Add explanations on how to enable SecureBoot

This commit is contained in:
Manuel Thalmann 2022-11-10 14:21:13 +01:00
parent a92922e79e
commit 12ba7df182

View file

@ -20,12 +20,50 @@ The steps described here allow the creation of a linux system on a Surface Book
- ```bash
sudo apt update
```
- ```bash
sudo apt install linux-image-surface linux-headers-surface iptsd libwacom-surface
```
- ```bash
sudo systemctl enable iptsd
```
- Enable Secure Boot
As seen here: <https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Set_up_shim>
- Implement Secure Boot
- Copy signed Bootloader to UEFI partition:
```bash
wget https://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
wget https://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi
cp {HashTool,PreLoader}.efi /boot/efi/EFI/systemd/
cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/systemd/loader.efi
```
- Add boot entry
```bash
efibootmgr --unicode --disk /dev/nvme0n1 --part 0 --create --label "PreLoader" --loader /EFI/systemd/PreLoader.efi
```
- Add fallbacks
```bash
cp ./HashTool.efi /boot/efi/EFI/BOOT/
cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/BOOT/loader.efi
cp ./PreLoader.efi /boot/efi/EFI/BOOT/BOOTx64.EFI
```
- Ensure support for Microsoft infected devices
```bash
mkdir -p /boot/efi/EFI/Microsoft/Boot
cp ./PreLoader.efi /boot/efi/EFI/Microsoft/Boot/bootmgfw.efi
cp ./HashTool.efi /boot/efi/EFI/Microsoft/Boot/
cp /boot/efi/EFI/systemd/systemd-bootx64.efi /boot/efi/EFI/Microsoft/Boot/loader.efi
```
- Install `tea`
```bash
wget https://dl.gitea.io/tea/0.9.0/tea-0.9.0-linux-amd64 -O tea
sudo install tea /usr/local/bin
rm tea
```
## Enhancement
- Install `Gnome Extension Manager`
- Install Extensions `Clipboard Indicator`
## Post-Install
- Add SSH-key to GitHub/Gitea websites
- Add Caskaydia Cove Nerd Font Regular to /usr/share/font/opentype