I've got a new laptop with a Samsung BIOS (version P08AFD) and Aptio Setup Utility. When I try to boot a USB stick with Arch Linux 2016.10.01 it says that the signature is invalid. The documentation seems to assume that I've already booted into Arch Linux. So I'm stumped for how to continue:
- Are the keys on the ISO somewhere? There is a tool in Aptio to add PK, KEK, DB and DBX files.
- Has the signature been invalidated by me making a custom USB stick from the official installation medium?
- Should this "just work"? I'm at a loss for why a Linux distro would stop supporting a common (if controversial) security feature, especially since they seem to have supported it for some time.
The USB stick boots just fine on an older machine without Secure Boot support.
Best Answer
Flash the ISO on the usb key as you would normally do.
Then:
~\EFI\boot\
BOOTx64.EFI
asloader.efi
shim.efi
in the same folderBOOTx64.EFI
~\EFI\boot\loader.efi
hashEDIT: relevant bug