Based on Arch Wiki:
- https://wiki.archlinux.org/index.php/syslinux#UEFI_Systems
- https://wiki.archlinux.org/index.php/Secure_Boot#PreLoader
I was trying to boot directly to Arch (with no boot manager menu) with UEFI and Secure Boot, systemd-boot doesn't worked because the boot partition was not with the correct UUID and formatting the disk does not appears to be a great solution (rs).
SYSLINUX worked out of the box with PreLoader!
On following sample I've considered that ESP is mounted at /boot and we have a
Intel Core processor and Intel Graphics GPU (my laptop case).
Install syslinux package (if not installed) and setup for UEFI:
# mkdir -p /boot/EFI/syslinux
# cp -r /usr/lib/syslinux/efi64/* /boot/EFI/syslinux
Install preloader-signed package for secure boot, then copy EFI files:
# cp /usr/share/preloader-signed/{PreLoader,HashTool}.efi /boot/EFI/syslinux
Copy syslinux.efi default file to loader.efi and create UEFI boot entry:
# cp /boot/EFI/syslinux/syslinux.efi /boot/EFI/syslinux/loader.efi
# efibootmgr --verbose --disk /dev/sdX --part Y --create --label "Syslinux Secure Boot" --loader /EFI/syslinux/PreLoader.efi
As documented by Rodsbooks' Secure Boot, at the first boot with Secure Boot enabled:
- "PreLoader should launch, but it will probably complain that it couldn't launch loader.efi. It will then launch HashTool, which is the program that PreLoader uses to store information (hashes) on the programs you authorize."
- "In HashTool, select the Enroll Hash option."
- Browse to
EFI/syslinuxand select theloader.efiprogram file. HashTool asks for confirmation; respond Yes. - Repeat for
syslinux.efiandvmlinuz-linux(browse back to root dir) kernel file.