You are not logged in.
- Topics: Active | Unanswered
#1 2022-01-23 10:19:22
- AlgoJerViA
- Member
- Registered: 2014-08-06
- Posts: 24
The warning about replacing the platform keys
Hi
The page Secure_Boot#Using_your_own_keys has the following warning.
Warning: Replacing the platform keys with your own can end up bricking hardware on some machines, including laptops, making it impossible to get into the UEFI/BIOS settings to rectify the situation. This is due to the fact that some device (e.g GPU) firmware (OpROMs), that get executed during boot, are signed using Microsoft's key.
How can I know if this affects my laptop? I have an ASUS Expertbook B9 (B9450CEA)?
Offline
#2 2022-01-23 11:36:04
- Head_on_a_Stick
- Member
- From: The Wirral
- Registered: 2014-02-20
- Posts: 8,999
- Website
Re: The warning about replacing the platform keys
See https://github.com/Foxboron/sbctl/wiki/FAQ but if in doubt just keep the Microsoft keys and add your own as well.
Note that the Secure Boot ArchWiki page doesn't currently cover sbctl but it probably should because that is provided by an Arch developer. I would add a section myself but I'm using my own solution at the moment so I'm not sure exactly how sbctl(8) works.
Jin, Jîyan, Azadî
Offline
#3 2022-01-23 13:45:42
- sammiev
- Member
- Registered: 2018-12-22
- Posts: 92
Re: The warning about replacing the platform keys
I'm not any good at writing a wiki but I do use sbctl with systemd-boot.
When enrolling the keys I use "sbctl enroll-keys -m" which includes the Microsoft keys.
sudo sbctl create-keys
sudo sbctl enroll-keys -m
sudo sbctl sign -s /boot/EFI/BOOT/BOOTX64.EFI
sudo sbctl sign -s /boot/EFI/systemd/systemd-bootx64.efi
sudo sbctl sign -s /boot/vmlinuz-linux
sudo sbctl verify
sudo sbctl status
Great info above from @Head_on_a_Stick
Offline