You are not logged in.

Pages: 1

#1 2025-11-28 15:32:17

riverbed
Member
Registered: 2024-12-26
Posts: 2

Arch Linux and Windows 11 Dual Boot with Secure Boot Enabled

Laptop Model: Legion 7i 16IAX7

I need to enable secure boot to play certain games on Windows 11 but I use Arch as my daily driver. I was trying to setup secure boot to work with Arch using sbctl following instructions on the wiki (https://wiki.archlinux.org/title/Unifie … with_sbctl).

The problem is when I choose "Reset to Setup Mode" in the UEFI settings and boot into Arch again I get:

sudo sbctl status
system is not booted with UEFI

I did see on a forum for Framework laptops that they had a similar issue and it was fixed by manually deleting the keys except for the dbx key (apparently it was deleting more keys than it should).
The problem with that is my UEFI settings UI is different and does not provide such an option.
I don't know of any way to manually remove them other than from the UEFI settings and don't know if I should even if it was possible.

It is also important to note the differences in the following commands' outputs.
BEFORE ENABLING SETUP MODE
sudo sbctl status

Installed:	✓ sbctl is installed
Owner GUID:	29336bff-2740-470e-a71e-2cba37064deb
Setup Mode:	✓ Disabled
Secure Boot:	✗ Disabled
Vendor Keys:	microsoft builtin-db builtin-PK
ls /sys/firmware/efi/efivars

AcpiGlobalVariable-c020489e-6db2-4ef2-9aa5-ca06fc11d36a
ActiveVgaDev-59d1c24f-50f1-401a-b101-f33e0daed443
ArbSvnInfo-643d5856-c4f9-4abe-9c27-331ae36639aa
BoardInfoSetup-1e785e1a-8ec4-49e4-8275-fbbdeded18e7
Boot0000-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0001-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0002-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0004-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0005-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot0012-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot2001-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot2002-8be4df61-93ca-11d2-aa0d-00e098032b8c
Boot2003-8be4df61-93ca-11d2-aa0d-00e098032b8c
BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
BootOptionSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
BRDS-42780dd5-9a7d-404c-80e4-7f7094360394
BugCheckCode-ba57e015-65b3-4c3c-b274-659192f699e3
BugCheckParameter1-ba57e015-65b3-4c3c-b274-659192f699e3
BugCheckProgress-ba57e015-65b3-4c3c-b274-659192f699e3
certdb-59d1c24f-50f1-401a-b101-f33e0daed443
certdbv-59d1c24f-50f1-401a-b101-f33e0daed443
CheckFirstBoot-59d1c24f-50f1-401a-b101-f33e0daed443
CirrusSmartAmpCalibrationData-02f9af02-7734-4233-b43d-93fe5aa35db3
ConIn-8be4df61-93ca-11d2-aa0d-00e098032b8c
ConInCandidateDev-59d1c24f-50f1-401a-b101-f33e0daed443
ConInDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
ConOut-8be4df61-93ca-11d2-aa0d-00e098032b8c
ConOutCandidateDev-59d1c24f-50f1-401a-b101-f33e0daed443
ConOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
CpuSetup-b08f97ff-e6e8-4193-a997-5e9e9b0adb32
CpuSetupVolatileData-b08f97ff-e6e8-4193-a997-5e9e9b0adb32
CurrentPolicy-77fa9abd-0359-4d32-bd60-28f4e78f784b
Custom-4570b7f1-ade8-4943-8dc3-406472842384
Custom-5432122d-d034-49d2-a6de-65a829eb4c74
Custom-72c5e28c-7783-43a1-8767-fad73fccafa4
Custom-a04a27f4-df00-4d42-b552-39511302113d
Custom-aaf8e719-48f8-4099-a6f7-645fbd694c3d
Custom-b08f97ff-e6e8-4193-a997-5e9e9b0adb32
Custom-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
CustomPlatformLang-59d1c24f-50f1-401a-b101-f33e0daed443
CustomSecurity-59d1c24f-50f1-401a-b101-f33e0daed443
db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f
dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
DTbtNvmVersion-81f0212d-fa55-4764-a903-0c28ba1d9baa
ErrOutDev-8be4df61-93ca-11d2-aa0d-00e098032b8c
EWRD-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
FBSWIF-d743491e-f484-4952-a87d-8d5dd189b70c
FeData-1f2d63e1-febd-4dc7-9cc5-ba2b1cef9c5b
FirstBootAfterFlash-59d1c24f-50f1-401a-b101-f33e0daed443
FullReset-59d1c24f-50f1-401a-b101-f33e0daed443
GPC-42780dd5-9a7d-404c-80e4-7f7094360394
GPC-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
H2OFormDialogConfig-98ae8272-ce5a-46be-9f5d-d9f9cbbb99f2
HybridGraphicsVariable-b2b7c21f-1786-4a64-be69-16cef7647331
IhisiParamBuffer-92e59835-5f42-4e0b-9a84-47c7810ea806
InitSetupVariable-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
Intel-pwrovr-74b00bd9-805a-4d61-b51f-43268123d113
IntelVmdOsVariable-61a14fe8-4dab-4a19-b1e3-97fb23d09212
IP6_CONFIG_IFR_NVDATA-02eea107-98db-400e-9830-460a1542d799
KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
L05ConfigVar-74d69abb-57c3-4d7f-bfb4-26a2549610f1
L05OkrData-9669e125-fedf-43f7-891a-5af85efcdefc
Lang-8be4df61-93ca-11d2-aa0d-00e098032b8c
LangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
LBLDESP-871455d0-5576-4fb8-9865-af0824463b9e
LBLDVC-871455d1-5576-4fb8-9865-af0824463c9f
lBoot0000-146b234d-4052-4e07-b326-11220f8e1fe8
lBoot0001-146b234d-4052-4e07-b326-11220f8e1fe8
lBoot0002-146b234d-4052-4e07-b326-11220f8e1fe8
lBoot0003-146b234d-4052-4e07-b326-11220f8e1fe8
LvarSmiReadyFlag-6acce65d-da35-4b39-b64b-5ed927a7dc7e
MemoryOverwriteRequestControl-e20939be-32d4-41be-a150-897f85d49829
MemoryOverwriteRequestControlLock-bb983ccf-151d-40e1-a07b-4a17be168292
MeSetup-5432122d-d034-49d2-a6de-65a829eb4c74
MeSetupStorage-5432122d-d034-49d2-a6de-65a829eb4c74
MeSetupStorageCustom-5432122d-d034-49d2-a6de-65a829eb4c74
MotherBoardHealth-ea1fcaee-3a77-4bb8-9b98-518e75d29a99
MTC-eb704011-1402-11d3-8e77-00a0c969723b
NetworkSetup-a04a27f4-df00-4d42-b552-39511302113d
NhltEndpointsTableConfigurationVariable-a1d89a3a-4a90-429d-4365-1f64c3a29614
OfflineUniqueIDEKPubCRC-eaec226f-c9a3-477a-a826-ddc716cdc0e3
OfflineUniqueIDEKPub-eaec226f-c9a3-477a-a826-ddc716cdc0e3
OsIndications-8be4df61-93ca-11d2-aa0d-00e098032b8c
OsIndicationsSupported-8be4df61-93ca-11d2-aa0d-00e098032b8c
PBRDevicePath-a9b5f8d2-cb6d-42c2-bc01-b5ffaae4335e
PchSetup-4570b7f1-ade8-4943-8dc3-406472842384
PciBusSetup-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
PhysicalBootOrder-59d1c24f-50f1-401a-b101-f33e0daed443
PK-8be4df61-93ca-11d2-aa0d-00e098032b8c
PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
PlatformLang-8be4df61-93ca-11d2-aa0d-00e098032b8c
PlatformLangCodes-8be4df61-93ca-11d2-aa0d-00e098032b8c
RestoreFactoryDefault-59d1c24f-50f1-401a-b101-f33e0daed443
S3MemoryVariable-973218b9-1697-432a-8b34-4884b5dfb359
SADS-42780dd5-9a7d-404c-80e4-7f7094360394
SADS-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
SaSetup-72c5e28c-7783-43a1-8767-fad73fccafa4
SecureBoot-8be4df61-93ca-11d2-aa0d-00e098032b8c
SecureBootData-aa1305b9-01f3-4afb-920e-c9b979a852fd
SecureBootEnforce-59d1c24f-50f1-401a-b101-f33e0daed443
SecureFlashInfo-382af2bb-ffff-abcd-aaee-cce099338877
SetPcrBanks-8376bdca-5e03-4735-951a-4a74141e5886
Setup-a04a27f4-df00-4d42-b552-39511302113d
SetupCpuFeatures-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
Setup-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
SetupMode-8be4df61-93ca-11d2-aa0d-00e098032b8c
SignatureSupport-8be4df61-93ca-11d2-aa0d-00e098032b8c
SiSetup-aaf8e719-48f8-4099-a6f7-645fbd694c3d
SPLC-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
TbtSetupVolatileData-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
Tcg2ConfigInfo-07a66697-d400-4903-b3da-67a61d2b7058
Tcg2PhysicalPresence-aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54
Tcg2PhysicalPresenceFlags-aeb9c5c1-94f1-4d02-bfd9-4602db2d3c54
Timeout-8be4df61-93ca-11d2-aa0d-00e098032b8c
UIT_DATA-fe47349a-7f0d-4641-822b-34baa28ecdd0
UIT_HEADER-fe47349a-7f0d-4641-822b-34baa28ecdd0
UnlockIDCopy-eaec226f-c9a3-477a-a826-ddc716cdc0e3
VarErrorFlag-04b37fe8-f6ae-480b-bdd5-37d98c5e89aa
VendorKeys-8be4df61-93ca-11d2-aa0d-00e098032b8c
WAND-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
WGDS-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
WIFI_MANAGER_IFR_NVDATA-3441803e-5a88-4941-82f0-858a1085276c
WRDD-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
WRDS-92daaf2f-c02b-455b-b2ec-f5a3594f4aea
bootctl

systemd-boot not installed in ESP.
No default/fallback boot loader installed in ESP.
System:
      Firmware: n/a (n/a)
 Firmware Arch: x64
   Secure Boot: disabled
  TPM2 Support: yes
  Measured UKI: no
  Boot into FW: supported

Random Seed:
 System Token: not set
       Exists: no

Available Boot Loaders on ESP:
          ESP: /boot (/dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264)

Boot Loaders Listed in EFI Variables:
        Title: rEFInd Boot Manager
           ID: 0x0000
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264
         File: └─/boot//EFI/refind/refind_x64.efi

        Title: Windows Boot Manager
           ID: 0x0001
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264
         File: └─/boot//EFI/Microsoft/Boot/bootmgfw.efi

        Title: Windows Boot Manager
           ID: 0x0005
       Status: active
    Partition: /dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264
         File: └─/boot//EFI/Microsoft/Boot/bootmgfw.efi

        Title: Windows Boot Manager
           ID: 0x0012
       Status: active
    Partition: /dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264
         File: └─/boot//EFI/Microsoft/Boot/bootmgfw.efi

Boot Loader Entry Locations:
          ESP: /boot (/dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264, $BOOT)
       config: /boot//loader/loader.conf: No such file or directory
        token: arch

0 entries, no entry could be determined as default.
efibootmgr -v

BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,0001,2001,2002,2003
Boot0000* rEFInd Boot Manager	HD(1,GPT,d44d4398-495b-4837-bdd1-46582746e264,0x800,0x100000)/\EFI\refind\refind_x64.efi
      dp: 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 00 00 10 00 00 00 00 00 98 43 4d d4 5b 49 37 48 bd d1 46 58 27 46 e2 64 02 02 / 04 04 3a 00 5c 00 45 00 46 00 49 00 5c 00 72 00 65 00 66 00 69 00 6e 00 64 00 5c 00 72 00 65 00 66 00 69 00 6e 00 64 00 5f 00 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00
Boot0001* Windows Boot Manager	HD(1,GPT,d44d4398-495b-4837-bdd1-46582746e264,0x800,0x100000)/\EFI\Microsoft\Boot\bootmgfw.efiRC
      dp: 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 00 00 10 00 00 00 00 00 98 43 4d d4 5b 49 37 48 bd d1 46 58 27 46 e2 64 02 02 / 04 04 46 00 5c 00 45 00 46 00 49 00 5c 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 5c 00 42 00 6f 00 6f 00 74 00 5c 00 62 00 6f 00 6f 00 74 00 6d 00 67 00 66 00 77 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00
    data: 52 43
Boot0002* EFI PXE 0 for IPv4 (6C-24-08-E3-85-63) 	PciRoot(0x0)/Pci(0x1b,0x0)/Pci(0x0,0x0)/MAC(6c2408e38563,0)/IPv4(0.0.0.0,0,DHCP,0.0.0.0,0.0.0.0,0.0.0.0)RC
      dp: 02 01 0c 00 d0 41 03 0a 00 00 00 00 / 01 01 06 00 00 1b / 01 01 06 00 00 00 / 03 0b 25 00 6c 24 08 e3 85 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 / 03 0c 1b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 / 7f ff 04 00
    data: 52 43
Boot0003* EFI PXE 0 for IPv6 (6C-24-08-E3-85-63) 	PciRoot(0x0)/Pci(0x1b,0x0)/Pci(0x0,0x0)/MAC(6c2408e38563,0)/IPv6([::],0,Static,[::],[::],64)RC
      dp: 02 01 0c 00 d0 41 03 0a 00 00 00 00 / 01 01 06 00 00 1b / 01 01 06 00 00 00 / 03 0b 25 00 6c 24 08 e3 85 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 / 03 0d 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 / 7f ff 04 00
    data: 52 43
Boot0004* EFI PXE 0 for IPv6 (6C-24-08-E3-85-63) 	PciRoot(0x0)/Pci(0x1b,0x0)/Pci(0x0,0x0)/MAC(6c2408e38563,0)/IPv6([::],0,Static,[::],[::],64)RC
      dp: 02 01 0c 00 d0 41 03 0a 00 00 00 00 / 01 01 06 00 00 1b / 01 01 06 00 00 00 / 03 0b 25 00 6c 24 08 e3 85 63 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 / 03 0d 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 / 7f ff 04 00
    data: 52 43
Boot0005* Windows Boot Manager	HD(1,GPT,d44d4398-495b-4837-bdd1-46582746e264,0x800,0x100000)/\EFI\Microsoft\Boot\bootmgfw.efi
      dp: 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 00 00 10 00 00 00 00 00 98 43 4d d4 5b 49 37 48 bd d1 46 58 27 46 e2 64 02 02 / 04 04 46 00 5c 00 45 00 46 00 49 00 5c 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 5c 00 42 00 6f 00 6f 00 74 00 5c 00 62 00 6f 00 6f 00 74 00 6d 00 67 00 66 00 77 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00
Boot0012* Windows Boot Manager	HD(1,GPT,d44d4398-495b-4837-bdd1-46582746e264,0x800,0x100000)/\EFI\Microsoft\Boot\bootmgfw.efi57494e444f5753000100000088000000780000004200430044004f0042004a004500430054003d007b00390064006500610038003600320063002d0035006300640064002d0034006500370030002d0061006300630031002d006600330032006200330034003400640034003700390035007d0000002c000100000010000000040000007fff0400
      dp: 04 01 2a 00 01 00 00 00 00 08 00 00 00 00 00 00 00 00 10 00 00 00 00 00 98 43 4d d4 5b 49 37 48 bd d1 46 58 27 46 e2 64 02 02 / 04 04 46 00 5c 00 45 00 46 00 49 00 5c 00 4d 00 69 00 63 00 72 00 6f 00 73 00 6f 00 66 00 74 00 5c 00 42 00 6f 00 6f 00 74 00 5c 00 62 00 6f 00 6f 00 74 00 6d 00 67 00 66 00 77 00 2e 00 65 00 66 00 69 00 00 00 / 7f ff 04 00
    data: 57 49 4e 44 4f 57 53 00 01 00 00 00 88 00 00 00 78 00 00 00 42 00 43 00 44 00 4f 00 42 00 4a 00 45 00 43 00 54 00 3d 00 7b 00 39 00 64 00 65 00 61 00 38 00 36 00 32 00 63 00 2d 00 35 00 63 00 64 00 64 00 2d 00 34 00 65 00 37 00 30 00 2d 00 61 00 63 00 63 00 31 00 2d 00 66 00 33 00 32 00 62 00 33 00 34 00 34 00 64 00 34 00 37 00 39 00 35 00 7d 00 00 00 2c 00 01 00 00 00 10 00 00 00 04 00 00 00 7f ff 04 00
Boot2001* EFI USB Device	RC
      dp: 7f ff 04 00
    data: 52 43
Boot2002* EFI DVD/CDROM	RC
      dp: 7f ff 04 00
    data: 52 43
Boot2003* EFI Network	RC
      dp: 7f ff 04 00
    data: 52 43
AFTER ENABLING SETUP MODE
ls /sys/firmware/efi/efivars

dbDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
dbxDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
FeData-1f2d63e1-febd-4dc7-9cc5-ba2b1cef9c5b
H2OFormDialogConfig-98ae8272-ce5a-46be-9f5d-d9f9cbbb99f2
IP6_CONFIG_IFR_NVDATA-02eea107-98db-400e-9830-460a1542d799
KEKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
PciBusSetup-ec87d643-eba4-4bb5-a1e5-3f3e36b20da9
PKDefault-8be4df61-93ca-11d2-aa0d-00e098032b8c
SecureBootData-aa1305b9-01f3-4afb-920e-c9b979a852fd
Tcg2ConfigInfo-07a66697-d400-4903-b3da-67a61d2b7058
WIFI_MANAGER_IFR_NVDATA-3441803e-5a88-4941-82f0-858a1085276c
bootctl

systemd-boot not installed in ESP.
No default/fallback boot loader installed in ESP.
System:
      Firmware: n/a (n/a)
 Firmware Arch: x64
   Secure Boot: disabled (unsupported)
  TPM2 Support: yes
  Measured UKI: no
  Boot into FW: not supported

Random Seed:
 System Token: not set
       Exists: no

Available Boot Loaders on ESP:
          ESP: /boot (/dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264)

No boot loaders listed in EFI Variables.

Boot Loader Entry Locations:
          ESP: /boot (/dev/disk/by-partuuid/d44d4398-495b-4837-bdd1-46582746e264, $BOOT)
       config: /boot//loader/loader.conf: No such file or directory
        token: arch

0 entries, no entry could be determined as default.
efibootmgr -v

No BootOrder is set; firmware will attempt recovery

Offline

Pages: 1

Board footer

Powered by FluxBB