Purpose:
Fundamental management-knowledge sharing for Secure Boot in Linux.
Target Audience:
To who has well understood PKI and Secure Boot.
Prerequisites:
Install efitools in Linux. Take Ubuntu 22.04.4 LTS for instance.
# sudo apt install efitools
1. Check Secure Boot enabling state.
- OS with Secure Boot.
# sudo mokutil --sb-state
SecureBoot enabled
- OS failed Secure Boot.
# sudo mokutil --sb-state
SecureBoot disabled
- No PK or Secure Boot is in Setup Mode.
# sudo mokutil --sb-state
SecureBoot disabled
Platform is in Setup Mode
2. Check imported keys in the system.
- In following case, the system only imported two keys, PK and db.
root@FWA-3051-efi:~# efi-readvar
Variable PK, length 1605
PK: List 0, type X509
Signature 0, size 1577, owner xxxx4851-xxxf-xxx1-xxx9-fbf883bbbxxxx
Subject:
C=TW, ST=Taiwan, L=Advantech, O=Advantech, OU=TEST, CN=SASE signing key
Issuer:
CN=UEFI kek
Variable KEK has no entries
Variable db, length 1604
db: List 0, type X509
Signature 0, size 1577, owner xxxx4851-xxxf-xxx1-xxx9-fbf883bbbxxxx
Subject:
C=TW, ST=Taiwan, L=Advantech, O=Advantech, OU=TEST, CN=SASE signing key
Issuer:
CN=UEFI kek
Variable dbx, length -4
Variable MokList has no entries
Comments
0 comments
Please sign in to leave a comment.