Problem with unified kernel image

31 August 2024, 04:49:16

Hello,

I have been trying to setup booting to a unified kernel image (UKI) so I could enable a true secure boot then.
I first encountered some problems with sbctl, even if I give him the ESP path, it does not find it. I may have to write a config file, but I went with a more manual key creation and setup, so it was not that much a problem.

Then I had a problem with mkinitcpio not finding the UEFI stub. I saw in its script that it looks for /usr/lib/systemd/boot/efi/linuxx64.efi.stub and there is no such file on Artix Linux. I found my older post when I tried to do the same, nearly bricked my computer and succeeded to recover it at the cost of permanently rendering the secure boot non functional, so I did not try until I got my new laptop.
So to work around the missing stub, I copied /boot/vmlinuz-linux in the directory with the expected name. I hoped that it could be used as such because zgrepping /proc/config.gz showed me CONFIG_EFI_STUB=y, which I understood as the Linux kernel image being OK to be used as a UEFI stub. Here is where I may have fucked up, but mkninitcpio succeeded in producing an efi file without showing any error.

I then signed the UKI and changed the db, KEK and PK keys, but I could not boot, it stayed on the UEFI logo. I retried with the UKI after disabling secure boot and I got the same result. So I believe the problem is the UKI and not secure boot which I disabled.
I have not tried with an unsigned UKI yet.
Edit : I forgot to add that my setup is with LVM on LUKS, so there may be a problem with this too.

I also tried by following the manual creation of UKI from ArchWiki with objcopy command, but I got the same result: it was blocked on UEFI logo.

Has anyone succeeded in booting with a UKI?

My laptop model is a NovaCustom V56 with coreboot, Meteor Lake CPU and integrated graphic card.

Thanks in advance!