You are not logged in.
I just set up secure boot with my own keys, following the wiki
After setting everything up and enrolling my keys using KeyTool, I wanted to check my secureboot status using the command mentioned here
This is what I got:
~ od --address-radix=n --format=u1 /sys/firmware/efi/efivars/SecureBoot*
6 0 0 0 1 7 0 0 0 3Now:
If Secure Boot is enabled, this command returns 1 as the final integer in a list of five, for example:
6 0 0 0 1
So I assumed something went wrong. The wiki text sounds a lot like secure boot is enabled if and only if I get exactly 5 digits with the last one being a 1. Now the keen observer might have noticed that my first 5 digits match those from the wiki exactly. But there is 5 additional ones.
The other command mentioned in the wiki tells me secureboot is enabled:
~ bootctl status
systemd-boot not installed in ESP.
No default/fallback boot loader installed in ESP.
System:
Firmware: UEFI 2.70 (Dell 1.00)
Secure Boot: enabled
Setup Mode: user
Current Boot Loader:
Product: n/a
Features: ✗ Boot counting
✗ Menu timeout control
✗ One-shot menu timeout control
✗ Default entry control
✗ One-shot entry control
✗ Support for XBOOTLDR partition
✗ Support for passing random seed to OS
✓ Boot loader sets ESP partition information
Stub: systemd-stub 245.7-1-arch
ESP: /dev/disk/by-partuuid/0547b9b9-484c-4b1f-9dae-9ace4dae9770
File: └─/EFI/Linux/linux.efi
Random Seed:
Passed to OS: no
System Token: set
Exists: no
Available Boot Loaders on ESP:
ESP: /efi (/dev/disk/by-partuuid/0547b9b9-484c-4b1f-9dae-9ace4dae9770)
Boot Loaders Listed in EFI Variables:
Title: Arch Linux
ID: 0x0002
Status: active, boot-order
Partition: /dev/disk/by-partuuid/0547b9b9-484c-4b1f-9dae-9ace4dae9770
File: └─/EFI/Linux/linux.efi
Title: Keytool
ID: 0x0000
Status: active, boot-order
Partition: /dev/disk/by-partuuid/0547b9b9-484c-4b1f-9dae-9ace4dae9770
File: └─/EFI/KeyTool.efi
Boot Loader Entries:
$BOOT: /efi (/dev/disk/by-partuuid/0547b9b9-484c-4b1f-9dae-9ace4dae9770)
Default Boot Loader Entry:
title: Arch Linux (linux.efi)
id: linux.efi
source: /efi/EFI/Linux/linux.efi
linux: EFI/Linux/linux.efi
options: BOOT_IMAGE=/boot/vmlinuz-linux root=/dev/mapper/intssd-root rw cryptdevice=UUID=4138cc27Keytool also tells me that secure boot is in "User Mode". And my Firmware settings tell me secure boot is enabled. (Tested several times now)
I also tried booting an unsigned binary which the firmware refused.
Which makes me think the wiki might be outdated here? I didn't post to the Talk page immediately as I don't want to categorically rule out issues on my end. Lets say I am 80% sure the issues lies with the wiki.
Last edited by LoNaAleim (2020-08-24 19:53:29)
Offline
It’s a little inaccurate indeed, since you found it you have now the honor of being the one fixing it.
Use a wiki account, post your reasons with a little details in the discussion page, and change the inaccurate part, after all, the wiki is also a community project.
For future things like this, the place for discussion is the discussion page on the wiki for the topic with the issue...
Notable things of course get discussed here in the forums, but things like this belong better at the wiki as a small thread in the discussion subpage.
Offline
Also note that there is an accuracy template which can be used to mark inaccurate content and draw more attention to the discussion (on the wiki talk page).
Offline
Thanks lahwaacz, I put the accuracy warning on the page and posted to the discussions.
Offline