How to enroll Microsoft Secure Boot key from Debian Live image?
I want to check current Microsoft signed Debian Secure Boot keys on
actual hardware.
Using buster's shim-signed package when building my own live-build based
iso should work.
I have an laptop without any keys on it.
Can you please point me on:
* Whether is only one key or three keys like I have read somewhere else.
* Where to download the MS key?
* How to enroll the MS key
thanks to mokutil command on a live cd session?
I'm interested on setting up the laptop as if it was properly setup
laptop for working with secure-boot enabled windows installations.
I have tried using the Fedora's method describe here:
https://fedoraproject.org/wiki/Using_UEFI_with_QEMU#Run_EnrollDefaultKeys.efi
but unfortunately:
* My laptop does not come with an uefi shell by default.
* Boot from file does not seem to detect dd'ed iso to the usb device.
Note: I might try later to copy the iso contents into a fat32 partitions
and see if it can then run the EnrollDefaultKeys.efi file. Anyways I'm
also interested in the mokutil method because I might automate it for
Rescapp/Rescatux in the future.
I also encourage you to add this procedure to the wiki.
Thank you very much.
adrian15
--
Support free software. Donate to Super Grub Disk. Apoya el software
libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/
Reply to: