From 12ba7df182ea4fc36cbac91a7f3f770c0fd78943 Mon Sep 17 00:00:00 2001
From: Manuel Thalmann <m@nuth.ch>
Date: Thu, 10 Nov 2022 14:21:13 +0100
Subject: [PATCH] Add explanations on how to enable  SecureBoot

---
 ManuSurface/ManuSurfaceSetup.md | 38 +++++++++++++++++++++++++++++++++
 1 file changed, 38 insertions(+)

diff --git a/ManuSurface/ManuSurfaceSetup.md b/ManuSurface/ManuSurfaceSetup.md
index 378848a3..4f3e0291 100644
--- a/ManuSurface/ManuSurfaceSetup.md
+++ b/ManuSurface/ManuSurfaceSetup.md
@@ -20,12 +20,50 @@ The steps described here allow the creation of a linux system on a Surface Book
     - ```bash
       sudo apt update
       ```
+    - ```bash
+      sudo apt install linux-image-surface linux-headers-surface iptsd libwacom-surface
+      ```
+    - ```bash
+      sudo systemctl enable iptsd
+      ```
+  - Enable Secure Boot  
+    As seen here: <https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Set_up_shim>
+    - Implement Secure Boot
+      - Copy signed Bootloader to UEFI partition:  
+        ```bash
+        wget https://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
+        wget https://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi
+        cp {HashTool,PreLoader}.efi /boot/efi/EFI/systemd/
+        cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/systemd/loader.efi
+        ```
+      - Add boot entry  
+        ```bash
+        efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "PreLoader" --loader /EFI/systemd/PreLoader.efi
+        ```
+      - Add fallbacks  
+        ```bash
+        cp ./HashTool.efi /boot/efi/EFI/BOOT/
+        cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/BOOT/loader.efi
+        cp ./PreLoader.efi /boot/efi/EFI/BOOT/BOOTx64.EFI
+        ```
+      - Ensure support for Microsoft infected devices  
+        ```bash
+        mkdir -p /boot/efi/EFI/Microsoft/Boot
+        cp ./PreLoader.efi /boot/efi/EFI/Microsoft/Boot/bootmgfw.efi
+        cp ./HashTool.efi /boot/efi/EFI/Microsoft/Boot/
+        cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/Microsoft/Boot/loader.efi
+        ```
   - Install `tea`
     ```bash
     wget https://dl.gitea.io/tea/0.9.0/tea-0.9.0-linux-amd64 -O tea
     sudo install tea /usr/local/bin
+    rm tea
     ```
 
+## Enhancement
+  - Install `Gnome Extension Manager`
+    - Install Extensions `Clipboard Indicator`
+
 ## Post-Install
   - Add SSH-key to GitHub/Gitea websites
   - Add Caskaydia Cove Nerd Font Regular to /usr/share/font/opentype