On 2023-07-17 11:16 PM, solsTiCe d'Hiver wrote:
You should be careful before deleting all the secure boot keys from
your BIOS.
Reading the warning at
https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys:
Warning: Replacing the platform keys with your own can end up bricking
hardware on some machines, including laptops, making it impossible to
get into the firmware settings to rectify the situation. This is due
to the fact that some device (e.g GPU) firmware (OpROMs), that get
executed during boot, are signed using Microsoft 3rd Party UEFI CA
certificate.
And it would be best to backup those keys before deleting them. There
is a command to do so on the same wiki page, a few paragraphs below.
Personally, I am just sticking to shim method to stay on the safe side.
This might be true, but unlikely that it would stop you getting into the
BIOS.
Nevertheless, any sane board will let you leave the factory keys
installed (or reset to them).
Even on my shitty MSI board I wasn't affected by this with no keys, but
you're right, it's good to point out.
--
Simon Perry (aka Pezz)
