You are not logged in.
Pages: 1
Why has refractasnaphot no secureboot support ? I have successfull create a refractasnapshot iso with secureboot, but it's stranges there isn't a default support in refactasnapshot.
What I have done, is downloading Linux Mint 20.2 (sorry Devuan users)
Make a new ISO from it with refractasnapshot with holding the files in /home/work (you can set it in /etc/refractasnapshot.conf
Use efi files of the original Linux Mint iso, without the grubx64.efi file from the original Linux Mint iso. Only bootx64.efi and mm64.efi files from de Linux Mint original iso. Put this files in /home/work/efi/boot and in file /home/work/boot/grub/efiboot.efi (you can mount this file and write in it). Take bootx64.efi from /home/work/iso/efi-files and rename it to grubx64.efi. Put it in file /home/work/iso/boot/grub/efiboot.efi and directory /home/work/iso/efi/boot. Make a mok.der and signed grubx64.efi and /home/work/iso/live/vmlinuz with a self created certificate. Put mok.der file in /efi/boot and in file /boot/efi/efiboot.img and after re-create iso... voila, it will boot in secureboot and it's work by me.
Why doesn't refractasnapshot no make selfsigned certificate and signed the kernel and more ? Why there isn't support secureboot by default ?
It would be nice, if refractasnapshot will support secureboot in the future ! My ISO has now secureboot and is created with the last rerefractasnapshot !
Thanks,
Stephan
Last edited by sverrips (2021-10-24 23:22:19)
Offline
UPDATE:
For example, I have make a secureboot ISO from devuan 4.0.0 minimal live in 1 hour. See, how it's work and this image is signed. Load MOK.der if the pc (UEFI to validate secureboot) ask to load it. Only grubx64.efi (renamed from bootx64.efi) come from de devuan ISO, the other files bootx64.efi and mm64.efi come from the original Linux Mint iso.
If you extract the iso and put a other devuan 4.0.0 filesystem.squashfs under /home/work/iso/live, (desktop version example), it will work.
Secure boot version of devuan 4.0.0:
https://my.hidrive.com/share/pe-znr0bf4
It's safe, but aways check links !
Stephan
Last edited by sverrips (2021-10-25 00:49:57)
Offline

Why there isn't support secureboot by default ?
There are packages in the repositories for a kernel and bootloader signed with Microsoft's own Secure Boot certificates. No need to create your own.
Brianna Ghey — Rest In Power
Offline
I think, not everyone know's how to do that. So, support for refractasnapshot with secureboot would be nice !
Offline
Pages: 1