Closed tblancher closed 2 months ago
I don't see anything actionable in this issue. What is the intent with this?
This really should go under the Discussions section, but I don't see one in this GitHub project.
EDIT: Oh, I thought I saw Discussion section on another GitHub project, but I'm not finding it now. I must have seen it somewhere else.
EDIT2: I did see a Discussions section on a GitHub project, it looks like it has to be explicitly enabled by the project owner. See qutebrowser/qutebrowser for an example.
The discussion section has been enabled so I'll just close this issue :)
This is not a problem, per se. My experience conflicts with what @Foxboron told me. I had submitted a PR to fix a typo and take language out that suggested
sbctl enroll-keys
enabled Secure Boot automatically.For me, that is exactly true: running
sbctl enroll-keys --microsoft
did indeed enable Secure Boot, and I didn't need to subsequently enable it in my UEFI firmware settings. I have a Lenovo ThinkPad X1 Carbon, 11th Gen, and I've gone into Setup Mode a few times to fix various issues. To enable Secure Boot again I always have to runsbctl enroll-keys --microsoft
, and no further action is required to enable Secure Boot.I imagine this is hardware- or manufacturer-, or at least UEFI firmware vendor-dependent. With my X1 Carbon, whenever I enable Setup Mode there is always a warning that doing so will clear the Platform key. I think this is the reason why enabling Secure Boot in the UEFI firmware settings doesn't work by itself (where are you supposed to get the Platform key?). At least my X1 Carbon needs the OS to install the Platform key (this is ostensibly what
sbctl enroll-keys
does, among other things), and doing so for this hardware automatically re-enables Secure Boot.