@Ernie, how hard is it switching to rEFInd?
Well don’t I feel dumb. LMDE installed a separate GRUB instance in Firmware of the machine I thought was infected with the “Redmond Worm” of Aug 2024. But it didn’t for some reason make that the default, and when I switched to that one, voila! Boots just fine with LMDE Faye in SB Mode! Now how to make that one the default, I know little about “fwupdate” magic, any magicians on this thread? I know it can be done with Windows mojo, but I’m drifting further from that every day as FOSS gets smoother and gives me back a lot of the power Windows took away trying to be more “Cupertino-like” and stay a step ahead of the state actors and their 0-day nonsense!
Almo,
I’m unsure about what to suggest. I attempted to install LMDE6 here, but I had to disable SB to run it after installation. Since Debian 12 supports SB, I don’t understand why LMDE6 doesn’t appear to. There is a tool named sbctl that automates signing/enrolling bootloaders and kernel images, and configuring a system hook to sign kernel image updates, but it’s not available in the Debian/LMDE repositories, and I was unable to build it from source using the sources from its GitHub page. You may get better results by installing Debian 12, with the Cinnamon desktop environment (DE).
I hope this helps,
Ernie
1 Like
Try virt-manager. It is the one best suited to Linux. It uses QEMU/KVM.
Why not simply disable SB? To me it does not seem to do anything useful.
3 Likes
I think there are three routes to get both distros of LM (Deb-based and Ubu-based) booting correctly under SB:
- Simply switch using a “pre-boot” key to switch firmware installers. On my Lenovo IdeaPad it’s F12 – and there’s a EFI BIOS setting to say which boot manager is default. Then all OSes with the same shimx64.efi are bootable. An extra step, but SB is happy and no security bar is lowered.
- Roll your own MOK key, as detailed in Rod Smith’s wonderful series on SB and UEFI, now some 12 years old, but seemingly being kept updated, at least till the SBAT debacle of last month.
- Another approach is chain loading a different key if you use GRUB, detailed in this post by Rod: Managing EFI Boot Loaders for Linux: Using GRUB 2 in the section “Configuring Grub 2”
You can create custom GRUB 2 boot stanzas by editing the /etc/grub.d/40_custom file. If you want to add an entry for a Linux distribution other than the one that installed GRUB 2, you can cut-and-paste an existing entry from the /boot/grub/grub.cfg file and modify it to suit your needs. If you want to chainload another EFI boot loader, the following may serve as a useful starting point:
menuentry “Windows 10” {
insmod part_gpt
insmod chain
set root=‘(hd0,gpt1)’
chainloader /EFI/Microsoft/Boot/bootmgfw.efi
}
In theory, this example should chainload to the Windows 10 boot loader on the ESP (partition 1 on the first hard disk). In practice, both my experience and posts I’ve seen in online forums suggest that entries like this are hit-or-miss—what works well on one system fails miserably on another.
- Finally, you can lower the bar a bit and keep Windows happy too, with this technique of “semi-disabling” SB for all Linuxes, this approach worked for me to get boots recognized by update-grub scanos able to “survive” SB: Managing EFI Boot Loaders for Linux: Dealing with Secure Boot
1 Like
Seems to work two different ways on two different laptops, this worked on one and wasn’t needed on t’other!
Indeed, my primary desktop (Fedora 40) has VMs for both Windows 10 and macOS 10.15.7 — the latter was a 2-week ordeal, and I can’t upgrade to macOS 11 or higher without graphical corruption (which sucks now that 10.15 is end-of-life and no longer supported by Homebrew), but they serve well enough for when I need access to The Other Side™.
Helps that the machine has 20GB of RAM. Don’t try that with less than 16.
1 Like
Well done. When I tried with Win10 it was slow in a VM. I went back to Win7.
I had issues like that with GhostBSD in a VM.
I have no idea what they changed with a new release, but it would not install… as soon as it starts X11 get a blank screen . Tried all sorts of settings in virt-manager but no luck.
Keep trying. There will be a solution.
2 Likes