Ataraxxia
Duplicated EFI signing
I noticed that zz-sbctl pacman hook returned warning that arch-linux.efi has already been signed. Since I provided dracut with paths of secureboot certs and keys, it already signed the same file at the end of its hook. I see no point in making zz-sbctl hook if dracut takes care of everything.
By itself sbctl tries to sign non-existing files which results in error messages, depending on your configuration. Yes, it tries to duplicate the signing but the proper solution requires removing the sbctl hook from executing in the first place and making sure it wouldn't return after package upgrade or reinstall. The hook overshadows the original one and you can change the exec command in the hook to:
/usr/bin/true
to remove duplicate signing attempt
I am not closing this issue since I may fix this properly when i'll be revisiting this tutorial on my youtube channel
