Need help with Bazzite + rEFInd Secure Boot
I’m currently struggling to get Bazzite working together with secure boot and refind. When enabled, I get secure key warnings, even after enrolling secure key prior to refind install.
I’ve managed to understand that I might need to shim something during the install to make it play nice with secure boot. But I can’t for the life of me figure it out.
Please help! 🫠
Its for an AM5 based desktop.
10 Replies
Have followed this guide: https://github.com/aarron-lee/legion-go-tricks and found somewhere an old Reddit thread where someone suggested to add a —shim argument at step #5, but can’t get it to work
GitHub
GitHub - aarron-lee/legion-go-tricks: Guides, Tricks, and Tips to g...
Guides, Tricks, and Tips to get the Legion Go running best on Linux - aarron-lee/legion-go-tricks
https://www.reddit.com/r/LegionGo/comments/1atag1z/comment/kqw3y05/?utm_source=share&utm_medium=web2x&context=3 this is the other guide ive tried to follow with no success
Reddit
Yelloris's comment on "LGO dual boot + gyro aiming + desktop showca...
Explore this conversation and more from the LegionGo community
Sorry for the bump but Did you see ever get this working @PixelOaf
I think I did. Eventually moved to Grub to spare my mind. But let me see if I can find my notes
… install rEFInd as per the guide above then follow as per my terminal commands
sudo find / name “refind.cer”
sudo refind-install —shim /boot/efi/EFI/fedora/shimx64.efi
sudo cp /etc/refind.d/keys/refind.cer /boot/efi/EFI/refind/ the cp directory should match up with the one you saw when using the prior find prompt
Confirm that the certificate can be found in your rEFInd directory with sudo ls /boot/efi/EFI/refind
sudo mokutil -i /boot/efi/EFI/refind/refind.cer
Then you should be good to go and do a sudo reboot
Hope it helps 🙂thanks! i wasnt able to find a
refind.cer file
from what I understand sudo refind-install —shim /boot/efi/EFI/fedora/shimx64.efi should create it for you if you have openssl (which bazzite does) and sbsigntools (which i installed the rpm)It should but due to the immutable nature o Bazzite, I couldn’t get that way to work. Refind already comes with its own certificate which you can use as per the commands, which eliminates the requirement to sign your own
Make sure that you follow the guide for legion-go found above and then reboot after install. then you should be able to find a refind.cer with the command. If i understood your problem correctly
Ahh looks like the rEFInd package in the fedora repos don't include the key (which is strange especially since there is a rEFInd-unsinged and a normal rEFInd obviously I picked the normal one unless the unsigned one has the keys?)
You need to specifically use the rpm from the source forge
Ah well glad you figured that one out
hmm its still giving me a unsigned error looking at
sbverify it seems not all the componets of refind are signed correctly
specficly the ext4 driver and the refind loader renamed as grub64.efi (the refind install scripts seems to rename the refind loader to grub to workaround a bug in shimx64 acording to the docs)
got it to work by following https://github.com/jlobue10/rEFInd_GUI#secure-boot-considerations :party: