Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Secure Boot
#11
(09-17-2021, 07:19 AM)longpanda Wrote: You can have ENROLL_THIS_KEY_IN_MOKMANAGER.cer as a seperate file.
But this file is just for shim not the UEFI BIOS.
The shim is already signed with a valid signature and the shim will check the grub.efi.
For the first time, shim check grub.efi fail, so it will start the mokmanager screen for user to enroll the cer file.
After that, the second boot time, shim will check OK then start grub.efi.

Anyway, the EFI\BOOT\BOOTX64.efi is the shim and is signed with a valid key(because the shim is directly get from fedora/redhat distro)
So I don't known why your UEFI BIOS still report "- secure boot violation, invalid signature detected."
Could it be Shim itself?
I do not get the Dark Blue screen in the first place and clicking on BOOTX64.efi produced same output.
Somehow Shim has invalid signatures (in my case)??
Reply


Forum Jump:


Users browsing this thread: 3 Guest(s)