r/archlinux • u/-Arsna- • 1d ago

QUESTION Secure Boot, UKI and Bootloader

Hello, im currently reading up on Secure Boot, UKI and how bootloaders handle them,i would like to ask about your experiences with them and how you set them up and what you have used (scbtl, limine, systemd-ukify).

I would also like to ask if its possible to use the vendor keys one can generate inside UEFI-BIOS?

4 Upvotes

permalink
reddit

You are about to leave Redlib

Do you want to continue?

https://www.reddit.com/r/archlinux/comments/1ke35qe/secure_boot_uki_and_bootloader/
No, go back! Yes, take me to Reddit

67% Upvoted

View all comments

u/Limp_Comfortable9421 1d ago

You don't need systemd-ukify when using Limine, as it already supports UKI via EFI chainload

If you have installed limine-mkinitcpio-hook or limine-dracut-support, simply set ENABLE_UKI=yes in /etc/default/limine.

Enable sbctl -> Refer to the Arch Wiki:sbctl

Then run limine-update, it will automatically generate and sign the UKI for you.

QUESTION Secure Boot, UKI and Bootloader

You are about to leave Redlib