Links: [Arch](Arch.md) ## Secure Boot If setting up secure boot with EndeavourOS, don't use the preset grub. do it from scratch. The wiki is wrong and your ${GRUB_MODULES} needs to be in "" ### Steps 1. [Install grub following the shim-lock info ](https://wiki.archlinux.org/title/GRUB#Shim-lock) - If you do not have any drives with a ZFS filesystem, you should exclude the zfs* modules (As they require the ZFS [DKMS](https://wiki.archlinux.org/title/DKMS) Module) 2. Move `grubx64.efi` into the `esp/EFI/BOOT` directory and ensure is has that name. 3. [Follow the steps to setup shim](https://wiki.archlinux.org/title/Secure_Boot#Set_up_shim) (shim with key), including the mkinicpio hook to automatically sign the kernel on update. - If you are using EndeavourOS, you will need to install `mkinitcpio` and uninstall `dracut` and `eos-dracut` 4. [Generate the GRUB config file](https://wiki.archlinux.org/title/GRUB#Generate_the_main_configuration_file) - If you are wanting to dual boot, install `os-prober` and uncomment `GRUB_DISABLE_OS_PROBER=false` in `/etc/default/grub` then regenerate the config 5. Enable Secure Boot and import your MOK.cer into shim's MOK list. **Note:** If you ever re-install the GRUB `grubx64.efi` file (to get a newer version of GRUB for example), make sure to do so with the modules as described above, and you will need to re-sign the file with `sbsign`. ## Bootable System Snapshots ### Setup **Note:** For the below to work Arch must be installed on a btrfs filesystem with seperate root (@) and home (@home) subvolumes. (This is the default for EndeavourOS when you select btrfs.) And you must be using GRUB as your bootloader. 1. Install the following packages: - `btrfs-progs` - Utilies for btrfs - `grub-btrfs` - automatically adds Snapshots to the GRUB menu - `timeshift` - creates and manages snapshots - `inotify-tools` - used by grub-btrfs to spot new snapshots 2. Open timeshift and go through the setup, I recommend not including @home in snapshots. 3. Run `sudo systemctl edit --full grub-btrfsd` and adjust the `ExecStart=` line to be `ExecStart=/usr/bin/grub-btrfsd --syslog --timeshift-auto` 4. Enable grub-btrfs with `sudo systemctl enable --now grub-btrfsd` 5. Install `timeshift-autosnap` from the AUR 6. Edit the timeshift-autosnap config as desired, but be sure to disable it updating GRUB and that will conflict with `grub-btrfs` ### Usage See [Snapshot Usage](Arch.md#snapshot-usage)