I want to setup secure boot with Garuda however it just brings up the Security Violation error when I boot into Garuda what would be the ideal way to setup secure boot for this system ?
System:
Kernel: 6.16.5-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 15.2.1 clocksource: tsc
avail: hpet,acpi_pm parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
root=UUID=dc0cf298-2dd0-4a05-933d-71a6bbbee6c8 rw rootflags=subvol=@
vt.default_red=30,243,166,249,137,245,148,186,88,243,166,249,137,245,148,166
vt.default_grn=30,139,227,226,180,194,226,194,91,139,227,226,180,194,226,173
vt.default_blu=46,168,161,175,250,231,213,222,112,168,161,175,250,231,213,200 quiet loglevel=3
splash
Desktop: KDE Plasma v: 6.4.4 tk: Qt v: N/A info: frameworks v: 6.17.0 wm: kwin_wayland
with: ulauncher vt: 2 dm: SDDM Distro: Garuda base: Arch Linux
Machine:
Type: Desktop Mobo: ASUSTeK model: TUF Z270 MARK 2 v: Rev 1.xx serial: <superuser required>
part-nu: SKU uuid: <superuser required> UEFI: American Megatrends v: 1301 date: 03/14/2018
CPU:
Info: model: Intel Core i7-7700K bits: 64 type: MT MCP arch: Kaby Lake gen: core 7 level: v3
note: check built: 2018 process: Intel 14nm family: 6 model-id: 0x9E (158) stepping: 9
microcode: 0xF8
Topology: cpus: 1x dies: 1 clusters: 4 cores: 4 threads: 8 tpc: 2 smt: enabled cache:
L1: 256 KiB desc: d-4x32 KiB; i-4x32 KiB L2: 1024 KiB desc: 4x256 KiB L3: 8 MiB desc: 1x8 MiB
Speed (MHz): avg: 1600 min/max: 800/4500 scaling: driver: intel_pstate governor: powersave
cores: 1: 1600 2: 1600 3: 1600 4: 1600 5: 1600 6: 1600 7: 1600 8: 1600 bogomips: 67200
Flags-basic: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
Vulnerabilities: <filter>
Graphics:
Device-1: Intel HD Graphics 630 vendor: ASUSTeK driver: i915 v: kernel arch: Gen-9.5
process: Intel 14nm built: 2016-20 ports: active: none empty: HDMI-A-1,HDMI-A-2 bus-ID: 00:02.0
chip-ID: 8086:5912 class-ID: 0380
Device-2: Advanced Micro Devices [AMD/ATI] Navi 14 [Radeon RX 5500/5500M / Pro 5500M]
vendor: XFX Pine driver: amdgpu v: kernel arch: RDNA-1 code: Navi-1x process: TSMC n7 (7nm)
built: 2019-20 pcie: gen: 4 speed: 16 GT/s lanes: 16 ports: active: HDMI-A-3
empty: DP-1,DP-2,DP-3 bus-ID: 03:00.0 chip-ID: 1002:7340 class-ID: 0300
Display: wayland server: X.org v: 1.21.1.18 with: Xwayland v: 24.1.8 compositor: kwin_wayland
driver: gpu: amdgpu display-ID: 0
Monitor-1: HDMI-A-3 model: ViewSonic VX2479 Series serial: <filter> built: 2024 res:
mode: 1920x1080 hz: 180 scale: 100% (1) dpi: 92 gamma: 1.2 size: 527x296mm (20.75x11.65")
diag: 604mm (23.8") ratio: 16:9 modes: max: 1920x1080 min: 720x400
API: EGL v: 1.5 hw: drv: intel iris drv: amd radeonsi platforms: device: 0 drv: radeonsi
device: 1 drv: iris device: 2 drv: swrast gbm: drv: kms_swrast surfaceless: drv: radeonsi
wayland: drv: radeonsi x11: drv: radeonsi
API: OpenGL v: 4.6 compat-v: 4.5 vendor: amd mesa v: 25.2.2-arch1.1 glx-v: 1.4
direct-render: yes renderer: AMD Radeon RX 5500 XT (radeonsi navi14 LLVM 20.1.8 DRM 3.64
6.16.5-zen1-1-zen) device-ID: 1002:7340 memory: 3.91 GiB unified: no display-ID: :0.0
API: Vulkan v: 1.4.321 layers: 5 device: 0 type: discrete-gpu name: AMD Radeon RX 5500 XT
(RADV NAVI14) driver: mesa radv v: 25.2.2-arch1.1 device-ID: 1002:7340 surfaces: N/A device: 1
type: integrated-gpu name: Intel HD Graphics 630 (KBL GT2) driver: mesa intel v: 25.2.2-arch1.1
device-ID: 8086:5912 surfaces: N/A device: 2 type: cpu name: llvmpipe (LLVM 20.1.8 256 bits)
driver: mesa llvmpipe v: 25.2.2-arch1.1 (LLVM 20.1.8) device-ID: 10005:0000 surfaces: N/A
Info: Tools: api: clinfo, eglinfo, glxinfo, vulkaninfo de: kscreen-console,kscreen-doctor
wl: wayland-info x11: xdpyinfo, xprop, xrandr
Audio:
Device-1: Intel 200 Series PCH HD Audio vendor: ASUSTeK driver: snd_hda_intel v: kernel
alternate: snd_soc_avs bus-ID: 00:1f.3 chip-ID: 8086:a2f0 class-ID: 0403
Device-2: Advanced Micro Devices [AMD/ATI] Navi 10 HDMI Audio vendor: XFX Pine
driver: snd_hda_intel v: kernel pcie: gen: 4 speed: 16 GT/s lanes: 16 bus-ID: 03:00.1
chip-ID: 1002:ab38 class-ID: 0403
API: ALSA v: k6.16.5-zen1-1-zen status: kernel-api tools: N/A
Server-1: PipeWire v: 1.4.7 status: active with: 1: pipewire-pulse status: active
2: wireplumber status: active 3: pipewire-alsa type: plugin 4: pw-jack type: plugin
tools: pactl,pw-cat,pw-cli,wpctl
Network:
Device-1: Intel Ethernet I219-V vendor: ASUSTeK driver: e1000e v: kernel port: N/A
bus-ID: 00:1f.6 chip-ID: 8086:15b8 class-ID: 0200
IF: enp0s31f6 state: up speed: 1000 Mbps duplex: full mac: <filter>
Info: services: NetworkManager,systemd-timesyncd
Bluetooth:
Device-1: USB2.0-BT driver: btusb v: 0.8 type: USB rev: 2.0 speed: 12 Mb/s lanes: 1 mode: 1.1
bus-ID: 1-7:3 chip-ID: 33fa:0010 class-ID: e001
Report: btmgmt ID: hci0 rfk-id: 0 state: up address: N/A
Device-2: Realtek Bluetooth Radio driver: btusb v: 0.8 type: USB rev: 1.1 speed: 12 Mb/s
lanes: 1 mode: 1.1 bus-ID: 1-8:4 chip-ID: 0bda:8771 class-ID: e001 serial: <filter>
Report: ID: hci1 rfk-id: 1 state: up address: N/A
RAID:
Hardware-1: Intel SATA Controller [RAID mode] driver: ahci v: 3.0 port: f060 bus-ID: 00:17.0
chip-ID: 8086:2822 rev: class-ID: 0104
Drives:
Local Storage: total: 5.24 TiB used: 6.16 GiB (0.1%)
SMART Message: Unable to run smartctl. Root privileges required.
ID-1: /dev/nvme0n1 maj-min: 259:6 vendor: Western Digital model: WD Blue SN570 1TB
size: 931.51 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 tech: SSD
serial: <filter> fw-rev: 234110WD temp: 36.9 C scheme: GPT
ID-2: /dev/nvme1n1 maj-min: 259:0 vendor: Western Digital model: WDS500G3X0C-00SJG0
size: 465.76 GiB block-size: physical: 512 B logical: 512 B speed: 31.6 Gb/s lanes: 4 tech: SSD
serial: <filter> fw-rev: 102000WD temp: 40.9 C scheme: GPT
ID-3: /dev/sda maj-min: 8:0 vendor: ASUS model: Rogueware 2.5 SATA NX100S 256GB
size: 238.47 GiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s tech: SSD
serial: <filter> fw-rev: 8B0 scheme: GPT
ID-4: /dev/sdb maj-min: 8:16 vendor: Seagate model: ST3000DM007-1WY10G size: 2.73 TiB
block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s tech: HDD rpm: 5425 serial: <filter>
fw-rev: 0001 scheme: GPT
ID-5: /dev/sdc maj-min: 8:32 vendor: Seagate model: BUP Slim BK size: 931.51 GiB block-size:
physical: 4096 B logical: 512 B type: USB rev: 3.0 spd: 5 Gb/s lanes: 1 mode: 3.2 gen-1x1
tech: N/A serial: <filter> fw-rev: 0107 scheme: MBR
Partition:
ID-1: / raw-size: 118.14 GiB size: 118.14 GiB (100.00%) used: 6.13 GiB (5.2%) fs: btrfs
dev: /dev/sda7 maj-min: 8:7
ID-2: /boot/efi raw-size: 99 MiB size: 95 MiB (95.96%) used: 33.7 MiB (35.5%) fs: vfat
dev: /dev/nvme1n1p2 maj-min: 259:2
ID-3: /home raw-size: 118.14 GiB size: 118.14 GiB (100.00%) used: 6.13 GiB (5.2%) fs: btrfs
dev: /dev/sda7 maj-min: 8:7
ID-4: /var/log raw-size: 118.14 GiB size: 118.14 GiB (100.00%) used: 6.13 GiB (5.2%) fs: btrfs
dev: /dev/sda7 maj-min: 8:7
ID-5: /var/tmp raw-size: 118.14 GiB size: 118.14 GiB (100.00%) used: 6.13 GiB (5.2%) fs: btrfs
dev: /dev/sda7 maj-min: 8:7
Swap:
Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
ID-1: swap-1 type: zram size: 31.08 GiB used: 0 KiB (0.0%) priority: 100 comp: zstd
avail: lzo-rle,lzo,lz4,lz4hc,deflate,842 dev: /dev/zram0
Sensors:
System Temperatures: cpu: 38.0 C mobo: N/A gpu: amdgpu temp: 55.0 C mem: 0.0 C
Fan Speeds (rpm): N/A gpu: amdgpu fan: 0
Info:
Memory: total: 32 GiB note: est. available: 31.08 GiB used: 3.46 GiB (11.1%)
Processes: 329 Power: uptime: 13m states: freeze,mem,disk suspend: deep avail: s2idle
wakeups: 0 hibernate: platform avail: shutdown, reboot, suspend, test_resume image: 12.39 GiB
services: org_kde_powerdevil, power-profiles-daemon, upowerd Init: systemd v: 257
default: graphical tool: systemctl
Packages: pm: pacman pkgs: 1239 libs: 308 tools: octopi,pacseek,paru Compilers: gcc: 15.2.1
Client: Unknown Client: electron inxi: 3.3.39
Garuda (2.8.2-2):
System install date: 2025-09-05
Last full system update: 2025-09-07
Is partially upgraded: No
Relevant software: snapper NetworkManager dracut
Windows dual boot: Probably (Run as root to verify)
Failed units:
--- System Health Check Report ---
22/23 checks run in 1.11 seconds β
Powered by garuda-health π¦
β
System health check passed. No issues found.
sbctl status
Installed: β sbctl is installed
Owner GUID: bc6011d9-98e2-4fd9-b729-0934e59fdc4b
Setup Mode: β Enabled
Secure Boot: β Disabled
Vendor Keys: none