r0m30
commented
2 years ago You can just overwrite the pba with the normal host sedutil-cli. There is no reason to boot the rescue image.
Open siberianhuskies opened 2 years ago
r0m30
commented
2 years ago You can just overwrite the pba with the normal host sedutil-cli. There is no reason to boot the rescue image.
siberianhuskies
commented
2 years ago Just to clearify, when booted into the host system (after unlocking), I can just use
sedutil-cli --loadPBAimage <current-password-in-plain> /path/to/UEFI64.img /dev/sdX
to update the PBAimage?
Nothing else required?
r0m30
commented
2 years ago Yes.
Hi,
First, great project! Without it I could not use the drive encryption.
Short version: How to upgrade the
UEFI64.imgon a (previously working) PBA setup?Long version: I was using an old sedutil/recovery image version to initially setup PBA (maybe three years ago). Now I updated the bios on my motherboard. I can still boot into the PBA image (even though booting the kernel is super slow, takes minutes), but after entering the password, it is stuck at scanning. However, if I boot from the current
RESCUE64.imgimage, then I can unlock the drive withlinuxpbaand boot the actual system. From what I have read in other issues, this is a problem between the new bios and an old linux kernel in my old PBA. Therefore I would like to update the PBA without losing all date of the actual system. I am not sure whether it is enough to just usesedutil-cli --loadPBAimage <current-password-in-plain> /path/to/UEFI64.img /dev/sdXto update PBA (when booted in the rescue image)? Or whether it might erase any date? Or whether I then have to manually change e.g. UEFI boot entries?I hope someone can tell me how to update PBA.
Best regards