On 2023-07-17 11:16 PM, solsTiCe d'Hiver wrote:
You should be careful before deleting all the secure boot keys from your BIOS.
Reading the warning at https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secur...:
Warning: Replacing the platform keys with your own can end up bricking hardware on some machines, including laptops, making it impossible to get into the firmware settings to rectify the situation. This is due to the fact that some device (e.g GPU) firmware (OpROMs), that get executed during boot, are signed using Microsoft 3rd Party UEFI CA certificate.
And it would be best to backup those keys before deleting them. There is a command to do so on the same wiki page, a few paragraphs below.
Personally, I am just sticking to shim method to stay on the safe side.
This might be true, but unlikely that it would stop you getting into the BIOS. Nevertheless, any sane board will let you leave the factory keys installed (or reset to them). Even on my shitty MSI board I wasn't affected by this with no keys, but you're right, it's good to point out. -- Simon Perry (aka Pezz)