The officially official Devuan Forum!

You are not logged in.

#1 2021-01-05 20:45:09

siva
Member
Registered: 2018-01-25
Posts: 282  

Using secure boot

I'm looking to install a Devuan build on a new laptop. I'd like to use secure boot, but have never actually used it before. The official Debian wiki has a lengthy article on it, but I'm having trouble anticipating if I'm following it correctly.

Before going too far (or leaving myself with a broken operating system), I wanted to get some clarification on how to set up secure boot in Devuan. My understanding on how to do so is fragmented. Right now it seems like it'd be similar to:

1. Install Devuan with grub-efi.
2. Boot to the new system.
3. Install shim.
4. Follow the MOK setup procedures.
5. Check with dmesg | grep -i Secure or efibootmgr -v.

Please feel free to correct me if I'm wrong. Wold much rather know now. By the end of this, I'll probably write a DIY article.

Also, if anyone has successfully pulled off secure boot in virtualbox, I'm interested to know how you configured that to work.

Thanks. Happy 2021.

Sources

https://wiki.debian.org/SecureBoot
https://medium.com/@kyleomalley/debian- … 6f3b24218b

Offline

#2 2021-01-05 21:40:02

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Using secure boot

Secure boot should work out of the box for Devuan beowulf with no special configuration needed. Just boot the machine in UEFI mode with Secure Boot enabled and make sure that the target drive has either a GUID partition table (GPT) or no partition table at all.

https://www.debian.org/releases/stable/ … ecure-boot

If you want to pre-partition before installation then use a GPT disk and make sure it has an EFI system partition. I prefer to create the partition table using gdisk, which uses the EF00 code for the ESP. For {g,}parted the "boot,esp" flags should be applied. The FAT filesystem should be used for the ESP but the installer will do that for you and mount it under /boot/efi.


Brianna Ghey — Rest In Power

Offline

#3 2021-01-05 22:25:09

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,486  

Re: Using secure boot

If it doesn't work out of the box, check that the bootloader directory in /boot/efi/EFI/ is named debian. If not, you might need to change ID=devuan to ID=debian in /etc/os-release and then reinstall the bootloader.

Offline

#4 2021-01-05 23:22:30

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Using secure boot

Or just rename the directory and create a new boot entry for it:

# efibootmgr --create --label "Devaun Secure Boot' --disk /dev/sdX --part Y --loader \EFI\debian\shimx64.efi

Replace X & Y with the drive letter & partition number assigned to the EFI system partition. The command assumes this to be /dev/sda1 so those options can be omitted if that is the case.


Brianna Ghey — Rest In Power

Offline

#5 2021-01-06 04:47:32

siva
Member
Registered: 2018-01-25
Posts: 282  

Re: Using secure boot

Head_on_a_Stick wrote:

Secure boot should work out of the box for Devuan beowulf with no special configuration needed. Just boot the machine in UEFI mode with Secure Boot enabled and make sure that the target drive has either a GUID partition table (GPT)...

These are the answers I live for. Thanks to both of you for the advice. Looks like everything is up and running now.

Offline

Board footer