How to enroll Microsoft Secure Boot key from Debian Live image?

To: debian-efi@lists.debian.org
Subject: How to enroll Microsoft Secure Boot key from Debian Live image?
From: adrian15 <adrian15sgd@gmail.com>
Date: Mon, 29 Apr 2019 01:20:49 +0200
Message-id: <[🔎] 2254df05-468a-fb84-791e-4660844d9e06@gmail.com>

I want to check current Microsoft signed Debian Secure Boot keys on
actual hardware.

Using buster's shim-signed package when building my own live-build based
iso should work.

I have an laptop without any keys on it.

Can you please point me on:

* Whether is only one key or three keys like I have read somewhere else.
* Where to download the MS key?
* How to enroll the MS key

thanks to mokutil command on a live cd session?

I'm interested on setting up the laptop as if it was properly setup
laptop for working with secure-boot enabled windows installations.

I have tried using the Fedora's method describe here:
https://fedoraproject.org/wiki/Using_UEFI_with_QEMU#Run_EnrollDefaultKeys.efi
but unfortunately:
* My laptop does not come with an uefi shell by default.
* Boot from file does not seem to detect dd'ed iso to the usb device.

Note: I might try later to copy the iso contents into a fat32 partitions
and see if it can then run the EnrollDefaultKeys.efi file. Anyways I'm
also interested in the mokutil method because I might automate it for
Rescapp/Rescatux in the future.


I also encourage you to add this procedure to the wiki.


Thank you very much.


adrian15
-- 
Support free software. Donate to Super Grub Disk. Apoya el software
libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/

Reply to:

Prev by Date: Re: How to enroll Debian Secure Boot test key from Debian Live image?
Next by Date: Re: How to enroll Debian Secure Boot test key from Debian Live image?
Previous by thread: Re: How to enroll Debian Secure Boot test key from Debian Live image?
Next by thread: What about not having UEFI CustomMode ?
Index(es):
- Date
- Thread