Fixed typo, removed mention enroll-keys enables Secure Boot automatic…

Foxboron / sbctl

:computer: :lock: :key: Secure Boot key manager

MIT License

1.35k stars 71 forks source link

Fixed typo, removed mention enroll-keys enables Secure Boot automatic… #270

Closed tblancher closed 6 months ago

tblancher commented 6 months ago

…ally

Huh, GitHub has a less than 80 character limit to commit messages.

Per https://wiki.archlinux.org/title/Talk:Unified_Extensible_Firmware_Interface/Secure_Boot#Enrolling_keys_with_sbctl_enables_Secure_Boot, enroll-keys does NOT enable Secure Boot. It still has to be done manually through the UEFI BIOS firmware settings.

Foxboron commented 6 months ago

Thanks!

tblancher commented 5 months ago

@Foxboron When I finally got down to trying this, my Lenovo X1 Carbon, 11th gen does NOT offer a way to enable Secure Boot in the UEFI BIOS Security menu within its settings. I can disable Secure Boot, enter Setup Mode from the UEFI settings, but not enable it; it looks like that enabling it has to come from the OS.

The only way I was able to enable Secure Boot was with sbctl enroll-keys --microsoft. Maybe it depends on the system, and its compatibility with sbctl?