You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2021-01-05 20:45:09
- siva
- Member
- Registered: 2018-01-25
- Posts: 282
Using secure boot
I'm looking to install a Devuan build on a new laptop. I'd like to use secure boot, but have never actually used it before. The official Debian wiki has a lengthy article on it, but I'm having trouble anticipating if I'm following it correctly.
Before going too far (or leaving myself with a broken operating system), I wanted to get some clarification on how to set up secure boot in Devuan. My understanding on how to do so is fragmented. Right now it seems like it'd be similar to:
1. Install Devuan with grub-efi.
2. Boot to the new system.
3. Install shim.
4. Follow the MOK setup procedures.
5. Check with dmesg | grep -i Secure or efibootmgr -v.
Please feel free to correct me if I'm wrong. Wold much rather know now. By the end of this, I'll probably write a DIY article.
Also, if anyone has successfully pulled off secure boot in virtualbox, I'm interested to know how you configured that to work.
Thanks. Happy 2021.
Sources
https://wiki.debian.org/SecureBoot
https://medium.com/@kyleomalley/debian- … 6f3b24218b
Offline
#2 2021-01-05 21:40:02
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Using secure boot
Secure boot should work out of the box for Devuan beowulf with no special configuration needed. Just boot the machine in UEFI mode with Secure Boot enabled and make sure that the target drive has either a GUID partition table (GPT) or no partition table at all.
https://www.debian.org/releases/stable/ … ecure-boot
If you want to pre-partition before installation then use a GPT disk and make sure it has an EFI system partition. I prefer to create the partition table using gdisk, which uses the EF00 code for the ESP. For {g,}parted the "boot,esp" flags should be applied. The FAT filesystem should be used for the ESP but the installer will do that for you and mount it under /boot/efi.
Brianna Ghey — Rest In Power
Offline
#3 2021-01-05 22:25:09
- fsmithred
- Administrator
- Registered: 2016-11-25
- Posts: 2,486
Re: Using secure boot
If it doesn't work out of the box, check that the bootloader directory in /boot/efi/EFI/ is named debian. If not, you might need to change ID=devuan to ID=debian in /etc/os-release and then reinstall the bootloader.
Offline
#4 2021-01-05 23:22:30
- Head_on_a_Stick
- Member
- From: London
- Registered: 2019-03-24
- Posts: 3,125
- Website
Re: Using secure boot
Or just rename the directory and create a new boot entry for it:
# efibootmgr --create --label "Devaun Secure Boot' --disk /dev/sdX --part Y --loader \EFI\debian\shimx64.efiReplace X & Y with the drive letter & partition number assigned to the EFI system partition. The command assumes this to be /dev/sda1 so those options can be omitted if that is the case.
Brianna Ghey — Rest In Power
Offline
#5 2021-01-06 04:47:32
- siva
- Member
- Registered: 2018-01-25
- Posts: 282
Re: Using secure boot
Secure boot should work out of the box for Devuan beowulf with no special configuration needed. Just boot the machine in UEFI mode with Secure Boot enabled and make sure that the target drive has either a GUID partition table (GPT)...
These are the answers I live for. Thanks to both of you for the advice. Looks like everything is up and running now.
Offline
Pages: 1
