Re: Debian live boot corrupting secure boot

[Max Nikulin <manikulin@gmail.com>]

On 05/10/2023 04:06, Valerio Vanni wrote:
> I don't know if there is an EFI shell.

I am not sure, but some motherboards may have it preinstalled. Check 
files on EFI system partition. It may be available in boot menu invoked 
by some F* key (not grub menu), it may be necessary to enable it in 
Firmware (BIOS) settings. On a screenshot of AMI bios some related 
option is present in "Exit" menu in advanced mode.

Some commands and links:

https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface#UEFI_Shell

> For Linux, I found this (there's no version for Debian):
> https://github.com/rhboot/dbxtool
>
> But it says it was replaced by this:
> https://github.com/fwupd/fwupd

My impression is that fwupd may install updates if they are provided by 
hardware vendors.

Concerning secure boot keys, I would start from mokutil, but since I 
never debugged similar issues, I am not sure.