Skip to content

Instantly share code, notes, and snippets.

@ironiridis

ironiridis/securebutt.md

Created October 3, 2022 23:47
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ironiridis/8948aea6ffbce3d58290d6a52d9e0aad to your computer and use it in GitHub Desktop.
Save ironiridis/8948aea6ffbce3d58290d6a52d9e0aad to your computer and use it in GitHub Desktop.
Download ZIP
Gentoo EFI Secure Boot Steps from scratch
Raw
securebutt.md

Cribbed mostly from this article which didn't work for me initially.

sudo emerge mokutil pesign keyutils
sudo mkdir -p /etc/pki/pegsign
sudo certutil -N -d /etc/pki/pesign
# ( enter a blank password  )
sudo efikeygen -d '/etc/pki/pesign' -S -k -c 'CN=Gentoo Key' -n 'Custom Secureboot'
mkdir -p ~/efi/certs
sudo certutil -d /etc/pki/pesign -n 'Custom Secureboot' -Lr > ~/efi/certs/sb_cert.cer
sudo mokutil --import efi/certs/sb_cert.cer
# ( enter a real password )
sudo reboot ; exit
# ( MOK shim utility will boot. press a key before 10 seconds. )
# select Enroll MOK, then View Key (probably "view key 0"), verify this looks correct.
# press any key to continue, then select "Continue".
# select "Reboot".
# boot back into Gentoo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment