All Questions
Tagged with secure-boot linux
43
questions
0
votes
1
answer
85
views
Bypassing Secure Boot without disabling it
I've tried archboot, but no luck as I was stuck due to the plymouth missing. Now I want to try to install arch or nixos alongside Win 11. The problem lies in secure boot. I don't have spare linux to ...
1
vote
0
answers
104
views
How can I use unified kernel images with Ubuntu and Debian?
I would like to use unified kernel images (UKIs) and systemd-boot to take advantage of some of the hardware security features it provides (such as measured boot and real secure boot). I think that the ...
1
vote
1
answer
141
views
Why does the kernel reject my self signed module on a secure boot system?
I have a secure boot enabled linux on an Intel NUC. It uses a special distribution (Balena IoT) that doesn't use shim and has only this distribution's keys enrolled (no Microsoft keys). For a test, I ...
0
votes
0
answers
284
views
How to get minimal vendor information about the TPM chip installed in my laptop
How do I get some minimal information about the TPM chip in my Linux laptop?
Information such as the manufacturer, manufacturer id, manufacturer version.
So far I have tried the tpm2_getcap command to ...
2
votes
1
answer
1k
views
LUKS encryption using passphrase + TPM
I have questions about secure boot and TPMs and I couldn’t find precise answers on the web, so I’m hoping someone skilled in this domain will be able to answer.
In a case of an evil maid attack, what ...
0
votes
1
answer
558
views
Why can Debian 11 no longer load after Windows 10 changed motherboard state?
Note that this question is not a duplicate of the typical dual-boot questions, because I never have the Windows-HDD and Linux-SSD at once in the PC, so they cannot touch each other's (efi) partitions.
...
1
vote
1
answer
1k
views
Is disabling secureboot that bad?
I want to sometimes use Linux, sometimes windows.
I found out that, Puppy Linux is small, I can install it on a USB. But the problem is, if I click on my USB in the boot menu, I have to disable secure ...
0
votes
0
answers
493
views
PC not booting after enabling secureboot in Linux
I tried to Multiboot my Laptop with secureboot enabled, I installed fedora on one SSD and had Windows 11 on the other one. Then I generated a new key for the UEFI. I enabled secureboot in the UEFI ...
0
votes
1
answer
169
views
Is it possible to "go back" to grub after booting linux
I am trying to enable secureboot so I can forget about it when switching between windows and linux through dualboot. However, grubs newer versions don't allow mods to be inserted after boot, so I need ...
0
votes
1
answer
1k
views
Aptio 2.22 @Asus PN52 - how to enable boot from usb stick and install Linux?
I am trying to install Linux Mint 20.3 from USB stick on my new Asus PN52. USB stick was made with UNetbootin on Linux Mint 19. USB drive and internal NVMe disk - operating system destination - are ...
0
votes
2
answers
15k
views
How to disable secure boot without entering UEFI?
My problem is secure boot. I am trying to boot into Linux using a USB but most distros won't work with secure boot, I already know secure boot can be disabled in the UEFI settings, and I know how to ...
0
votes
1
answer
1k
views
Trying to Disable Secure Boot
I am trying to disable Secure Boot in my Linux Mint OS. My laptop is an Acer Aspire 5.
The problem is I can use the arrow keys on all BIOS menus, except Security and Boot. When I navigate to the ...
5
votes
0
answers
3k
views
Kernel lockdown disallows loading of an self-compiled and self-signed in-tree kernel module
I'm having difficulties loading a kernel module that I myself compiled and signed for Secure Boot. The module in question is ec_sys, located within drivers/acpi directory of the kernel tree.
I'm using ...
0
votes
0
answers
125
views
Is it possible to customize an Ubuntu or Debian live system while keeping the secure boot (microsoft keys) compatibility?
I would like to create a customized live system of either ubuntu or debian while keeping it compatible with the microsoft secure-boot keys, allowing computers to boot this live-system without fiddling ...
0
votes
0
answers
501
views
Cause for EFI Signature Change on PopOS Linux
I have a system with popos 21.10 installed. I had added the vmlinuz.efi signature to the secure boot list. Today I tried to boot the system after a week idle and it gave me an error saying the ...
0
votes
1
answer
9k
views
Can disabling secure boot affect Windows?
Can disabling secure boot affect Windows OS? I want to disable it to install Linux. I use Windows 10 as my main OS now so all my data would be potentially lost if there is some problem with Windows ...
0
votes
1
answer
179
views
Unable to load signed modules on a signed custom kernel
I'm using Fedora 33. In order to boot a custom kernel, I had to generate an X.509 certificate to sign the kernel. This part works just fine.
I can also sign a custom kernel module with the same ...
1
vote
0
answers
42
views
Unable to easily switch os after dual booting
I got a new laptop ((Asus vivobook 14)https://www.flipkart.com/asus-vivobook-14-ryzen-5-hexa-core-4500u-8-gb-512-gb-ssd-windows-10-home-m413ia-ek582t-thin-light-laptop/p/itm8d1c44556be49?pid=...
1
vote
0
answers
862
views
Signature verification fails for secure boot kernel
I'm trying to setup secure boot with using custom keys exclusively following the guide from rodsbooks. I created and enrolled keys for db, KEK and PK and signed grub and the kernel image accordingly (...
4
votes
1
answer
7k
views
How to Secure Boot EFI images signed with an installed custom key?
I've been trying to configure UEFI Secure Boot to use my own keys for a dual boot (Windows 10 + Linux) system.
This system is a Dell XPS 8700 (circa 2015) with an American Megatrends firmware/BIOS, ...
3
votes
1
answer
3k
views
Undo 'sbsign' on executable, remove an attached image signature
I've signed an EFI image using the sbsign utility from the sbsigntools package, for example:
# sbsign --key db.key --cert db.pem \
--output /boot/efi/EFI/Grub/grubx64.efi /boot/efi/EFI/Grub/...
2
votes
3
answers
557
views
Will disabled secure boot put at risk my pc?
I'm having Windows 10 and Linux on dual boot on my PC. I'm using Linux all the time but now I want to play something that runs only on Windows 10.
The secure boot on my PC is disabled.
On Windows I've ...
2
votes
0
answers
1k
views
secureboot with parrotOS - not able to sign custom kernel
I've installed Parrot OS on my surface and built the custom kernel for the surface from jakeday repo. I'm currently trying to sign my custom kernel that I can turn on secureboot again.
I've followed ...
0
votes
0
answers
142
views
Is there a way to disable Secure Boot startup message?
So yesterday I disabled Secure Boot in order to run an undervolt software. I'm running Elementary OS on an Asus Q325UA laptop and when I reboot/cold start the system I get this message before the grub ...
0
votes
0
answers
371
views
Linux kernel authentication
For the problem that I am facing is actually that I am working on a project which is about checking the integrity of the kernel image "vmlinuz" that is in the hard disk!
To do so, am trying to add a ...
0
votes
2
answers
787
views
Secure boot from Nitrokey storage?
I was looking into buying a NitroKey. To my surprise I found the following statement in the brochure:
Keep a Secure Operating System With you at all Times
Securely boot Windows or Linux ...
2
votes
1
answer
4k
views
How do I boot Windows 10 without Secure Boot (but with UEFI enabled) if it was preinstalled with Secure Boot?
I'm trying to get Windows 10 to play nice in a dual-boot setup with Antergos as the other OS, but I don't want to have to toggle Secure Boot every time I want to switch OSes, and I'd much rather not ...
0
votes
1
answer
1k
views
Add Secure Boot Key to Live Distro
I wanted to ask if it was possible to load a key into my live persistence distro in order to get past Secure Boot without disabling? I imagine the answer is probably no, but I felt like asking anyhow.
1
vote
2
answers
645
views
How to get a pre-release linux kernel to work with SecureBoot (Fedora 26)
I'm running Fedora 26, but to get suspend and resume working, I need to use a Rawhide kernel (4.13.rc-1 or later) (See kernel issue).
I've successfully installed the Rawhide kernel (4.13.rc-4) ...
1
vote
0
answers
1k
views
Installing a Linux kernel in the UEFI BIOS of the Xiaomi Mi Air 13
My post is about the UEFI BIOS of the Xiaomi Mi Air 13. It is a very interesting laptop, light and tough. His BIOS seems an InsydeH20 One, and I can't clear Secure Boot keys.
I'm in the process to ...
2
votes
0
answers
412
views
VirtualBox 5.1 installation issues Ubuntu 16.04
I am using new to Vagrant. And stuck with VirtualBox installation with Ubuntu 16.04. Executing vagrant up command, gives the following error
The vboxdrv kernel module is not loaded. Either there is ...
3
votes
2
answers
4k
views
Why isn't grub loading in UEFI?
I'm stuck trying to get Linux to boot on my PCs. I've been trying a lot with OpenSUSE and Ubuntu on my different laptops but none of them work. Regardless how many times I run update-grub, it never ...
0
votes
1
answer
2k
views
PreLoader.efi: What's wrong with my Secure Boot settings?
I installed Arch Linux with Secure Boot enabled using PreLoader. I enrolled the hash for loader.efi, containing rEFInd, and vmlinuz-linux using HashTools. The problem is that I get a message saying:
...
3
votes
1
answer
3k
views
Windows 10 / Linux Dual Boot - Boot-loader Problems
I am currently running a dual boot of Windows 10 Home 64-bit and Xubuntu 15.04 64-bit on my machine. I have Windows 10 on an SSD, Xubuntu on another SSD and an HDD for storage formatted as NTFS (this ...
0
votes
1
answer
572
views
Secure Boot for Linux?
Is the "esp boot partition" as secure as an ext2 partition. If the secure boot feature is not enabled.
My current research reveals contradictory opinions among the leading OSes, with choice ...
0
votes
1
answer
1k
views
Is there a way to tell whether my EFI bootloader would accept the signature of the binary without reboot?
Assume that I have just installed a signed EFI bootloader (e.g. grub2 from Ubuntu 14.10 amd64 on a Lenovo IdeaPad U410 which can only boot in secure boot EFI or legacy mode) on a machine from within a ...
2
votes
1
answer
165
views
Stop Windows 8.1 from removing Grub
I've got a relatively new HP Envy machine running Windows 8.1 that I want to run Ubuntu on. Installation works great and I'm all happy until I boot back into Windows, at which point grub is removed ...
4
votes
0
answers
554
views
If TPM owner password set in linux, how to enter owner password in windows to enable bitlocker?
I have successfully taken ownership of, and used various features of, my tpm in linux, using tpm_takeownership and related applications.
Now when I try to enter the owner password in windows to ...
0
votes
1
answer
1k
views
Secure boot validation failure loading ext4_x64.efi
My setup:
- Lenovo U510 with preinstalled Windows 8
- UEFI and Secure Boot enabled
- Fedora 20 installed on a new ESP partition
Having two ESPs I wasn't able to boot Windows with grub, so I ...
0
votes
1
answer
3k
views
Dual Boot Linux and Windows 8 on ASUS laptop (Windows 8 Installed)
I'm having trouble locating information on installing linux on a ASUS laptop with Windows 8 pre-installed. I'd like to (1) retain the existing Windows 8 partition since its loaded and configured to my ...
1
vote
3
answers
2k
views
Secure Boot, Bumblebee and Fedora - how to?
I'm a happy user of Fedora 19 and I have it installed on a Samsung Series 5 laptop, which has an off board video card from NVidia - specifically a GeForce GT 630M. I managed to successfully install ...
1
vote
2
answers
7k
views
Does CentOS 6.4 Support UEFI and SECURE BOOT Fully?
Does Minimal Edition of CentOS 6.4 support UEFI & SECURE BOOT fully?
I want to install it besides Windows 8. Now does it install normally or does it not support UEFI & SECURE BOOT fully yet?
...
49
votes
1
answer
12k
views
If I buy a computer with Windows 8 and Secure Boot, will I still be able to install Linux?
I've heard a lot about how Microsoft is implementing UEFI Secure Boot in Windows 8. Apparently it prevents "unauthorized" bootloaders from running on the computer, to prevent malware. There's a ...