Techly NewsGet the app

Get the latest tech news

Managing EFI boot loaders for Linux: Controlling secure boot (2015)


Originally written: 2/22/2015; last update: 3/4/2023 This Web page is provided free of charge and with no annoying outside ads; however, I did take time to prepare it, and Web hosting does cost money. If you find this Web page useful, please consider making a small donation to help keep this site up and running.

This method of doing the job is likely to be slightly easier than using a separate utility, because you won't need to use an EFI shell or otherwise configure such a tool to run; but all four of the interfaces I've seen employ confusing terminology and are unintuitive in certain key respects. Both the efitools build process and my mkkeys.sh script create this file, which removes the PK from your computer, returning it to setup mode without deleting your KEK, db, dbx, or MOK. The reason is that this command relies on write access to the EFI firmware variables at/sys/firmware/efi/efivars/, and most Linux distributions mount this pseudo-filesystem such that the immutable bit is set on most files, as a precaution against damage.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Linux

Linux

Photo of Secure Boot

Secure Boot

Photo of loaders

loaders

Related news:

News photo

Apple Silicon SoC/DT Changes Submitted Ahead Of Linux 6.17

News photo

A Number Of Problems Make Debian & Other Linux Distros A Pain On Snapdragon X Laptops

News photo

8 ways I quickly leveled up my Linux skills - and you can too

« Show HN: WTFfmpeg – Natural Language to FFmpeg Translator
Org tutorials »