Enroll hash file name
I am a bit confused regarding the following lines:
* In the HashTool main menu, select
Enroll Hash, choose
\loader.efi and confirm with
Yes. Again, select
Enroll Hash and
archiso to enter the archiso directory, then select
vmlinuz-efi and confirm with
Yes. Then choose
Exit to return to the boot device selection menu.
- In the boot device selection menu choose
Arch Linux archiso x86_64 UEFI CD
There is no file vmlinuz-efi in the said directory, there is only efiboot.img. Then, the USB stick actually wants to boot from arch/boot/x86_64/vmlinuz. I am not sure which file I actually had to enroll, it was either archiso.img in that directory or the vmlinuz kernel image. In either case the instruction is not accurate. --Johannes Rohr (talk) 09:03, 5 February 2015 (UTC)
Move to "Unified Extensible Firmware Interface/Secure Boot"
Secure Boot is a feature of UEFI, so the correct place for Secure Boot article would be under Unified Extensible Firmware Interface: Unified Extensible Firmware Interface/Secure Boot. –– nl6720 talk 16:36, 14 August 2016 (UTC)
- While it is true Secure Boot is a UEFI feature, the new name is too long. So I vote for just keep its current name. --Fengchao (talk) 05:09, 25 August 2016 (UTC)
I couldn't add anything to MoKList on my real PC, but everything worked in qemu; it could use more testing. The instructions should theoretically work for rEFInd and GRUB. AFAIK systemd-boot doesn't support shim and trying to launch SYSLINUX resulted in "System is compromised. halting.".
The instruction are for a generic bootloader because I have no interest in installing GRUB, and adding instructions for rEFInd would be pointless since rEFInd has a really simple setup for shim
refind-install --shim /usr/share/shim-signed/shim.efi for hash only and
refind-install --shim /usr/share/shim-signed/shim.efi --localkeys for hash and keys. If anyone is willing to rewrite the instructions to use GRUB as the example bootloader, please do. -- nl6720 (talk) 13:02, 7 December 2016 (UTC)