Recently I've had to deal with issues booting using UEFI as outlined in my Linux Boot Failure! Debugging UEFI Boot Issues blog post, where I also go into detail about UEFI and the UEFI boot process.

Been down the rabbit hole lately of UEFI Secure Boot issues, and decided to write an overview of how it works out-of-the-box in the excellent Debian-based Linux Mint LMDE 6.

Have mostly been researching this stuff as I was looking to replace GRUB entirely with systemd-boot on one of my systems. Will likely write a follow-up piece documenting that journey if I think it’d be interesting to some nerds out there.

  • cdombroskiEnglish
    2·
    1 year ago

    although if one wants they can actually take full control of the Secure Boot process by replacing the Platform Key (PK) with their own.

    Fun fact, actually replacing the platform key will often end up with the motherboard not being usable until you do a firmware install or nvram clear. This is because various modules (most relevantly GPUs) on the motherboard have their own signed firmware that’s loaded at boot and if you replace the platform key they can’t be loaded anymore as they don’t have a valid signature. See: https://github.com/Foxboron/sbctl/wiki/FAQ#option-rom