Hello, I already imported the sb keys from the uefi and signed my grub image. However the problem is that apart from the uefi verification of the grub image itself, no other verification is done by grub. This would mean that I can actually boot on unsigned kernels from grub (with sb enabled!). But I can sign correctly both the kernel and grub as of now.
On November 22, 2023 6:40:18 AM GMT+01:00, Mathias Radtke <[email protected]> wrote: >Hi, > > > >So, how can I set up grub in a way that I can: >1) boot with secure boot enable to the grub menu > >You would need to import your key into the SecureBoot Database in your >machines UEFI. >This way your system knows this signature is valid. >The official way would be to build a shim with your PubCert inside and let it >sign by Microsoft so you can get an officially verified shim that can start >your own signed grub. This way is a very long route and involves a review >process. As you are using it solely for yourself you don't need it. > >Regards > >Mathias
