Arch Linux User Repository

To build this package you need to install one of the following:
linux-headers: if you are using Arch's kernel
linux-lts-headers: if you are using Arch's LTS kernel

@ranran Just like you would add a normal entry, Something like:

efibootmgr -C -d /dev/sda -p 2 -L "Arch Linux" -l /vmlinuz-linux -u initrd=/initramfs-linux.img root=UUID="your_root_partition_uuid" rw quiet

Hi Rookie,

You said: "I forgot to mention before, there is a trick to creating the PBA entry when using efistub, the disk must be locked when you call efibootmgr, otherwise it will not know the uuid of the partition and obviously it will fail to start the PBA image using efistub. The trick here is to use a system on a usb drive to create the PBA uefi entry while the disk is locked. "

Can you please say how to use efistub/efibootmgr to add boot entry for mbr shadow ? I could not do it myself.

Thank you!!!!!!! ranran

Why on earth is this not in the official repos?!

Let's give it some time and see what happens. If the fork starts to get new code and stable releases then I suppose a change might be in order, until then lets wait and see.

Maybe it's time to change the git repo url?
https://github.com/Drive-Trust-Alliance/sedutil/pull/56#issuecomment-302948612

Unable to install on 32-bit system. Please fix.

Error: can not find the makefile for configuration 'Release_i686' in project LinuxPBA
See 'make help' for details.

$ make help
This makefile supports the following configurations:
Debug Release Release_x86_64 Debug_x86_64

Works fine for me.

You'll have to provide more context, otherwise with just that message it's not going to be easy to tell what the problem may be.

This isn't installing with a DtaDevLinuxNvme.h error: linux/nvme.h no such file error

I forgot to mention before, there is a trick to creating the PBA entry when using efistub, the disk must be locked when you call efibootmgr, otherwise it will not know the uuid of the partition and obviously it will fail to start the PBA image using efistub. The trick here is to use a system on a usb drive to create the PBA uefi entry while the disk is locked.

Regarding the bios changing the order of the entries or deleting entries, I believe that is bios/fw dependent, I don't have any problems with my laptop (Lenovo E560) but there are bug reports about that in the sedutil bug tracker, see [1-2].

[1] https://github.com/Drive-Trust-Alliance/sedutil/issues/66
[2] https://github.com/Drive-Trust-Alliance/sedutil/issues/27

Yes, it makes perfectly sense being able to move the device to an older machine, good point. Completely forgot about EFI stub, I will have a look at what I can achieve with secure boot.

By the way, did you experience any issue with EFI entries? If I create an EFI entry and then I lock the SSD turning the power off, then the entry disappears, probably because the BIOS can't find the partition anymore (but the EFI entry still exists in efibootmgr). After unlocking the SSD through the shadow MBR I expected the BIOS to show the EFI entry once again, but it doesn't happen on my Dell XPS 13 9343 BIOS A09. Am I the only one with this issue? Currently I'm booting using the default entry only.