To secure boot an Ubuntu installation i use shimx64.efi loader. Trie to copy-paste it to the boot directory of my Kali Linux (whose GRUB loader i am currently using), but it doesn't seem to work. How can i secure boot the latter, or more generic any Linux distribution?
Add a comment
|
1 Answer
Following is the TYPICAL boot order for a secure boot supported Linux OS :
- Shim.efi is loaded
- BOOTX64.efi is loaded
- BOOTX64.efi requests for grubx64.efi
- grubx64.efi request for grub.cfg
- grub.cfg loads vmlinuz and initrd
So, in order to support secure boot, you must have BOOTX64.efi signed with your keys. Register your PK(primary key), KEK (Key exchange key) in firmware
NOTE: shim.efi is not needed if your OS's keys are registered by OEM/HW vendor's firmware.