Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Temporary suspend BitLocker and Disable secure boot
- Legends $ = normal user, # = super user (sudo)
- $ openssl req -newkey rsa:4096 -nodes -keyout MOK.key -new -x509 -sha256 -days 3650 -subj "/CN=my Machine Owner Key/" -out MOK.crt
- $ openssl x509 -outform DER -in MOK.crt -out MOK.cer
- # mokutil --import MOK.cer // prompts for one-time password
- # mokutil --list-new // recheck your key will be prompted on next boot
- //Before shutdown and boot for next MOK enrollment, you MUST use USB keyboard otherwise you can't type in anything.
- showdown and Get into Novo Menu -> boot menu -> your debian boot media and continue the MOK enroll process
- It will reboot again to windows (in case you set windows at 1st boot priority like mine), GO disable Bitlocker again and shutdown
- Go to Novo menu and booot into debian and
- # sbsign --key MOK.key --cert MOK.crt --output /boot/vmlinuz-linux /boot/vmlinuz-linux // kernel signing
- # sbsign --key MOK.key --cert MOK.crt --output esp/EFI/BOOT/grubx64.efi esp/EFI/BOOT/grubx64.efi // grub signing
- Then go to Novo menu and bios setting to turn the secure boot on, Save and exit and force shutdown
- Then go to Novo menu again and boot debian
- # mokutil --enable-validation
- and reboot to debian again, you can check dmesg log for the secure boot status
Advertisement
Add Comment
Please, Sign In to add comment
