You are not logged in.
- Topics: Active | Unanswered
#1 2025-03-15 22:38:15
- Succulent of your garden
- Member
- Registered: 2024-02-29
- Posts: 214
[SOLVED] disabling secure boot in Asus vivobook 14 arch installation
Recently I just have an asus vivobook 14 x1404 . This laptop in uefi doesn't have a single button to just disable secure boot. I have a secure boot control button, which let you set to disable, but the field of secure boot it still get active, which you can't edit easily. As far as I know checking the asus documentation you can disable the secure boot if you go and edit the key management, but asus doesn't tell you how to do it. So I'm assuming that deleting some keys the device could get unlocked. Also I tried to use the "reset to setup mode" but it doesn't work. So i have these options:
Export secure boot variables
Platform key(pk)
key exchange keys(kek)
Authorized signatures(db)
forbidden signatures(dbx)
authorized time stamps(dbt)
In key exchange keys and authorized signatures are the windows keys, but in the others are content from the asus notebook also. So I'm not sure how to handle this. Just I need to delete all the windows keys first ? What about the forbidden and authorized time stamps ? There are also one file but it doesn't say anything. I'm not sure how to approach this, I don't want to kill the notebook by just deleting every key and then the uefi can't launch properly. But I know that many people use arch in vivobooks. But it's seem this one is a little more tricky to disable secure boot.
EDIT: also in every keys and signatures field i have the following options:
details
export
update
append
delete
Last edited by Succulent of your garden (2025-03-16 20:48:36)
Offline
#2 2025-03-16 04:49:51
- jonno2002
- Member
- Registered: 2016-11-21
- Posts: 773
Re: [SOLVED] disabling secure boot in Asus vivobook 14 arch installation
you shouldnt need to delete any of those keys at all, i know ive had to set a bios/uefi master/admin password to enable the option to disable secure boot before so you can try that.
Offline
#3 2025-03-16 08:16:31
- icar
- Member
- From: Catalunya
- Registered: 2020-07-31
- Posts: 527
Re: [SOLVED] disabling secure boot in Asus vivobook 14 arch installation
Also, after disabling secure boot, reboot into the UEFI again. Sometimes then it shows more options.
Offline
#4 2025-03-16 10:50:47
- Succulent of your garden
- Member
- Registered: 2024-02-29
- Posts: 214
Re: [SOLVED] disabling secure boot in Asus vivobook 14 arch installation
I had tried both options mentioned and It didn't work. I set the admin password and It didn't work, I can't change the secure boot status. In the boot priority it says windows boot manager. I assume it's because of the keys in the key management field, because I change the default ssd to another one fully empty. So I don't know how to disable the secure boot currently now.
EDIT: When I'm trying to boot with the usb stick it says: Secure boot violation, invalid signature detected. Check secure boot policy in setup.
Using the escape key to directly boot to usb stick launch the same error.
EDIT AGAIN: So what do you think of just deleting the primary key (pk) ? Maybe that could stop the secure boot in the uefi. Also if that's the case I'm going to backup the pk in a usb stick ? Any recommendations to do that ? I mean does the uefi would only work with ntfs usb stick ? Should I have some knowledge before I made the backup of the pk ?
Also maybe adding the arch iso to the db of the secure boot could work, But I'm assuming that is not possible.
Last edited by Succulent of your garden (2025-03-16 12:02:46)
Offline
#5 2025-03-16 13:37:37
- icar
- Member
- From: Catalunya
- Registered: 2020-07-31
- Posts: 527
Re: [SOLVED] disabling secure boot in Asus vivobook 14 arch installation
Usually you can re-add the default secure boot keys after deleting, no issue. But ymmv
Offline
#6 2025-03-16 20:35:32
- Succulent of your garden
- Member
- Registered: 2024-02-29
- Posts: 214
Re: [SOLVED] disabling secure boot in Asus vivobook 14 arch installation
After making a backup of the PK and deleting it, it works. So that's the solution. It seems that maybe you will need to set up admin password, but after deleting the pk the secure boot gets disable. Also it's needed to do the deleting of the pk with the nvme ssd that came by default in the notebook. Otherwise the deletion is not going to work.
Nevertheless many thanks for your replies. Now I need to get the wifi working because it's seems that the arch iso doesn't have the driver for the wifi network card, but that is for another post I guess in the coming days 
Probably I'm going to do a notebook guide for arch when i'm done with this, in my free time 
Last edited by Succulent of your garden (2025-03-16 20:36:50)
Offline