Re: Debian live boot corrupting secure boot

[Valerio Vanni <valerio.vanni@inwind.it>]

Il 04/10/2023 17:11, Max Nikulin ha scritto:

> > > > But neither Asus (bios from start of September) nor Microsoft 
> > > > (Windows 11) do that blacklisting.
> > >
> > > Do you mean Windows install on hard drive or Windows install image?
> should be "installed"---------^

Ok, "installed".

> I am curious if just booting a recent media published by Microsoft (not 
> install, just booting till first dialog) may change secure boot keys. If 
> I have got you right, Windows with all updates installed still allows to 
> boot old Clonezilla.

I'll try. Now I don't have the machine.

> > > If firmware has the "EFI shell" option then you may try "bcfg boot 
> > > dump -v". Unsure if it is possible to redirect output to a file.
> >
> > I'll try. Is there nothing inside Linux efi tools?
>
> Sorry, your question is unclear for me. I was trying to suggest a way to 
> inspect UEFI boot variables without disturbing its state. If Linux 
> images may do something with secure boot keys then I see the following 
> alternatives:
> - Firmware may have EFI shell boot option included
> - Perhaps there are some tools for Windows

I don't know if there is an EFI shell.

For Linux, I found this (there's no version for Debian):
https://github.com/rhboot/dbxtool

But it says it was replaced by this:
https://github.com/fwupd/fwupd

I'll try.