So two questions regarding some boot issues I’ve encountered on my dual-boot linux setup:

  1. I want to know if there is any way at all to reduce and ideally eliminate the screen flickering that happens when rEFInd initially boots? My screen flashes gray three times before rEFInd shows up and I’ve tried adding & removing linux from the use_graphics_for option and mess with resolutions to no avail.
  2. Is there anyway I can get an encrypted Garuda system to work with Secure Boot? I’ve gotten rEFInd and OpenSUSE Tumbleweed to work, but no lock with Garuda despite attempting all of the MOK enrollment and shim copying.
    Any help is greatly appreciated!
  • Exec@pawb.social
    link
    fedilink
    arrow-up
    0
    ·
    edit-2
    1 year ago

    I’ve tried to set up rEFInd but couldn’t get the proper configs / kernel parameters to work for my LUKS-enabled setup. If you’re willing to try another loader out, I was able to make systemd-boot work with both plymouth (flicker-less loading), luks (with graphical prompt), and secure boot too.

    • DARbarian@artemis.campOP
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Oh man that sounds like exactly what I’m looking for: dual-booting two distros, one encrypted, all with secure boot and a nice graphical boot process. I just went through the fiasco of rebuilding my EFI partition and grub setups. Is switching to systemd-boot much harder?

      • Exec@pawb.social
        link
        fedilink
        arrow-up
        1
        ·
        edit-2
        1 year ago

        Follow the Arch wiki. Just make sure that your distro has a hook for the package manager for signing the kernel. Eg. for Arch there’s the systemd-boot-pacman-hook aur package.
        It’s not hard to set it up with a LUKS-enabled system, just put the relevant kernel parameters in your /esp/loader/entries/entry.conf file.
        For example, here’s my arch.conf entry (with LVM on LUKS):

        title    Arch Linux
        linux   /vmlinuz-linux
        initrd  /intel-ucode.img
        initrd  /initramfs-linux.img
        options loglevel=2 quiet splash cryptdevice=PARTLABEL=partlabel-from-blkid:pvname root=/dev/mapper/rootlvname rw  
        

        If your keys are already enrolled, you can just use sbctl sign-all once, your package manager hook should do the rest.

        Overall, the general directory structure should look like this in the end (files omitted):

        /boot
        ├── initramfs-linux-fallback.img
        ├── initramfs-linux.img
        ├── intel-ucode.img
        ├── loader
        │   ├── entries
        │   │   ├── arch.conf
        │   │   └── arch-fallback.conf
        │   ├── entries.srel
        │   ├── loader.conf
        │   └── random-seed
        └── vmlinuz-linux