From 1475739105ee46ebd3139cb9eeaa9775b27c87fe Mon Sep 17 00:00:00 2001 From: TommyTran732 <57488583+tommytran732@users.noreply.github.com> Date: Sun, 25 Jul 2021 08:52:25 +0000 Subject: [PATCH] Update README.md --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index e2ad21b..0775920 100644 --- a/README.md +++ b/README.md @@ -12,6 +12,11 @@ This fork comes with various security improvements and fully working rollbacks w 6. `cd Arch-Setup-Script` 7. `chmod u+x ./install.sh && ./install.sh` +### SecureBoot +The Secure Boot script can be run post installation to automate the process of generating your own keys and setting up Secure Boot described at https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot. Please make sure that your firmware is in Setup mode and the TPM is disabled. + +Currently, there is an problem where GRUB requires tpm.mod to be included for signature verification, but if tpm.mod is included and the TPM is enabled it will also attempt to do Measured Boot, breaking the Arch Linux snapshots created by grub-btrfs. I have yet to find a solution for this issue. + ### Changes to the original project 1. Encrypted /boot with LUKS1 2. SUSE - like partition layout and fully working snapper snapshots & rollback