Not able to boot any generation on Surface Laptop 5 with secure boot

[TimoVerbrugghe]

Big thanks already for all the work done here :).

My setup:

• Surface Laptop 5
• Dualboot between nixos (24.05) and Windows 11

Currently able to load bootloader in secure boot, but not able to boot any generation that I select (the auto detected windows 11 entry does boot). If I select a nixos generation, screen goes black for a few seconds, then the boot menu comes up again.

Information below, anything else you want me to add in terms of logs?

Steps I've taken:

• Installed sbctl & lanzaboote using flake config

• Created secure boot keys

• sbctl verify confirms that generations are signed

  [timo@timo-surface-nixos:/etc/secureboot]$ sudo sbctl verify
  Verifying file database and EFI images in /boot...
  ✓ /boot/EFI/Boot/bootx64.efi is signed
  ✓ /boot/EFI/Linux/nixos-generation-10-wumc6ylmxlhx7im3apihtmnydw2x2sdghlomigvyr42v3umwezyq.efi is signed
  ✓ /boot/EFI/Linux/nixos-generation-8-wumc6ylmxlhx7im3apihtmnydw2x2sdghlomigvyr42v3umwezyq.efi is signed
  ✓ /boot/EFI/Linux/nixos-generation-9-zo32rkvn3qlm7jecflnpcbqotqht3dpissvzpam7eth3dw7zop7q.efi is signed
  ✗ /boot/EFI/nixos/kernel-6.10.5-s5opuy4efv6pb4ba33mwigy3sm3h6gn2qfnhtvdzkbkq6ns67leq.efi is not signed
  ✓ /boot/EFI/systemd/systemd-bootx64.efi is signed

• According to instructions, you then need to enable secureboot first before enrolling the keys. I tried this and enabled secureboot in surface uefi but then linux bootloader did not load at all, it went directly to windows boot manager (I checked the boot order to confirm linux boot manager is first).

• Rebooted with secure boot disabled and enrolled the keys

  [timo@timo-surface-nixos:/etc/secureboot]$ sudo sbctl status
  Installed:  ✓ sbctl is installed
  Owner GUID:  <REDACTED>
  Setup Mode: ✗ Enabled
  Secure Boot:    ✗ Disabled
  Vendor Keys:    microsoft

• This enables secure boot because after enrolling the keys and booting directly in the surface uefi, it says that secure boot is enabled with "custom key configuration" (an option you can't select directly from the UEFI menu)

• Bootloader now shows up in secure boot, but no generations can boot.

Bootctl status output:

[timo@timo-surface-nixos:/etc/secureboot]$ bootctl status
System:
      Firmware: UEFI 2.70 (EDK II 1.00)
 Firmware Arch: x64
   Secure Boot: disabled (setup)
  TPM2 Support: yes
  Measured UKI: yes
  Boot into FW: supported

Current Boot Loader:
      Product: systemd-boot 255.9
     Features: ✓ Boot counting
               ✓ Menu timeout control
               ✓ One-shot menu timeout control
               ✓ Default entry control
               ✓ One-shot entry control
               ✓ Support for XBOOTLDR partition
               ✓ Support for passing random seed to OS
               ✓ Load drop-in drivers
               ✓ Support Type #1 sort-key field
               ✓ Support @saved pseudo-entry
               ✓ Support Type #1 devicetree field
               ✓ Enroll SecureBoot keys
               ✓ Retain SHIM protocols
               ✓ Menu can be disabled
               ✓ Boot loader sets ESP information
         Stub: lanzastub 0.4.1
     Features: ✓ Stub sets ESP information
               ✗ Picks up credentials from boot partition
               ✗ Picks up system extension images from boot partition
               ✗ Measures kernel+command line+sysexts
               ✗ Support for passing random seed to OS
               ✗ Pick up .cmdline from addons
               ✗ Pick up .cmdline from SMBIOS Type 11
               ✗ Pick up .dtb from addons
          ESP: /dev/disk/by-partuuid/38ec6b10-0153-42ca-bec6-81bcc55aec93
         File: └─/EFI/systemd/systemd-bootx64.efi

Random Seed:
 System Token: set
       Exists: yes

Available Boot Loaders on ESP:
          ESP: /boot (/dev/disk/by-partuuid/38ec6b10-0153-42ca-bec6-81bcc55aec93)
         File: ├─/EFI/systemd/systemd-bootx64.efi (systemd-boot 255.9)
               └─/EFI/BOOT/bootx64.efi (systemd-boot 255.9)

Boot Loaders Listed in EFI Variables:
        Title: Linux Boot Manager
           ID: 0x0005
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/38ec6b10-0153-42ca-bec6-81bcc55aec93
         File: └─/EFI/systemd/systemd-bootx64.efi

        Title: Windows Boot Manager
           ID: 0x0004
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/38ec6b10-0153-42ca-bec6-81bcc55aec93
         File: └─/EFI/Microsoft/Boot/bootmgfw.efi

Boot Loader Entries:
        $BOOT: /boot (/dev/disk/by-partuuid/38ec6b10-0153-42ca-bec6-81bcc55aec93)

[TimoVerbrugghe]

Dump of PK, KEK & db files from /sys/firmware/efi/efivars/... at the request of @RaitoBezarius

PK: https://pastebin.com/e1q6NPU7 db: https://pastebin.com/LayiAD4V KEK: https://pastebin.com/Tgs6RFz3

[TimoVerbrugghe]

For additional context, just tried by manually adding Preloader.efi & HashTool.efi to my boot partition, copying systemd-bootx64.efi to loader.efi and then adding the hashes using HashTool.efi

This only worked when I added both the hashes of loader.efi & the hash of initrd in /boot/EFI/nixos/initrd... so I could boot. This did work and I can boot with secureboot into nixos this way (however I would have to readd every nixos generation I build using HashTool.efi this way)

I believe lanzaboote creates efi stubs in /boot/EFI/Linux which include a hash of the initrd efi file, but don't know if there is something wrong going on there?