On Mon, Dec 16, 2024 at 8:57 AM Frank von Zeppelin <fvzeppe...@posteo.de> wrote: > > Thank you for your reply. > After my laptop did not recover from sleep, I did a power off and that's it. > Then, the error message came, and I disabled secure boot. But this is not a > permanent solution for me. > > P.S. As they say in the Arch wiki, I had originally used > grub-install --target=x86_64-efi --efi-directory=esp --bootloader-id=GRUB > --modules="tpm" --disable-shim-lock
That cannot work with Secure Boot (at least, using upstream grub code). If it ever did, then Arch must be using a heavily modified version. In which case you better contact Arch support channels. When Secure Boot is enabled, grub enforces verification of everything it reads while --disable-shim-lock disables the code that performs the verification. But your error is different. grub does not support Secure Boot signatures for its modules and so cannot verify them. All distributions I am aware of use the pre-built signed grub image with module loading disabled. In Secure Boot mode grub will only allow loading of modules from the internal memory disk (e.g. grub-standalone), not from an external source. Again, I do not know how Arch manages it, you better contact them. > In the meantime, I re-applied the command hoping it would solve my problem, > but it didn't. > > 16.12.2024 05:23:26 Andrei Borzenkov <arvidj...@gmail.com>: > > > 16.12.2024 01:01, Frank von Zeppelin wrote: > >> Hi, > >> I have Arch Linux running on my laptop. I had secure but active for a > >> long time already, set up with sbctl. Everything worked fine. Then, > >> since the laptop didn't resume from sleep for once, Secure Boot didn't > >> work anymore. Grub is giving the error: > >> error: verification requested but nobody cares: > >> (hd1,gpt1)/grub/x86_64-efi/normal.mod. > >> Can anybody give me a hint on how to repair/debug this? I actually don't > >> have any clue how to approach this. > >> > > > > Immediate fix is to disable Secure Boot. You did not explain what you did > > when "laptop didn't resume from sleep", but it sounds like you run > > "grub-install" which usually does not work together with Secure Boot.
