วีดีโอ

Well, your audio is of a poor quality, even at 140% I can't hear you well. Another thing is that you are using a virtual machine. And anything that you do in a virtual machine is not the same as bare metal

Hi @Walian, is there a reason why you didnt specify /boot in the beginning, only EFI and the encrypted LUKS?

This video is a life saver

Very cool! Hope to try this out soon.

forgot the fstab at the first reboot

Would this work with a Win 10 dual boot?

Thank you man! <3 Everything works!

Thats useless...

#default_config="/etc/mkinitcpio.conf" default_image="/boot/initramfs-linux.img" #default_uki="/efi/EFI/Linux/arch-linux.efi" #default_options="--splash /usr/share/systemd/bootctl/splash-arch.bmp" i cant add :((

Thank you so much, it worked

Love this! Do you know if this works with Plymouth as well instead of the splash you have there?

i use MX Linux, is there a way to enable DoT without systemd?

Great video, thanks for sharing!

your blogpost brings an error Invalid SSL certificate Error code 526

This is awesome, thank you!

Such an amazing tutorial, this work so well! I only wonder how I end up not having to configure my fstab, and the Arch bootsplash without plymouth? What kind of sorcery is this? Anyway, it's perfect, thanks a lot!

Whenever I try to use systemd boot I need to manually specify root in kernel parameters, if you are having trouble booting this could be your issue.

I don't know how I'd not seen this video till now... This just demonstrated all the things I've been wanting of my arch install.

F legend! The one tutorial that works. Working on my gigabyte b360 and intel cpu.

And linux boot manager only gets me to windows 11

I just bricked my system by omitting -m. What do I do?

can a cryptenrol password be added to the script for not prompting password for decrypting?

My laptop has pre-installed windows. Doing this won't effect it right?

Hi I'm getting failed to parse pem block when try to enroll keys or reset

why do you only have 300 subs

that was very helpfull. thank you!

Don't forget to enroll efi image (/efi/EFI/BOOT/BOOTX64.EFI) on your bios settings right after rebooting from signing .efi files. I dunno if this just went right over my head or what but I was stumped for an entire week wondering why secure boot wouldn't work :P

will it work if i use dual boot

Little disclaimer about security with dracut and tpm as the tpm happily tells you the key in the rescue shell

im getting "/efi/EFI/Linux/arch-linux.efi does not exist" error..

Bruh... Thank you so much for this !!!

Thanks for making this video working with Kali Linux but I can't get windows 11 on boot menu.

Tysm ❤

after I type bootctl install it says mount point /boot which backs the random seed file is world accessible, which is a security hole and random seed file '/boot/loader/random-seed is world accessible which is a security hole

Bro which command to run vmlinuz one or default uki one i am confused as one guy here said his pc died after this command , when j boot through refind i see vmlinuz there for my arch linux it means i use the vmlinuz one?

Final word on MSI motherboard. They're made it pretty difficult to actually get into Secure Boot. While I though I was actually in Secure Boot previously, when I set 'Maximum Security', I was uable to boot into Arch Linux. I rechecked available information on the net and am now booting into Arch with Secure Boot and TPM2 integration. One question though - after the Arch Linux boot splash screen, I get the following error message on the screen - [FAILED] Failed to start Virtual Cons9le Setup - which is printed three times. Does anyone know how to resolve this issue? I triple-checked the files I created while following Walian's instructions, but they are all good. It still boots into Arch Linux, so my assumption is that everything is good. I appreciate any and all responses.

I might be missing something, but doesn't adding -m option to sbctl create a vector for an evil maid attack? that is, if an attacker gains access to the hard drive, he can add a windows bootloader, boot windows, and request tpm to give him a luks unlock key?

Thansk you! I'll use it in my packer to complete the templante install.

Walian, thanks for this guide. I got everything set up on a notebook computer, but as it doesn't have TPM, at least I was able to get Secure Boot done. I also have a midtower I built, with an MSI MEG X570 Unify motherboard. I was having some issues with Setup Mode, then thought to update the BIOS, and voila! I didn't have to create the keys or anything. sbctl indicates that Secure Boot is enabled, with the Microsoft keys, so I'm good to go. Thanks again for your guide on this.

Do NOT follow this guide if you're not sure what you're doing.

Ideal setup fr But I have some questions 1. Is it possible to have a separate /home partition independently from the linuxroot? Ideally encrypted as well 2. Is it possible to have the secure boot and uki kernel with the zen/lts kernel? 3. Are plymouth boot animations possible? lol

are you doing this on quemu?

Great vid. One thing, don't endorse doing partial updates with pacman -Sy sbctl.

bro, I'm begging you, helpe to do it with two disks, I'm so depressed trying it on my own, I can't do it

Failed to start Switch Root.🤷‍♂️

I’m getting a file is immutable. I clear the secure boot keys and put it in setup mode. Edit: sbctl verify | sed 's/✗ /sbctl sign -s /e' This command allowed me to sign my files and fix my error.

Well explained. For Debian family systems, you may still need to comment nameservers line in /etc/network/interfaces or some yaml file in /etc/netplan

What if I were to use archinstall and set the file system to be btrfs and enable LUKS encryption during setup? Would it perform the same steps done prior to chrooting?

Good video. Big thanks! I use and like Manjaro :)

for me decrypting the disk takes long (2 minutes) any idea why? I tried a shorter password already