Secure Boot: Difference between revisions

← Older editNewer edit →
VisualWikitext
imported>Onny
mNo edit summary
imported>Onny
mNo edit summary
Line 88: Line 88:
</syntaxHighlight>
</syntaxHighlight>


It is expected that the files ending with bzImage.efi are not signed. In case any of the nixos-generation-*.efi files are not signed, you have hit a bug ([https://github.com/nix-community/lanzaboote/issues/39 #39]). This issue will prevent the system from booting successfully when Secure Boot is enabled. The way to solve this is deleting the unsigned files indicated by sbctl and switching to the configuration again. This will copy and sign the missing files.
It is expected that the files ending with bzImage.efi are not signed.


For the last step, your UEFI firmware needs to be set to <code>Setup Mode</code> to allow enrolling Secure Boot keys. This varies depending on your vendor and notebookt model.
For the last step, your UEFI firmware needs to be set to <code>Setup Mode</code> to allow enrolling Secure Boot keys. This varies depending on your vendor and notebookt model.
Retrieved from "https://wiki.nixos.org/wiki/Secure_Boot"