I upgraded the CPU in my system, and after booting the computer prompted me to wipe the fTPM. After booting (with secure-boot disabled) I tried enrolling the keys again.
How to reproduce:
Unknown initial state after clearing the fTPM from upgrading the CPU
Wipe all keys (or some keys) in UEFI settings
Enter setup mode in UEFI
run sbctl enroll-keys --microsoft in a CLI, as root
I get the following error from the command:
Enrolling keys to EFI variables...
With vendor keys from microsoft...✗
sbctl requires root to run: couldn't sync keys: couldn't write efi variable: write /sys/firmware/efi/efivars/dbx-d719b2cb-3d3a-4596-a3bc-dad00e67656f: permission denied
I have previously had secure boot enabled on this computer (with the old CPU), for which I created and enrolled the keys without any issue. I don't understand why it's not working now.
I upgraded the CPU in my system, and after booting the computer prompted me to wipe the fTPM. After booting (with secure-boot disabled) I tried enrolling the keys again.
How to reproduce:
sbctl enroll-keys --microsoft
in a CLI, as rootI get the following error from the command:
I have previously had secure boot enabled on this computer (with the old CPU), for which I created and enrolled the keys without any issue. I don't understand why it's not working now.