Skip to main content
Unix & Linux

Questions tagged [secure-boot]

Ask Question

Questions for UEFI Secure-Boot, Secure-Boot Key Signing and Management

122 questions
Newest Active Bountied Unanswered
0 votes
0 answers
81 views

Cloning Linux installation to another drive

I've backed up a Fedora 42 installation using tar, and now I am trying to restore the backup to a different drive on the same system, basically cloning the original installation. The original ...
bsdinis's user avatar
bsdinis
  • 1
0 votes
0 answers
158 views

How to secure boot raspberry pi4 with u-boot yocto image

The goal is to sign the mender yocto image and run it on secure boot enabled raspberry pi. I have raspberrypi-4 and the yocto image from mender (open source OTA platform). To give a quick try here is ...
URegal's user avatar
URegal
  • 1
1 vote
1 answer
55 views

Disabling Secure Boot on a Home Computer running Linux

How likely is it that disabling Secure Boot on a home computer running Linux would suffer from the advertised threat of unauthorized code—such as bootkits and rootkits—from being executed during the ...
Steve Cohen's user avatar
Steve Cohen
  • 539
0 votes
1 answer
74 views

Can DPDK Work With UEFI SecureBoot Enabled - Kernel Lockdown Mode?

Apologies in advance if I have incorrect assumptions in the post. I'm still getting the hang of DPDK. Basically, I am trying to utilize DPDK on a Generation 2 Hyper-V VM that has Secure Boot enabled. ...
ctap18's user avatar
ctap18
  • 1
2 votes
1 answer
866 views

Secure Boot with grub and no third party keys

Two common ways to do Secure Boot are: EFI -> shim -> grub -> kernel EFI -> UKI I want to keep grub, but discard all third party keys and use my own. One option would be to recompile ...
Fadeway's user avatar
Fadeway
  • 183
0 votes
1 answer
117 views

Debian FAI live system can't boot with secure boot enabled

I made a custom live system using the Debian FAI service. I can't boot it with secure boot as my laptop is not recognizing the signature somehow. But I can still boot my currently installed Debian ...
td211's user avatar
td211
  • 811
2 votes
0 answers
99 views

Is it possible to boot an unsigned kernel from a signed bootloader?

I am trying to build a tool to allow people to create network-bootable Linux environments. The primary use case is for mass deployment and configuration of end user devices. Most of these devices have ...
9072997's user avatar
9072997
  • 121
2 votes
1 answer
233 views

Shim boot loader: System is compromised when using certificate, but not with hash

I am trying to boot a Linux kernel with efi stub enabled using Red Hat's Shim https://github.com/rhboot/shim. I can boot the system if I enroll the hash of my efi stub (selecting GRUBX64.EFI), but ...
Jan Sommer's user avatar
Jan Sommer
  • 131
1 vote
0 answers
582 views

Kerrnel Locked Down from EFI secure boot, secure boot disabled in bios

I wanted to ask about something happening on my Debian 12 machine. When I run journalctl as root I get this message: "Kernel is locked down from EFI Secure Boot; see man kernel_lockdown.7" I ...
user615860's user avatar
user615860
  • 11
1 vote
1 answer
2k views

About Secure Boot, MOK and NVRAM

Good evening, after searching on google I didn't find the answer to my question. When installing a distribution such as Ubuntu with secure boot activated, the installer creates a MOK key in the NVRAM ...
user avatar
user611925
1 vote
1 answer
311 views

How to compare secure boot keys stored in motherboard’s firmware database with the signed .efi files?

It’s a piece of cake to enable secure boot in a virtual machine, but I’m struggling to do the same with OpenSUSE on my 2012 vintage computer which refuses to boot in secure boot mode even in the ...
Bogey Jammer's user avatar
Bogey Jammer
  • 209
0 votes
0 answers
109 views

Mass install linux by dd to drive directly?

I need to install an custom OS to many similar/identical laptops. Would it work to live boot a laptop and dd the disk from a template laptop to the new one? Is it possible to trigger secure boot key ...
johndue's user avatar
johndue
  • 61
0 votes
0 answers
290 views

How to disable kernel_lockdown (MSR) without BIOS or console access

I have a laptop with a damaged screen. I use it by connecting a screen via HDMI. I'm running some cryto mining software that requires MSR access to run efficiently. I cannot access the BIOS to disable ...
Nadim Ghaznavi's user avatar
Nadim Ghaznavi
  • 1
0 votes
3 answers
1k views

How and when is `/sys/kernel/security/tpm0/binary_bios_measurements` exposed?

Currently, I try to understand how a measured boot is working and what components log what in which pcr of a tpm2. I have a test-setup with uefi-secure boot enabled and a tpm2 attached in a kvm ...
user3046582's user avatar
user3046582
  • 101
0 votes
0 answers
1k views

How to add a key to the secureboot db EFI signature list?

I currently have two machines running Arch Linux with a unified kernel image (UKI), full disk encryption (FDE), and secure boot/TPM2 based unlocking. I would like to create a portable USB stick ...
StrongBad's user avatar
StrongBad
  • 5,491

15 30 50 per page
1
2 3 4 5
9