Public-Docs/Linux-Docs
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
Linux-Docs/ArchSetup.md

36 lines
2.4 KiB
Markdown
Raw Permalink Blame History

Links:
[Arch](Arch.md)
## Secure Boot
If setting up secure boot with EndeavourOS, don't use the preset grub. do it from scratch.
The wiki is wrong and your ${GRUB_MODULES} needs to be in ""
### Steps
1. [Install grub following the shim-lock info ](https://wiki.archlinux.org/title/GRUB#Shim-lock)
- If you do not have any drives with a ZFS filesystem, you should exclude the zfs* modules (As they require the ZFS [DKMS](https://wiki.archlinux.org/title/DKMS) Module)
2. Move `grubx64.efi` into the `esp/EFI/BOOT` directory and ensure is has that name.
3. [Follow the steps to setup shim](https://wiki.archlinux.org/title/Secure_Boot#Set_up_shim) (shim with key), including the mkinicpio hook to automatically sign the kernel on update.
- If you are using EndeavourOS, you will need to install `mkinitcpio` and uninstall `dracut` and `eos-dracut`
4. [Generate the GRUB config file](https://wiki.archlinux.org/title/GRUB#Generate_the_main_configuration_file)
- If you are wanting to dual boot, install `os-prober` and uncomment `GRUB_DISABLE_OS_PROBER=false` in `/etc/default/grub` then regenerate the config
5. Enable Secure Boot and import your MOK.cer into shim's MOK list.
**Note:** If you ever re-install the GRUB `grubx64.efi` file (to get a newer version of GRUB for example), make sure to do so with the modules as described above, and you will need to re-sign the file with `sbsign`.
## Bootable System Snapshots
### Setup
**Note:** For the below to work Arch must be installed on a btrfs filesystem with seperate root (@) and home (@home) subvolumes. (This is the default for EndeavourOS when you select btrfs.) And you must be using GRUB as your bootloader.
1. Install the following packages:
- `btrfs-progs` - Utilies for btrfs
- `grub-btrfs` - automatically adds Snapshots to the GRUB menu
- `timeshift` - creates and manages snapshots
- `inotify-tools` - used by grub-btrfs to spot new snapshots
2. Open timeshift and go through the setup, I recommend not including @home in snapshots.
3. Run `sudo systemctl edit --full grub-btrfsd` and adjust the `ExecStart=` line to be `ExecStart=/usr/bin/grub-btrfsd --syslog --timeshift-auto`
4. Enable grub-btrfs with `sudo systemctl enable --now grub-btrfsd`
5. Install `timeshift-autosnap` from the AUR
6. Edit the timeshift-autosnap config as desired, but be sure to disable it updating GRUB and that will conflict with `grub-btrfs`
### Usage
See [Snapshot Usage](Arch.md#snapshot-usage)
Reference in New Issue View Git Blame Copy Permalink