The officially official Devuan Forum!

You are not logged in.

#1 2021-10-24 23:09:34

sverrips
Member
Registered: 2021-10-24
Posts: 3  

Refractasnapshot with secureboot

Why has refractasnaphot no secureboot support ? I have successfull create a refractasnapshot iso with secureboot, but it's stranges there isn't a default support in refactasnapshot.

What I have done, is downloading Linux Mint 20.2 (sorry Devuan users)

Make a new ISO from it with refractasnapshot with holding the files in /home/work (you can set it in /etc/refractasnapshot.conf

Use efi files of the original Linux Mint iso, without the grubx64.efi file from the original Linux Mint iso. Only bootx64.efi and mm64.efi files from de Linux Mint original iso. Put this files in /home/work/efi/boot and in file /home/work/boot/grub/efiboot.efi (you can mount this file and write in it). Take bootx64.efi from /home/work/iso/efi-files and rename it to grubx64.efi. Put it in file /home/work/iso/boot/grub/efiboot.efi and directory /home/work/iso/efi/boot. Make a mok.der and signed grubx64.efi and /home/work/iso/live/vmlinuz with a self created certificate. Put mok.der file in /efi/boot and  in file /boot/efi/efiboot.img and after re-create iso... voila, it will boot in secureboot and it's work by me.

Why doesn't refractasnapshot no make selfsigned certificate and signed the kernel and more ? Why there isn't support secureboot by default ?

It would be nice, if refractasnapshot will support secureboot in the future ! My ISO has now secureboot and is created with the last rerefractasnapshot !

Thanks,

Stephan

Last edited by sverrips (2021-10-24 23:22:19)

Offline

#2 2021-10-25 00:43:25

sverrips
Member
Registered: 2021-10-24
Posts: 3  

Re: Refractasnapshot with secureboot

UPDATE:
For example, I have make a secureboot ISO from devuan 4.0.0 minimal live in 1 hour. See, how it's work and this image is signed. Load MOK.der if the pc (UEFI to validate secureboot) ask to load it. Only grubx64.efi (renamed from bootx64.efi) come from de devuan ISO, the other files bootx64.efi and mm64.efi come from the original Linux Mint iso.

If you extract the iso and put a other devuan 4.0.0 filesystem.squashfs under /home/work/iso/live, (desktop version example), it will work.

Secure boot version of devuan 4.0.0:

https://my.hidrive.com/share/pe-znr0bf4

It's safe, but aways check links !

Stephan

Last edited by sverrips (2021-10-25 00:49:57)

Offline

#3 2021-10-25 15:51:09

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: Refractasnapshot with secureboot

sverrips wrote:

Why there isn't support secureboot by default ?

There are packages in the repositories for a kernel and bootloader signed with Microsoft's own Secure Boot certificates. No need to create your own.


Brianna Ghey — Rest In Power

Offline

#4 2021-10-27 13:26:12

sverrips
Member
Registered: 2021-10-24
Posts: 3  

Re: Refractasnapshot with secureboot

I think, not everyone know's how to do that. So, support for refractasnapshot with secureboot would be nice !

Offline

Board footer