Arch Linux UEFI and Secure Boot Guide

Complete beginner-friendly guide to UEFI and Secure Boot on Arch Linux, including UEFI setup, Secure Boot configuration, and key management.

---

Table of Contents

1. UEFI Basics
2. Secure Boot Setup
3. Key Management
4. Troubleshooting

---

UEFI Basics

Check UEFI

Verify UEFI:

# Check if UEFI
ls /sys/firmware/efi

# Check boot mode
efivar -l

UEFI Variables

List variables:

# List variables
efivar -l

# Read variable
efivar -n VariableName

---

Secure Boot Setup

Install sbctl

Install sbctl:

# Install sbctl
sudo pacman -S sbctl

# Check status
sudo sbctl status

Create Keys

Create keys:

# Create keys
sudo sbctl create-keys

# Enroll keys
sudo sbctl enroll-keys

Sign Kernel

Sign kernel:

# Sign kernel
sudo sbctl sign -s /boot/vmlinuz-linux

# Sign initramfs
sudo sbctl sign -s /boot/initramfs-linux.img

---

Key Management

Microsoft Keys

Enroll Microsoft keys:

# Enroll Microsoft keys
sudo sbctl enroll-keys --microsoft

Custom Keys

Use custom keys:

# Create custom keys
sudo sbctl create-keys

# Enroll
sudo sbctl enroll-keys

---

Troubleshooting

Secure Boot Not Working

Check status:

# Check Secure Boot
sudo sbctl status

# Verify keys
sudo sbctl verify

---

Summary

This guide covered UEFI, Secure Boot setup, and key management.

---

Next Steps

• Arch Linux Bootloader Configuration - Bootloader
• Arch Linux Installation Guide - Installation
• ArchWiki UEFI: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface

---

This guide is based on the ArchWiki. For the most up-to-date information, always refer to the official ArchWiki.