<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Secure-Boot on blog</title><link>https://debiplobi.github.io/tags/secure-boot/</link><description>Recent content in Secure-Boot on blog</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Sun, 07 Jun 2026 22:34:31 +0530</lastBuildDate><atom:link href="https://debiplobi.github.io/tags/secure-boot/index.xml" rel="self" type="application/rss+xml"/><item><title>Easy Guide to Secure Boot</title><link>https://debiplobi.github.io/posts/easy-guide-to-secure-boot/</link><pubDate>Sun, 07 Jun 2026 22:34:31 +0530</pubDate><guid>https://debiplobi.github.io/posts/easy-guide-to-secure-boot/</guid><description>&lt;h2 id="why"&gt;Why?&lt;/h2&gt;
&lt;p&gt;Over the years I have found that doing dual booting with secureboot is a pain.&lt;/p&gt;
&lt;p&gt;There are many ways to do it but I have found easier way to do it with signing the firmware with own keys.&lt;/p&gt;
&lt;p&gt;So, We are gonna use tool called &lt;code&gt;sbctl&lt;/code&gt; which does that for us.&lt;/p&gt;
&lt;p&gt;Remember, I am no expert on this and I am writing from my experience.&lt;/p&gt;
&lt;h2 id="lets-start"&gt;Let&amp;rsquo;s start&lt;/h2&gt;
&lt;h3 id="install-the-required-package"&gt;Install the required package&lt;/h3&gt;
&lt;ul&gt;
&lt;li&gt;Install &lt;code&gt;sbctl&lt;/code&gt; as per your distro.&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id="check-the-status"&gt;Check the status&lt;/h3&gt;
&lt;pre tabindex="0"&gt;&lt;code&gt;$ sbctl status
Installed:	✘ Sbctl is not installed
Setup Mode:	✘ Enabled
Secure Boot:	✘ Disabled
&lt;/code&gt;&lt;/pre&gt;&lt;ul&gt;
&lt;li&gt;You should see that sbctl is not installed and secure boot is disabled.&lt;/li&gt;
&lt;/ul&gt;
&lt;h3 id="create-the-keys"&gt;Create the keys&lt;/h3&gt;
&lt;pre tabindex="0"&gt;&lt;code&gt;$ sbctl create-keys
&lt;/code&gt;&lt;/pre&gt;&lt;h3 id="enroll-the-keys"&gt;Enroll the keys&lt;/h3&gt;
&lt;pre tabindex="0"&gt;&lt;code&gt;sbctl enroll-keys --microsoft
&lt;/code&gt;&lt;/pre&gt;&lt;h3 id="sign-the-kernel-and-modules"&gt;Sign the kernel and modules&lt;/h3&gt;
&lt;pre tabindex="0"&gt;&lt;code&gt;sbctl sign-all
&lt;/code&gt;&lt;/pre&gt;&lt;p&gt;This command signs almost everything needed eg: kernel, bootloader, etc.&lt;/p&gt;</description></item></channel></rss>