SEDutil future with Secure Boot - a Potential Option is available

[ChubbyAnt]

Windows 11 requires secure boot. Thus, for those who use SEDutil for preboot OPAL unlocking, we need a path for a secure boot compatible PBA.

Relax and Recover (https://github.com/rear/rear) is a backup and restoration utility that wraps in SEDutil in a rescue image and PBA. With great difficulty I have been able to get the rescue image working with secure boot and SEDutil, but I have not yet successfully managed to get the slimmer rear PBA working correctly. After trying many iterations to make rear work correctly, I ultimately succeeded in getting the rescue image to work with NVME and SATA SEDs by building rear in Debian 10.

It looks like a reasonable path forward to develop a Secure Boot enabled PBA for SEDutil is to use rear rescue image as a base with stripped out unnecessary rear packages.

The great news is that today rear is a working secure boot option for SEDutil PBA unlocking.

[ChubbyAnt]

Windows 11 does not need secure boot to be enabled, and SEDutil works fine with a PC that is secure boot capable, but is secure boot disabled. See https://github.com/ChubbyAnt/sedutil/issues/43