On 27.07.2023 21:44, Zvi Vered wrote:
Hello,
I'm trying to install grub 2.x for secure boot .
I did the following steps under knoppix 9.1 :
mkfs.fat -F32 /dev/sdb1
mount -t vfat /dev/sdb1 /media/sdb1
apt-get install grub-efi-amd64-signed
grub-install --boot-directory=/media/sdb1/boot --efi-directory=/media/sdb1
--uefi-secure-boot
But when I selected this device in the boot menu I got the red message
telling this partition contains unsecured code.
May be you should start with reading what Secure Boot is and how it
works. E.g. in wikipedia.
Can you please advise how I should proceed?
Either you need to generate your own PK and enroll it replacing default
keys and then sign your grub image with key signed by PK. Or you need to
use shim as the first stage loader and enroll the hash of your grub
image using mokutil (alternatively sign grub image and enroll
certificate using mokutil).
