When secure boot is disabled, is it possible to delete the PK key from terminal? I know that to change the keys, you need to enter setup mode. And to enter setup mode, you need to delete the PK key. Now, is it possible to delete the PK key not through BIOS, but through terminal of your OS? Keep in mind that secure boot is disabled.
The reason I'm asking this is because I want to have 2 OS's installed. First is Linux that will be signed with my own keys, and then Windows. In BIOS I will have only my custom keys, so no Microsoft keys. When booting Linux, I will have secure boot turned on, when booting Windows, I will have secure boot turned off (because I won't have Microsoft keys enrolled, only my custom keys).
Linux is an important OS for me, that's why I'll boot it with secure boot turned on; but Windows I won't use for anything important, so it's fine to boot it without secure boot.
However, let's say a malicious app got installed on my Windows OS. If I boot Windows with secure boot turned off, will this malicious app be able to change my secure boot keys? That's what I'm trying to understand.