Enroll keys/certs in UEFI #6
Comments
|
I personally have used sbsign in the same way this script does without problem on my Thinkpad T440s via efitools KeyTool.efi. Placing my keys in the ESP partition and enrolling them through the bios. What kind of testing by users would you like from users? |
|
Yes, I used KeyTool.efi too, it's a bit cumbersome. By using efi-updatevar (see the commit referenced above) it can be done from Linux, but I wonder if that's supported on all computers. It did work in qemu with ovmf |
|
An ideal way would be to detect support for this. But I don't know enough about how efibootmgr or how UEFI is implemented. I've probably repaired around 500-1000 UEFI laptops though and the way manufacturers implement their BIOS is usually pretty uniform but with occasional BIOS'es that are almost hilariously crippled. Hope that helps. |
|
The blog reads like that efi-updatevars should be supported on anything with kernel >=3.8 |
didn't work for me, last time I've tried it :(, and it was not a kernel limitation. |
efi-updatevarcan do it.Preliminary support in 889cc7a
The text was updated successfully, but these errors were encountered: