I switch to uki + secure boot on ASUS R556L.

• In order to use secure book, you have to switch to uki.
• The process is to use kernel-install to build uki, secure boot and add kernel-install hook for pacman
  • mkinitcpio is used to produce ramdisk initramfs-linux.img.
  • sytemd-ukify is used to build uki from vmlinuz-linux and initramfs-linux.img.
  • system-ukify is used to sign uki.
  • systemd-boot is used to install private key on UEFI.
  • kernel-install use mkinitcpio and ukify to install/remove kernel.
• uki with kernel-instal and systemd-ukify
  • kernel-install is part of systemd, no need to install it.
  • install systemd-ukify: pacman -S systemd-ukify
  • create /etc/kernel/install.conf and update it according to wiki.
  • copy /usr/lib/kernel/uki.conf to /etc/kernel/uki.conf and update it according to wiki.
  • create /etc/kernel/cmdline with cmd option “root=UUID=xxx-xxxx rw”
  • kernel-install(configuration file is /etc/kernel/install.conf) then use ukify (configuration file is /etc/kernel/uki.conf) to create uki and sign it.
  • create uki manually: kernel-install add $(uname -r) /boot/vmlinuz-linux
  • create uki manually: ukify build –linux=/boot/vmlinuz-linux –initrd=/boot/initramfs-linux.img –cmdline=“quiet rw”
  • create uki automatically with pacman: follow wiki
• secure boot
  • follow guideline
  • generate signing keys -> sign the boot loader -> configure the ESP for auto-enrollment
  • reboot and switch to bios -> enable secure boot -> delete old key -> reboot -> you will see enroll new key
  • if bootloader could start, then boot load could work.
  • sign uki
    • uki couldn’t start if not signed, you also need to sign uki kernel throught kernel-install or ukify
    • kernel-install: kernel-install add $(uname -r) /boot/vmlinuz-linux
    • ukify: ukify build –config=/etc/kernel/uki.conf –linux=/boot/vmlinuz-linux –initrd=/boot/initramfs-linux.img –cmdline=“quiet rw”

…

Laptop HW

• ASUS R556L
• CPU/GPU
  • CPU is I5-4210U(Haswell) which equipped with HD Graphics 4400 (Gen 7.5) according to lscpu
  • Nvidia GF117M(Fermi/NVC0), GeForce 820M
• Screen
  • 15.6inch display and resolution is 1366x768.

basic installation

• download iso and boot it.
• install according to installation guideline
• close secure boot from laptop bios.
• connect wifi with iwctl
• partition
  • need partition for efi, /boot(optional, systemd-boot need XBOOTLDR) and /.
  • partition the disk with fdisk and EFI(UEFI) partition is mandatory for UEFI.
  • format partitions.
• mount disk to /mnt, update pacman mirrolist
• nstall essential package: pacstrap -K /mnt base linux linux-firmware vim iwd
• genfstab -U /mnt » /mnt/etc/fstab
• arch-chroot /mnt
• ln -sf /usr/share/zoneinfo/Area/Location /etc/localtime
• hwclock –systohc
• locale-gen
• mkinitcpio -P
• passwd
• install boot loader, see UEFI
• necessary package: sudo, openssh, less, fzf, mesa

Network

• systemd_networkd + iwd + systemd_resolved
• if only configure wifi with iwctl, there is no dhcp to assign IP.
• automatic dhcp:
  • systemd-networkd
  • update /etc/iwd.config to enable iwd dhcp.

basic application

• vim man bash-completion
• tmux fzf btop nmap dust bc rsync
• chrony for datetime syncup
• yay

UEFI

Bios + MBR is setup on 1981 by IBM and many limitation. UEFI + GPT is new boot procedure.

…

I use simple hugo theme Archie, it is very simple theme and I like. But there are several issues you need to notice

• bulletin issue: Html of my bulletin is very strange ( * and bulletin are not on same line ) since I has sub-bulletin. Markdown requirement is list item includes “block content”, need to use to include block. We need to change it it inline in custom.css.

  <p>authentication mechanism and password scheme</p>
</li>


[params]
customcss = ["css/custom.css"]

li > p {
  display: inline;
}

• menu: Default Archie theme has no menu and you need to create menu for posts, category, tag and rss.

mode="auto" # color-mode → light,dark,toggle or auto
useCDN=false # don't use CDNs for fonts and icons, instead serve them locally.
subtitle = "hongy19's blog"
mathjax = true # enable MathJax support
katex = true # enable KaTeX support

[taxonomies]
category = "categories"
tags = "tags"

[[menu.main]]
name = "Home"
url = "/"
weight = 1

[[menu.main]]
name = "All posts"
url = "/posts"
weight = 2

[[menu.main]]
name = "Category"
url = "/categories"
weight = 3

[[menu.main]]
name = "Tags"
url = "/tags"
weight = 4

[[menu.main]]
name = "RSS"
url = "/index.xml"
weight = 5```

• title link: In hugo.toml, I set baseUrl but title link is ‘https://www.hongy19.net’, not ‘https://www.hongy19.net/blog/'

baseURL = 'https://www.hongy19.net/blog/'

With help of ChatGPT, fix is simple, update “themes/archie/layouts/partials/head.html”

…