[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

How to enroll Microsoft Secure Boot key from Debian Live image?

I want to check current Microsoft signed Debian Secure Boot keys on
actual hardware.

Using buster's shim-signed package when building my own live-build based
iso should work.

I have an laptop without any keys on it.

Can you please point me on:

* Whether is only one key or three keys like I have read somewhere else.
* Where to download the MS key?
* How to enroll the MS key

thanks to mokutil command on a live cd session?

I'm interested on setting up the laptop as if it was properly setup
laptop for working with secure-boot enabled windows installations.

I have tried using the Fedora's method describe here:
but unfortunately:
* My laptop does not come with an uefi shell by default.
* Boot from file does not seem to detect dd'ed iso to the usb device.

Note: I might try later to copy the iso contents into a fat32 partitions
and see if it can then run the EnrollDefaultKeys.efi file. Anyways I'm
also interested in the mokutil method because I might automate it for
Rescapp/Rescatux in the future.

I also encourage you to add this procedure to the wiki.

Thank you very much.

Support free software. Donate to Super Grub Disk. Apoya el software
libre. Dona a Super Grub Disk. http://www.supergrubdisk.org/donate/

Reply to: