Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcuts
Log InSign Up
Found the internet!
r/pop_os
r/pop_os
7
Posted by
u/water-tower
2 years ago

PopOS 20.04 - w/ Secure Boot and rEFInd

My goal was to have PopOS installed on an external hard drive so I can experiment with the OS.

I 've got a company laptop that runs Windows 10 and has Secure Boot enabled. Bitlocker is also enabled. It's company policy to have Bitlocker and Secure Boot enabled, so it's not an option to turn them off.

So I thought, I 'd buy an nvme drive, a usb-c caddy, install PopOS and off to the races. Apparently it's not that straight forward.

Here's what I 've done to get it working.

  1. Disable Secure Boot. On a Dell Laptop, turn the laptop on and press F2. Then go to Settings > Secure Boot. Select Disabled and click on Apply and then Exit.

  2. Assuming that you have a bootable USB stick with PopOS, boot from it and install PopOS. I 've installed PopOS on the external drive.

  3. Install reEFInd.

sudo add-apt-repository ppa:rodsmith/refind

sudo apt-get update

4. Install shim and shim-signed and prevent them from updating. Do not install the latest version, as you might not be able to enroll your keys. Bug: https://github.com/rhboot/shim/issues/143

wget http://archive.ubuntu.com/ubuntu/pool/main/s/shim/shim_13-0ubuntu2_amd64.deb

sudo apt-get install -f ./shim_13-0ubuntu2_amd64.deb

sudo apt-mark hold shim=13-0ubuntu2

wget http://archive.ubuntu.com/ubuntu/pool/main/s/shim-signed/shim-signed_1.34.9+13-0ubuntu2_amd64.deb

sudo apt-get install -f ./shim-signed_1.34.9+13-0ubuntu2_amd64.deb

sudo apt-mark hold shim-signed=1.34.9+13-0ubuntu2

5. Run the rEFInd script and use the ubuntu signed shim file.

sudo refind-install --shim /usr/lib/shim/shimx64.efi.signed --localkeys

rEFInd will generate local signed keys and re-sign the rEFInd binaries with your own key too. rEFInd will store the .key file in /etc/refind.d/keys (You will need that later)

6. Copy the PopOS certificate to the EFI

sudo cp /var/lib/shim-signed/mok/MOK.der /boot/efi/EFI/refind/keys/popos.der

7. Sign the bootloader and kernel. If the commands below don't work with sudo, sudo su - and run them as root.

cd /boot/efi/EFI/systemd/

sbsign --key /etc/refind.d/keys/refind_local.key --cert ../refind/keys/refind_local.crt --output systemd-bootx64-signed.efi systemd-bootx64.efi

sbsign --key /etc/refind.d/keys/refind_local.key --cert ../refind/keys/refind_local.crt --output <Your PopOS directory>/vmlinuz-signed.efi vmlinuz.efi

mv vmlinuz.efi vmlinuz.efi.old

mv vmlinuz-signed.efi vmlinuz.efi

8. Reboot and enable Secure Boot.

9. Enroll your keys.

Once you boot again, you 'll see the MokManager program. Each of the long strings represents a disk partition. Select the partition where you have stored your keys.

Enroll refind_local.cer which is in /boot/efi/EFI/refind/keys and then enroll popos.der which is in the same directory.

Finally, select continue boot.

10. You should now see rEFInd's interface. You can verify that you have booted into rEFInd Secure Boot mode by going to About. Select the kernel you have signed before and click enter.

BOOM! There you have it :) PopOS 20.04 with Secure Boot enabled. Reboot again, disconnect the external hard drive and you can now boot into Windows again. Bitlocker hasn't prompted me to enter a recovery key :)

4 comments
90% Upvoted

User avatar
level 1
lostmsu
· 2 yr. ago

> 9. Enroll your keys.

I understood most of the stuff except this line. Where do you enroll the keys? In EFI?

1
User avatar
level 2
FernTheFern
· 2 yr. ago

I believe he means the button `Enroll Keys` which is the secure boot authentication keys.

1
level 1
hi563145
· 2 yr. ago

Sorry kinda a noob here, wdym by <Your PopOS directory>

1
level 1
flobiiii
· 13 days ago

Do you have to do this before rebooting from the live USB to Pop OS?

Or can I do that at any point without reinstalling?

1
More posts you may like
24
Subreddit Icon
r/pop_os
Posted by
u/Pepinillo2014
4 days ago

Recently install Pop_OS on my laptop but the track-pad is recognize as a "PS/2 Logitech Wheel Mouse", I can't scroll or do right clicks (the driver in windows was a Elan driver if it helps)

Help
Post image
24
10 comments
24
Subreddit Icon
r/pop_os
Posted by
u/staccodaterra101
5 days ago

Disable breaking Automatic updates (kernel/nvidia)

I am not 100% sure what's happening but I saw many people lately are having problems with the new kerlel/nvdia drivers. So I suppose this is whats happening to me. What i know is that yesterday i turned on popos an i couldnt pass the log in screen, the screen was at very low resolution and the external monitors werent reconized.

Luckily I do daily backups with timeshift so I just restored a 2 days old backup and fixed it.

Today it happened again I am restoring right now...

So... how can I fix this? I cant keep going restoring every time I turni off my PC...

UPDATES: I know for sure now that the problem comes from the kernel update 6.0.2. The problem is that after restoring the snapshot, logging in and disabgling the automatic updates, it still get updated

UPDATES 2: It seems that the auto update is triggered even if "automatic updates" is disabled in settings. This is probably caused by timeshift backups of boot partition. (thx mmstick)

UPDATE 3: Apparently, the new kernel 6.0.2 has problems only if combined with the wrong nvidia drivers. You need to uninstall all nvidia drivers and install the latest suported: (thx MaundeRZ and ahoneybun)

sudo apt purge ~nnvidia

sudo apt autoremove --purge

sudo apt install nvidia-driver-515

sudo system76-power graphics nvidia

24
26 comments
24
Subreddit Icon
r/pop_os
Posted by
u/morningrunner02
13 hours ago

Pop!_os and Nvidia GT 540m

SOLVED

Hello

I am using an old laptop (ASUS K53SV). I can not install the video card drivers. It gives dkms error. I like to use pop os and I dont want to change it. How can i install my video card drivers?

Thanks

24
5 comments
19
Subreddit Icon
r/pop_os
Posted by
u/wait-what_was_that
3 days ago

Cannot detect borders in webpages when using Chrome. PopOs issue or Chrome?

Post image
19
31 comments
19
Subreddit Icon
r/pop_os
Posted by
u/FreakSquad
5 days ago

iPhone USB connection to view/transfer photos works perfectly...once per boot. Fails the 2nd+ time unless I reboot?

Help

Kind of a weird one that I was hoping someone might be able to give some guidance on - either full-on troubleshooting, or at least a way to work around the issue without having to fully reboot.

Basically, at any point after I boot my laptop, I can use my USB-C-to-Lightning cable to connect it to my iPhone 12. Two icons show up in the Dock and in the Files app on the sidebar: one for Documents (showing the iPhone apps that expose documents), and one for Photos (the DCIM > yearmonth folders structure). I can copy files, do whatever I need.

After unmounting and unplugging the device, if I plug it back in, only Documents shows up - Photos doesn't appear.

I don't know if this is the right place to look, but I looked in the /var/log/syslog file while trying it both ways (2nd time, and then after a fresh boot), and the log records definitely showed something different going on.

The 2nd+ time on the same boot:

Oct 25 23:20:28 pop-os usbmuxd[20733]: [23:20:28.341][3] Using libusb 1.0.25
Oct 25 23:20:28 pop-os usbmuxd[20733]: libusb: warning [op_get_configuration] device unconfigured
Oct 25 23:20:28 pop-os usbmuxd[20733]: libusb: error [op_get_active_config_descriptor] device unconfigured
Oct 25 23:20:28 pop-os usbmuxd[20733]: [23:20:28.343][3] Could not get old configuration descriptor for device 1-9: LIBUSB_ERROR_NOT_FOUND
Oct 25 23:20:28 pop-os colord[1383]: CdMain: failed to emit DeviceAdded: failed to register object: An object is already exported for the interface org.freedesktop.ColorManager.Device at /org/freedesktop/ColorManager/devices/sysfs__null_
Oct 25 23:20:28 pop-os usbmuxd[20733]: [23:20:28.398][3] Initialization complete
Oct 25 23:20:28 pop-os usbmuxd[20733]: [23:20:28.398][3] Enabled exit on SIGUSR1 if no devices are attached. Start a new instance with "--exit" to trigger.
Oct 25 23:20:28 pop-os colord[1383]: CdMain: failed to emit DeviceAdded: failed to register object: An object is already exported for the interface org.freedesktop.ColorManager.Device at /org/freedesktop/ColorManager/devices/sysfs__null_
Oct 25 23:20:28 pop-os kernel: [39650.899901] ipheth 1-1:4.2: Apple iPhone USB Ethernet device attached

After a fresh boot:

Oct 25 23:25:53 pop-os usbmuxd[34392]: [23:25:53.677][3] Using libusb 1.0.25
Oct 25 23:25:53 pop-os usbmuxd[34392]: [23:25:53.780][3] Initialization complete
Oct 25 23:25:53 pop-os usbmuxd[34392]: [23:25:53.780][3] Enabled exit on SIGUSR1 if no devices are attached. Start a new instance with "--exit" to trigger.
Oct 25 23:25:53 pop-os usbmuxd[34392]: [23:25:53.781][3] Connecting to new device on location 0x10003 as ID 1
Oct 25 23:25:53 pop-os usbmuxd[34392]: [23:25:53.781][3] Connected to v2.0 device 1 on location 0x10003 with serial number 00008101-0001395C1A00001E
Oct 25 23:25:53 pop-os mtp-probe: checking bus 1, device 3: "/sys/devices/pci0000:00/0000:00:08.1/0000:05:00.3/usb1/1-1"
Oct 25 23:25:53 pop-os mtp-probe: bus: 1, device: 3 was not an MTP device
Oct 25 23:25:53 pop-os usbmuxd[34392]: libusb: error [udev_hotplug_event] ignoring udev action unbind
Oct 25 23:25:53 pop-os mtp-probe: checking bus 1, device 3: "/sys/devices/pci0000:00/0000:00:08.1/0000:05:00.3/usb1/1-1"
Oct 25 23:25:53 pop-os mtp-probe: bus: 1, device: 3 was not an MTP device
Oct 25 23:25:53 pop-os colord[1372]: CdMain: failed to emit DeviceAdded: failed to register object: An object is already exported for the interface org.freedesktop.ColorManager.Device at /org/freedesktop/ColorManager/devices/sysfs__null_
Oct 25 23:25:53 pop-os kernel: [  135.299966] ipheth 1-1:4.2: Apple iPhone USB Ethernet device attached

Based on that, I tried running sudo systemctl restart usbmuxd.service and plugging the iPhone back in worked to show both Documents and Photos.

This already feels super long...basically, does anyone know why on earth that works, and is there something I could be doing to fix the root cause of the issue, or is there some bug going on here? (I don't specifically recall this happening before the kernel version 6 update, but I can't say I remember with 100% certainty).

Thanks!

19
7 comments
15
Subreddit Icon
r/pop_os
Posted by
u/Deep_Delver
2 days ago

Help with Schrodinger's Vim?

Help

If I try to launch Vim from the terminal it says "command not found" and prompts me to install Vim.

However, in my Applications drawer it says I already have Vim installed... however clicking on the icon appears to launch it in a separate "terminal" window dinstinct from the actual terminal.

If I right-click on it and select "show details" it takes me to a page on the Pop Shop that says "Vim" by "Vim Developers" but the screenshot is of GVim. If I search "Vim" on the store it gives me two seperate Vim apps and says I have both installed, even though only one shows up under Applications.

Strangely, I did download GVim at one point, and it's in my Applications drawer, and it launches (not from terminal though, that still prompts me to install), but the Pop Shop says I haven't installed it.

So... what's going on? Why do I apparently have two versions of Vim that only show up as one version that is apparently not the actual Vim. And how can GVim be installed and not installed at the same time?

P.S. - If it helps, I'm running 22.04 LTS with latest updates on an HP Dev One.

15
13 comments
14
Subreddit Icon
r/pop_os
Posted by
u/JustChilling_
7 days ago

NVIDIA Driver 520

Discussion

Just noticed on my Pop_Shop that I now have nvidia-driver-520 available to install, as well as nvidia-driver-520-open.

Has anyone installed any of these two drivers? Any issues? Any benefits?

Thanks!

14
19 comments
12
Subreddit Icon
r/pop_os
Posted by
u/SphericalCatInVacuum
4 days ago

Xorg and gnome-shell high GPU usage

Help

Hi! I have been using Pop!_OS for a few weeks on my Dell xps 15 (9520) with an Nvidia rtx 3050ti and I've noticed that from time to time the fans start ramping up, while I'm just browsing something on firefox. I've looked at GPU usage and 40-80% is occupied by Xorg and gnome-shell combined. It also impacts performance in games, because when that spike happens while I'm playing cs go my fps drops from 200+ to 45ish, making it less than enjoyable experience. Is there something I should try/check? What could be causing such high GPU usage?

12
0 comments
See more posts like this in r/pop_os

About Community

Subreddit Icon
r/pop_os
A subreddit for the amazing OS from System76, based on Ubuntu! Chat with the community at chat.pop-os.org
Created Jun 22, 2017
57.0k

Members

138

Online

Similar to this post

Top posts may 5th 2020Top posts of may, 2020Top posts 2020
User AgreementPrivacy policy
Content policyModerator Code of Conduct
Reddit Inc © 2022. All rights reserved
banana+1Back to Top