08-05-2024, 03:51 PM
(08-03-2024, 11:28 AM)Steve2926 Wrote: Did you see this? Does your BIOS have a config entry for this?
https://download.lenovo.com/pccbbs/mobil...re_PCs.pdf
Secure Boot is supported by many Linux distributions and is an important security
feature for ensuring that your boot loader and kernel have not been tampered with.
Linux distributions use a Microsoft signed ‘shim’ executable that is then able to verify
the subsequent boot stages - that have been signed with the distribution key. The
Microsoft signed shim is signed using the “Microsoft 3rd Party UEFI Certificate”, and
this certificate is stored in the BIOS database.
Starting in 2022 for Secured-core PCs it is a Microsoft requirement for the 3rd Party
Certificate to be disabled by default. This means that for any of these Lenovo
platforms shipped with Windows preinstalled an extra step is needed to allow Linux to
boot with secure boot enabled.
To enable secure boot to work with Linux we need to enable the “Allow Microsoft 3rd
Party UEFI CA” option in the BIOS setup.
That option is actually available in the Dell bios and enabling it then allows you to enroll the Ventoy key. Great find! Thanks!