You are not logged in.
I finally decided to wipe out my Windows installation on my desktop machine and installed Arch on it.
Desktop runs on AMD 5900x, Asus X570F and 6900xt.
Everything else works flawlessly with secure boot turned off. I decided to enable secure boot this morning.
This is what I did:
1. Generated and enrolled user keys into BIOS.
2. Used sbupdate to generate unified UEFI kernel image and used efibootmgr to register the kernel image.
3. System boots fine with secure boot off.
4. When I turned secure boot on, BIOS spit out "The VGA card is not supported by UEFI driver" messages on post screen, and asked me to turn on CSM mode in the BIOS.
5. With CSM mode ON and secure boot ON, I can boot into system no problem.
6. If I want to disable CSM mode in BIOS, I will have to also disable secure boot.
Wonder if anyone had similar problems can shed some light here. Could it be a vbios issue or driver loading issue?
PS. I tried to include amdgpu in mkinitcpio.conf modules section and rebuild the unified kernel image, results are still the same.
Thanks in advance.
Last edited by FlyingpigNZ (2022-07-31 08:03:28)
Offline
There's a whole page on secure boot which might help.
Do you need secure boot to be enabled?
Offline
Your card might require some microsoft-signed firmware, so you could try to add the "Microsoft Corporation UEFI CA 2011"
https://wiki.archlinux.org/title/Unifie … ft_Windows
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline
There's a whole page on secure boot which might help.
Do you need secure boot to be enabled?
Thanks for the reply, Maybe I do not need it at all. Just noticed the problem while finalizing the installation, and curious about why.
Offline
Your card might require some microsoft-signed firmware, so you could try to add the "Microsoft Corporation UEFI CA 2011"
https://wiki.archlinux.org/title/Unifie … ft_Windows
Thanks, this might be the reason. I will give it a try when I am free.
Offline
Your card might require some microsoft-signed firmware, so you could try to add the "Microsoft Corporation UEFI CA 2011"
https://wiki.archlinux.org/title/Unifie … ft_Windows
Thank you very much, I think you pointed out exactly where the problem is.
Looks like the graphic card's UEFI is signed using Microsoft's certificate, which is fair, as manufacturers will not have my user keys.
Appending the keys generated using MS's cert fixed the problem.
Offline
It might be possible to avoid the microsoft certificate: https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom
If those option roms are required to get into the UEFI UI that is dangerous, though.
| alias CUTF='LANG=en_XX.UTF-8@POSIX ' |
Offline