Signature verification failure when attempting secure boot
I've been attempting to set up secure boot. I believe I'm close, but when I turn the feature on in UEFI I get signature verification failures.
To load keys, I've followed the ukify-based setup, and have added `/etc/kernel/uki.conf` as mentioned in the tip:
[UKI]
SecureBootPrivateKey=/etc/kernel/secure-boot-private-key.pem
SecureBootCertificate=/etc/kernel/secure-boot-certificate.pemThe keys created by the following commend loaded successfully after adding `secure-boot-enroll=force` in my `loader.conf` and rebooting:
ukify genkey --config=/etc/kernel/uki.confI've then configured kernel-install to create UKIs by
switching to `layout=uki` in `/etc/kernel/install.conf`
filling `/etc/kernel/cmdline` with my kernel parameters: `root=UUID=... quiet rw lockdown=integrity`
I have changed no plugins, nor have I modified mkinitcpio's config in any way.
My UKI was then created with the following command:
kernel-install add 6.13.2-arch /usr/lib/modules/6.13.2-arch1-1/vmlinuzThe UKI is capable of booting, but when Secure Boot is turned on in my firmware I see the following error in the UEFI GUI before being dumped to UEFI login:
Invalid signature detected. Check Secure Boot Policy in Setup
The above message suggests that my UKI hasn't been signed correctly. I suspect I've missed a step, but I've gone over the instructions on the various wiki pages and can't for the life of me find it. Is something about this setup obviously off?
Last edited by eizengan (2025-02-19 03:22:56)
Offline