So, I’ve installed Manjaro quite while ago, and I let secure boot disabled during installation. Dang! Is there a way to keep (most of) my system and enable secure boot and LUKS after the fact?
So, I’ve installed Manjaro quite while ago, and I let secure boot disabled during installation. Dang! Is there a way to keep (most of) my system and enable secure boot and LUKS after the fact?
I had it scripted at some point - this is the file
Good luck!
That’s a 404 …
My bad, private repo. Here’s the content:
#!/bin/zsh # 2022.09.26 # Generate dracut --quiet --zstd --kver 6.0.2-gentoo --filesystems btrfs --early-microcode --uefi --uefi-splash-image $HOME/Nextcloud/Pictures/gentoo.full.height.nvme.bmp --uefi-stub /usr/lib/systemd/boot/efi/linuxx64.efi.stub --no-machineid --stdlog 4 --force --kernel-cmdline "rd.luks=1 rd.lvm=0 rd.md=0 rd.dm=0 rd.fstab=1 root=UUID=f5f8d75d-8aa8-4cea-83f9-3489a92a23e0 rd.luks.key=/luks.key:UUID=8E55-4050 rd.luks.uuid=5f5ab8ff-f1ea-4c09-960a-73f9bf5b7698 rootflags=noatime,discard=async,subvol=@snapshots/root/2022-10-18_102847 rootfstype=btrfs quiet delayacct i915.enable_guc=3" # Sign sbsign --key secure-boot/db.key --cert secure-boot/db.crt --output /boot/EFI/Linux/linux-6.0.2-gentoo.signed.efi /boot/EFI/Linux/linux-6.0.2-gentoo.efi # Change boot order efibootmgr --create --disk /dev/sdb --loader EFI/Linux/linux-6.0.2-gentoo.signed.efi --label Gentoo-6.0.2-signed --part 3 --verboseI have since replaced the hardcoded values with variables, but evidently haven’t pushed the changes to gitlab. Having said that - not having variables might make it easier to understand in this case.