On 17 July 2023 13:31:13 UTC, Simon Perry <arch@xxxxxxxxxxx> wrote:
>On 2023-07-17 11:16 PM, solsTiCe d'Hiver wrote:
>
>> You should be careful before deleting all the secure boot keys from your BIOS.
>>
>> Reading the warning at https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys:
>>
>>> Warning: Replacing the platform keys with your own can end up bricking hardware on some machines, including laptops, making it impossible to get into the firmware settings to rectify the situation. This is due to the fact that some device (e.g GPU) firmware (OpROMs), that get executed during boot, are signed using Microsoft 3rd Party UEFI CA certificate.
>>
>> And it would be best to backup those keys before deleting them. There is a command to do so on the same wiki page, a few paragraphs below.
>>
>> Personally, I am just sticking to shim method to stay on the safe side.
>
>This might be true, but unlikely that it would stop you getting into the BIOS.
This happened to me on an Intel NUC. The GPU firmware wasn't loaded anymore and there was no output on the screen. Even during early boot and the firmware settings.
I only managed to restore the backed up keys by following along the restore procedure on a second NUC that still had screen output.
>On 2023-07-17 11:16 PM, solsTiCe d'Hiver wrote:
>
>> You should be careful before deleting all the secure boot keys from your BIOS.
>>
>> Reading the warning at https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Using_your_own_keys:
>>
>>> Warning: Replacing the platform keys with your own can end up bricking hardware on some machines, including laptops, making it impossible to get into the firmware settings to rectify the situation. This is due to the fact that some device (e.g GPU) firmware (OpROMs), that get executed during boot, are signed using Microsoft 3rd Party UEFI CA certificate.
>>
>> And it would be best to backup those keys before deleting them. There is a command to do so on the same wiki page, a few paragraphs below.
>>
>> Personally, I am just sticking to shim method to stay on the safe side.
>
>This might be true, but unlikely that it would stop you getting into the BIOS.
This happened to me on an Intel NUC. The GPU firmware wasn't loaded anymore and there was no output on the screen. Even during early boot and the firmware settings.
I only managed to restore the backed up keys by following along the restore procedure on a second NUC that still had screen output.
