Arch efi install [solved]

sorry to post this, but i really am pulling my hair for quite sometime.

i was able to secure boot into the efi front end of an arch usb install, but yorked it. i selected the wrong hash install. but then the process took me back that menu and i did it correctly. i now get the efi boot menu, but when arch takes me to the install shell i enter efivars -l and it says, "Function not implemented"

1) i remade the installer and i still went directly to the efi menu
2) i removed the keys in my uefi

still i do not get back to the install hash menu.

why is this so confusing? i'm following the wiki and i know that yorking the hash has to have a work around.

sorry and thanks for dealing with my retardedness.

Have you visited the Arch Wiki? It's pretty good. I understand your woes Arch is unforgiving, but it will give you a sense of achievement once you sorted it out.

Link: https://wiki.archlinux.org/index.php/Beginners'_guide

i've been an arch user for years and am all over the wiki. the only thing i can find has to do with mounting and unmounting efi partitions, but i am just at the beginning of the install and the only parts that should be mounted is the usb stick. which it is since i am at the zsh and secure boot is enabled. i used gparted to create my parts with the 512MB EF00 part and a / and swap since this machine has 4GB.

i could not understand why the efivars did not work. this is my first efi install.

i've been using linux since 1999.

i'm installing like i normally do expect following the gummiboot path now.

i am just doing this to install arch on a secure boot setup. the board is an h97 chipset and a relatively recent firmware version. maybe it will work maybe it won't but if it does work, the arch wiki is wrong.

i knew better than asking a dadblamed arch question! this is all poettering's fault, that selfie taking narcissist! <- humor there is no wiki for that. :-D

besides where in the beginner's guide does it say to enter noatime and discard in fstab for ssds? nowhere, it's somewhere else is where it is. is there a link to it, NO! ... i need a beer and a violin!! hahahahahahaha

You need to read this and this.
Or turn Secure boot off if you get too frustrated.

2 Likes

i seem to be getting along now. i created the 'bios boot' and 'efi system' parts. hopefully this go around will work. pressh on the help!

love the avatar btw!

why does lsblk -f say the BIOS boot is ext4, when in fdisk i changed it to BIOS boot?

we have arch linux securely booted. why? well... that's a whole nuther subject.

1st issue was how to install the hash from the boot usb stick. 2nd ignore the efivars output... i would have really suffered have i not used arch for some time now.

installing the hash, In the HashTool main menu, select Enroll Hash, choose \loader.efi and confirm with Yes. Again, select Enroll Hash and then (../) to enter the archiso directory, then select vmlinuz-efi and confirm with Yes. Then choose Exit to return to the boot device selection menu. i messed this up due to some wording issues, but the ../ up directory entry was the thing to do. luckily if you york this it will return you to it after a couple of failures. this did lead to some confusion with the efivars command... keep reading.

the thing in the wiki that was not good was that "> efivars -l" said i was not in a secured boot or something to that effect after installing the hash file, but the uefi was set to secure boot and the menu showed me the correct boot options, so onward my good fellow. not sure what that was about...

i was able to make the efi partition correctly in fdisk not parted as the wiki showed, but i made mine 512MB instead of 100MB as per the wiki. i'm sure parted works. the imprtant thing is make sure to mount the /boot directory in that efi partition formatted as fat32 or something very smiliar to this, mind you this is just a reference.
mkfs.vfat -F32 /dev/sdxZ
mkdir -p /mnt/boot
mount /dev/sdxZ /mnt/boot, where sdxZ is the efi system mine was sda2.

...also the 'BIOS boot' partition of 1M that wendell made in his nuc video was made with ext4 on my system even after assigning it the correct hex code in fdisk. i say that because '> lsblk -f' says it was ext4. i've never made a partition of that type so i am ignorant to it's function. googling didn't help much. maybe it needs to be ext4, but i what i gathered it was supposed to be an unformatted partition.

anyway, if you found yourself here trying to boot arch in a secure boot environ, then you're not crazy, it's convoluted. your milage may vary.

i made 4 partions with a GPT table.
1 bios boot
2 efi system
3 / (ext4 20GB of a 128GB ssd)
4 swap (i only have 4GB of ram on the test rig, so i made this 4GB as well)

but the thing about gpt and i guess i could do this with mbr, is supposedly i can now have 124 more partitions to put test installs on and gummi or efi is supposed to detect the install and place it into the efi boot menu. i am not holding my breath on that one. anyway, probably no one will look at this and correct my mistakes... so good luck!

cheers.

ps: it takes longer to boot (from 4 seconds to 8) and now i cannot clone the disk. i'm not sure if i care for efi at all.

Sounds like you had more success than me when I tried last month - I ended up with a system that wouldn't boot at all and I had to pop out the battery to get the bios to reset so it would boot again. Why do I always start these things when I should really be going to sleep too...

Glad you got it working.
You can blame Microsoft for the shite state of affairs known as UEFI.

I must admit to taking the lazy "Secure boot off" option for Linux. UEFI is a nice idea, but as it's not that secure anyway seems more trouble than it's worth. I find disk encryption works for me as a means of keeping my laptop data safe. Again, not totally secure just easier to implement.

1 Like

yeah i went back to disabling secure boot. i might try it again with systemd-boot, but for now old school mbr is working best in my situation. i heard the ubuntu based clonezilla will image a gpt drive, but i didn't want to pile up anything else, since i have a pretty good system for my test rig and the old addage if isn't broke do not fix it. also my test images are all mbr. at least i know how to do it and if someone wants their locked uefi to boot linux, i can break them from the shackles of the new apple want-to-bes, that being microsoft.

what i found amazing was that efi/gpt doubled my boot time and i am talking about booting to bash instead of sddm, which is currently on the bench. i have images with gnome and mate as well. boot time from the arch boot menu to sddm login is 4 seconds with mbr. then to bash in the gpt setup is 8 seconds, hm. not much, but i figured it would have been better. maybe the overhead of the keys or the efi partition maybe? drive is a corsair 256GB lx. i need the plextor m.2 pci-e 2x2 in that puppy.

i was worried that the keys on my motherboard would york, but then i thought wth. i had a 6 pack of courage going on... hehe windows changes the bios anyway, if you don't designate universal time in the registry it changes the clock to local time. with that logic, i figured it would write the boot keys too. also i already have wintendo on another pc, so i cleared the keys. what i could never understand was that once i got the hashes installed from the arch usb installer, i could not get the boot stick to go back to doing that again. even after i deleted the keys in the uefi "key manager" and dd'ed a new installer, this all happened before i changed the disk to gpt. so there is still much i have no idea of what is going on in secure boot.