Re: Debian live boot corrupting secure boot
Il 04/10/2023 17:11, Max Nikulin ha scritto:
from Windows update. Then I installed Windows 11 with upgrade assistant.
So far, no blacklist of old Clonezilla.
Do you mean that installing Windows 10 or 11 from scratch could behave
differently?
I am curious if just booting a recent media published by Microsoft (not
install, just booting till first dialog) may change secure boot keys. If
I have got you right, Windows with all updates installed still allows to
boot old Clonezilla.
Just booting had no effect. Even a Windows 11 complete install from
scratch (on empty disk) does not block old Clonezilla boot.
Tried also with "get latest updates as soon as they are available" option.
I did it to exclude something not standard in OEM installation.
If firmware has the "EFI shell" option then you may try "bcfg boot
dump -v". Unsure if it is possible to redirect output to a file.
I'll try. Is there nothing inside Linux efi tools?
Sorry, your question is unclear for me. I was trying to suggest a way to
inspect UEFI boot variables without disturbing its state. If Linux
images may do something with secure boot keys then I see the following
alternatives:
- Firmware may have EFI shell boot option included
- Perhaps there are some tools for Windows
Now I have a machine again. No, there is only the entry for "EFI shell",
but no one is included in firmware.
It wants it on a usb key, and says that you have to disable secure boot
to make it work.
So it doesn't seem to be a good diagnostic platform for secure boot.
My idea is to load tools on old Clonezilla, to compare the condition
between before and after new Clonezilla boot.
I cannot use a new Linux, because I would see a just changed condition.
EDIT:
Now I've tried Fedora live: it doesn't act like Debian. After it, I can
still boot old Clonezilla. Not only at grub page: I can also load live
environment.
This is what I expect from a live.
So I can use it to dig into secure boot keys.
Reply to: