manuth/PortValhalla
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add explanations on how to enable SecureBoot

Browse source
This commit is contained in:
Manuel Thalmann 2022-11-10 14:21:13 +01:00
parent a92922e79e
commit 12ba7df182
1 changed files with 38 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

38
ManuSurface/ManuSurfaceSetup.md
View file

@ -20,12 +20,50 @@ The steps described here allow the creation of a linux system on a Surface Book
- ```bash - ```bash
sudo apt update sudo apt update
``` ```
- ```bash
sudo apt install linux-image-surface linux-headers-surface iptsd libwacom-surface
```
- ```bash
sudo systemctl enable iptsd
```
- Enable Secure Boot
As seen here: <https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Set_up_shim>
- Implement Secure Boot
- Copy signed Bootloader to UEFI partition:
```bash
wget https://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
wget https://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi
cp {HashTool,PreLoader}.efi /boot/efi/EFI/systemd/
cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/systemd/loader.efi
```
- Add boot entry
```bash
efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "PreLoader" --loader /EFI/systemd/PreLoader.efi
```
- Add fallbacks
```bash
cp ./HashTool.efi /boot/efi/EFI/BOOT/
cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/BOOT/loader.efi
cp ./PreLoader.efi /boot/efi/EFI/BOOT/BOOTx64.EFI
```
- Ensure support for Microsoft infected devices
```bash
mkdir -p /boot/efi/EFI/Microsoft/Boot
cp ./PreLoader.efi /boot/efi/EFI/Microsoft/Boot/bootmgfw.efi
cp ./HashTool.efi /boot/efi/EFI/Microsoft/Boot/
cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/Microsoft/Boot/loader.efi
```
- Install `tea` - Install `tea`
```bash ```bash
wget https://dl.gitea.io/tea/0.9.0/tea-0.9.0-linux-amd64 -O tea wget https://dl.gitea.io/tea/0.9.0/tea-0.9.0-linux-amd64 -O tea
sudo install tea /usr/local/bin sudo install tea /usr/local/bin
rm tea
``` ```
## Enhancement
- Install `Gnome Extension Manager`
- Install Extensions `Clipboard Indicator`
## Post-Install ## Post-Install
- Add SSH-key to GitHub/Gitea websites - Add SSH-key to GitHub/Gitea websites
- Add Caskaydia Cove Nerd Font Regular to /usr/share/font/opentype - Add Caskaydia Cove Nerd Font Regular to /usr/share/font/opentype