Skip to main content
We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.
Unix & Linux

Questions tagged [secure-boot]

Ask Question

Questions for UEFI Secure-Boot, Secure-Boot Key Signing and Management

123 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
1 vote
0 answers
53 views

I am trying to understand Secure Boot and what it is doing on my system. I am using systemd-boot as my bootloader, not shim or GRUB, and Secure Boot is reported as enabled: running mokutil --sb-state ...
Eclogite's user avatar
  • 11
0 votes
0 answers
87 views

I've backed up a Fedora 42 installation using tar, and now I am trying to restore the backup to a different drive on the same system, basically cloning the original installation. The original ...
bsdinis's user avatar
  • 1
0 votes
0 answers
186 views

The goal is to sign the mender yocto image and run it on secure boot enabled raspberry pi. I have raspberrypi-4 and the yocto image from mender (open source OTA platform). To give a quick try here is ...
URegal's user avatar
  • 1
1 vote
1 answer
58 views

How likely is it that disabling Secure Boot on a home computer running Linux would suffer from the advertised threat of unauthorized code—such as bootkits and rootkits—from being executed during the ...
Steve Cohen's user avatar
  • 539
0 votes
1 answer
85 views

Apologies in advance if I have incorrect assumptions in the post. I'm still getting the hang of DPDK. Basically, I am trying to utilize DPDK on a Generation 2 Hyper-V VM that has Secure Boot enabled. ...
ctap18's user avatar
  • 1
2 votes
1 answer
997 views

Two common ways to do Secure Boot are: EFI -> shim -> grub -> kernel EFI -> UKI I want to keep grub, but discard all third party keys and use my own. One option would be to recompile ...
Fadeway's user avatar
  • 183
0 votes
1 answer
133 views

I made a custom live system using the Debian FAI service. I can't boot it with secure boot as my laptop is not recognizing the signature somehow. But I can still boot my currently installed Debian ...
td211's user avatar
  • 831
2 votes
0 answers
106 views

I am trying to build a tool to allow people to create network-bootable Linux environments. The primary use case is for mass deployment and configuration of end user devices. Most of these devices have ...
9072997's user avatar
  • 121
2 votes
1 answer
244 views

I am trying to boot a Linux kernel with efi stub enabled using Red Hat's Shim https://github.com/rhboot/shim. I can boot the system if I enroll the hash of my efi stub (selecting GRUBX64.EFI), but ...
Jan Sommer's user avatar
  • 131
1 vote
0 answers
621 views

I wanted to ask about something happening on my Debian 12 machine. When I run journalctl as root I get this message: "Kernel is locked down from EFI Secure Boot; see man kernel_lockdown.7" I ...
user615860's user avatar
  • 11
1 vote
1 answer
2k views

Good evening, after searching on google I didn't find the answer to my question. When installing a distribution such as Ubuntu with secure boot activated, the installer creates a MOK key in the NVRAM ...
user avatar
1 vote
1 answer
325 views

It’s a piece of cake to enable secure boot in a virtual machine, but I’m struggling to do the same with OpenSUSE on my 2012 vintage computer which refuses to boot in secure boot mode even in the ...
Bogey Jammer's user avatar
  • 209
0 votes
0 answers
111 views

I need to install an custom OS to many similar/identical laptops. Would it work to live boot a laptop and dd the disk from a template laptop to the new one? Is it possible to trigger secure boot key ...
johndue's user avatar
  • 61
0 votes
0 answers
304 views

I have a laptop with a damaged screen. I use it by connecting a screen via HDMI. I'm running some cryto mining software that requires MSR access to run efficiently. I cannot access the BIOS to disable ...
Nadim Ghaznavi's user avatar
  • 1
0 votes
3 answers
1k views

Currently, I try to understand how a measured boot is working and what components log what in which pcr of a tpm2. I have a test-setup with uefi-secure boot enabled and a tpm2 attached in a kvm ...
user3046582's user avatar
  • 101
0 votes
0 answers
1k views

I currently have two machines running Arch Linux with a unified kernel image (UKI), full disk encryption (FDE), and secure boot/TPM2 based unlocking. I would like to create a portable USB stick ...
StrongBad's user avatar
  • 5,491
0 votes
1 answer
1k views

I'm producing a yocto build, and want to enable UEFI Secure Boot on the intel machine I'm using. This is a pretty basic yocto build, using core-image-minimal and meta-intel. The artifacts it ...
Dave's user avatar
  • 45
0 votes
1 answer
4k views

I installed the proprietary NVIDIA drivers on my PC using the option my distribution (Zorin OS) gave me upon first installation. Unfortunately, the signature of the driver was not enrolled to MOK, ...
mags0ft's user avatar
  • 3
0 votes
1 answer
2k views

I want to configure my Debian to boot with secure boot enabled but it doesn't and here is why... OS specific boot loaders are stored on the ESP partition which is mounted in /boot/efi Debian system ...
metablaster's user avatar
  • 816
1 vote
1 answer
3k views

I tried install Linux Mint with usb stick done by Ventoy and by (KDE) ISO Image Writer on Fedora. Mint latest version 21.3.Both times I get "Secure Boot Violation. Invalid signature detected. ...
Ohto Nordberg's user avatar
  • 427
0 votes
1 answer
729 views

When I try to run my Kali Linux system with secure boot on, GRUB returns error: /boot/vmlinuz-6.6.9-amd64 has invalid signature. I don't want to turn off secure boot. I have followed the directions ...
horsey_guy's user avatar
  • 760
1 vote
0 answers
1k views

I have a dual-boot system using Grub. Setting GRUB_FONT seems to be broken by SecureBoot. You can even try the loadfont command in Grub's console: it will return an error complaining about SecureBoot. ...
fffred's user avatar
  • 121
0 votes
0 answers
451 views

When running under UEFI Secure Boot with a current Linux distribution, "kernel lockdown" will be instated. Multiple kernel messages along the lines of Lockdown: swapper/0: hibernation is ...
AlexK973's user avatar
  • 319
0 votes
1 answer
1k views

I have dualboot (windows & arch), i was trying to setup secure boot in arch using sbctl. But i think i ran the wrong command and bricked my keys. Now when i startup computer, it get stuck in blank ...
Igor UnderPlayer's user avatar
  • 11
0 votes
1 answer
3k views

I want to sign my nvidia driver so I can use it with Secure Boot. I'm trying to follow these instructions for nvidia driver: https://wiki.debian.org/SecureBoot#Using_your_key_to_sign_modules_....
user3565923's user avatar
  • 133
2 votes
1 answer
996 views

I'm exploring UEFI secure boot and want to verify the certificates of the signed binaries. The code below shows there are indeed some signatures present: sbverify --list $BOOT/EFI/BOOT/BOOTX64.EFI ...
TheMeaningfulEngineer's user avatar
  • 6,260
1 vote
1 answer
2k views

From time to time my NVIDIA drivers (signed with MOK) are not being loaded on my dual boot machine (Ubuntu 22.04 and Windows 11). I'm resolving the issue by reinstalling the same drivers with the same ...
mputkowski's user avatar
  • 13
8 votes
1 answer
8k views

(The question was originally asking about all distributions, however I have achieved a result for one distribution, only) When running under UEFI Secure Boot with a current Linux distribution, "...
AlexK973's user avatar
  • 319
0 votes
1 answer
2k views

I am in the process of configuring Secure Boot with my own keys (PK, KEK and DB). And so far I have done everything: Building Unified Kernel Image (UKI) Making standalone GRUB binary Generating own ...
user avatar
2 votes
0 answers
182 views

I'm trying to understand How MoK shim64 works exactly. What I understand it as is: Securenboot has a list with Whitelisted Kernerl-hashes belonging to Windows, Ubuntu, Fedora, OpenSuse and others. ...
Hazmat's user avatar
  • 51
2 votes
1 answer
219 views

I was looking at the Fedora change set for 38 and saw this which seems like a neat idea but I was wondering how this affects systems that need custom files to be present in the initrd. One example is ...
Bratchley's user avatar
  • 17.3k
0 votes
0 answers
782 views

Debian Stable , just updated, Nvidia drivers didn't get built/brought to current kernel via dkms. How to build/activate after update? I have a Debian 11 stable install, (Secure Boot is enabled) that ...
Zapon's user avatar
  • 1
0 votes
1 answer
762 views

I want to sometimes use Linux, sometimes windows. I found out that, Puppy Linux is small, I can install it on a USB. But the problem is, if I click on my USB in the boot menu, I have to disable secure ...
slavekrouta's user avatar
  • 1
0 votes
0 answers
458 views

I've been trying to disable Secure Boot on my Dell laptop but it's not working. Every part of the process till the blue screen seems to work fine. But once I enter my password it does not work. It ...
user555819's user avatar
  • 1
0 votes
0 answers
2k views

I am currently dual booting Gentoo and Windows (on two different disks). I boot on the linux drive with grub2, where I can choose either Gentoo or Windows (added by os-prober). Recently, I updated ...
nect's user avatar
  • 1
1 vote
0 answers
736 views

I am trying to install Ubuntu 20.04 with Windows 11. However when I select the USB to boot, it shows "Operating System Loader signature found in SecureBoot exclusion database("dbx"). ...
user6819's user avatar
  • 11
1 vote
1 answer
858 views

Mostly a general linux question, but where it needs to be specific I am referencing Debian 12 Bookworm amd64 UEFI booting through grub(not direct kernel stub). I have secure boot disabled in firmware ...
Max Power's user avatar
  • 278
0 votes
2 answers
386 views

I have a PC with a mechanical interrupt in order to enable different hdds and use different OS. Windows has bee installed with bios legacy. I want to install in the other HDD archlinux. When I try ...
eugenio b's user avatar
  • 41
2 votes
1 answer
1k views

I own a rather older piece of server, Dell PowerEdge T20, with the latest BIOS version A20, link to Dell updates, screen of the update in case link goes dead in time: This morning, when SSH'd into ...
Vlastimil Burián's user avatar
  • 31.3k
1 vote
0 answers
2k views

Some time ago I have installed Ubuntu 22.04 and installed proprietary nvidia drivers on it. That triggered creation of the new MOK (Machine Owner Key). In a meantime I have decided to reinstall the ...
MTP's user avatar
  • 11
1 vote
0 answers
2k views

I want to be able to move and resize partitions on my systems, so I wanted to make a live GParted USB, thing is, it doesn't support Secure Boot, Ubuntu is overkill and takes long to boot (and ...
Didi Kohen's user avatar
  • 1,859
2 votes
1 answer
6k views

I just downloaded Pop!_OS 22.04 LTS (NVIDIA) from the official website, verified the checksum, flashed to a pen drive, and attempted to boot from it. I forgot to disable Secure Boot as advised on the ...
BenMorel's user avatar
  • 4,889
2 votes
1 answer
3k views

I want to install arch linux on my laptop, but I want to be able to play my games that require secure boot on windows 10. I found a tutorial to make it secure boot compatible: Flash the ISO on the usb ...
Regex's user avatar
  • 21
0 votes
1 answer
5k views

I am attempting to create an ultimate USB Stick that will contain 2 Linux Distros, Windows and a Plethora of ISOs. So far I have installed Windows, Ubuntu and Fedora Silverblue to a disk (I've been ...
Lime Parallelogram's user avatar
  • 1
0 votes
0 answers
2k views

I'm trying to install Pop!_OS on my Windows 10 Acer Aspire E5-573G from a USB stick but I keep getting this message: error: /casper_pop-os_22.04_amd64_nvidia_debug_125/vmlinuz.efi has invalid ...
Francesco 'oH pongwIj'e''s user avatar
  • 1
1 vote
1 answer
2k views

I have laptop DELL latitude 5491 with preinstalled Windows 10 with secure boot enabled and EFI mode. After I purchased, I installed Ubuntu 20.04 next to Windows as a dualboot with still secure boot ...
Pablo's user avatar
  • 11
1 vote
2 answers
7k views

Follow up to Grub updated and now I can't get in to the BIOS, how can I fix it?. Short version: couldn't boot to a USB thumbdrive after updating grub. I reset the BIOS to factory default (with the ...
jcollum's user avatar
  • 1,237
1 vote
1 answer
27k views

I'm running ubuntu with Secure Boot on. Everything works fine when I use a kernel that comes packaged from cannonical. Still, I have issues running a self-signed kernel. I'm pretty sure my signature ...
piontec's user avatar
  • 33
1 vote
0 answers
418 views

I don't have a built in uefi shell in my laptop and I have secure boot turned on. I would be happy for a signed uefi shell that I can boot into (edk2, tianocore shell.efi files are not signed and I ...
antwerp's user avatar
  • 11
4 votes
1 answer
943 views

I recently secure-booted Arch and Fedora on my RTX3050 equipped laptop. As is the common knowledge, I had to sign my Nvidia modules on Fedora for the kernel to load them. However, I find that same is ...
cryptic's user avatar
  • 103

1
2 3