On 2023-07-17 09:29 PM, Sergey Filatov wrote:
So the boot sequence in my case is this:
EFI -> shim -> MOK-signed GRUB2 with MOK-signed modules -> MOK-signed Linux kernel
From what I've learned you don't need shim at all, you can boot a signed grub and kernel directly. Apparently you can chainload Windows using shim because it's an MS signed binary but I never got it to work. If you just want Linux to boot have a look at: https://www.reddit.com/r/archlinux/comments/10pq74e/my_easy_method_for_setti... My general method was: - Get UEFI boot working first - Delete all the secure boot keys from your BIOS, ensure setup mode is enabled - Boot and set up and sign everything with sbctl - Enable secure boot in the BIOS, boot - If it doesn't work, enter your BIOS, delete all the keys and go to setup mode again - Try again Cheers. P.S. Always use --disable-shim-lock when installing grub -- Simon Perry (aka Pezz)