Public-Docs/Linux-Docs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Linux-Docs/ArchSetup.md

2.4 KiB
Raw Permalink Blame History

Links: Arch

Secure Boot

If setting up secure boot with EndeavourOS, don't use the preset grub. do it from scratch. The wiki is wrong and your ${GRUB_MODULES} needs to be in ""

Steps

  1. Install grub following the shim-lock info
    • If you do not have any drives with a ZFS filesystem, you should exclude the zfs* modules (As they require the ZFS DKMS Module)
  2. Move grubx64.efi into the esp/EFI/BOOT directory and ensure is has that name.
  3. Follow the steps to setup shim (shim with key), including the mkinicpio hook to automatically sign the kernel on update.
    • If you are using EndeavourOS, you will need to install mkinitcpio and uninstall dracut and eos-dracut
  4. Generate the GRUB config file
    • If you are wanting to dual boot, install os-prober and uncomment GRUB_DISABLE_OS_PROBER=false in /etc/default/grub then regenerate the config
  5. Enable Secure Boot and import your MOK.cer into shim's MOK list.

Note: If you ever re-install the GRUB grubx64.efi file (to get a newer version of GRUB for example), make sure to do so with the modules as described above, and you will need to re-sign the file with sbsign.

Bootable System Snapshots

Setup

Note: For the below to work Arch must be installed on a btrfs filesystem with seperate root (@) and home (@home) subvolumes. (This is the default for EndeavourOS when you select btrfs.) And you must be using GRUB as your bootloader.

  1. Install the following packages:
    • btrfs-progs - Utilies for btrfs
    • grub-btrfs - automatically adds Snapshots to the GRUB menu
    • timeshift - creates and manages snapshots
    • inotify-tools - used by grub-btrfs to spot new snapshots
  2. Open timeshift and go through the setup, I recommend not including @home in snapshots.
  3. Run sudo systemctl edit --full grub-btrfsd and adjust the ExecStart= line to be ExecStart=/usr/bin/grub-btrfsd --syslog --timeshift-auto
  4. Enable grub-btrfs with sudo systemctl enable --now grub-btrfsd
  5. Install timeshift-autosnap from the AUR
  6. Edit the timeshift-autosnap config as desired, but be sure to disable it updating GRUB and that will conflict with grub-btrfs

Usage

See Snapshot Usage

Reference in New Issue View Git Blame Copy Permalink