Skip to content

Instantly share code, notes, and snippets.

View victor3823's full-sized avatar

Victor victor3823

6 followers · 1 following
View GitHub Profile
@victor3823
victor3823 / secure_boot_setup.md
Last active October 7, 2025 23:07
My Secure Boot Setup
Last updated
2025-10-08

Desired result

  • Secure Boot enabled using our own keys, booting a UKI directly
  • Root partition encrypted with LUKS2
  • Decryption at boot time requires:
    • The correct Secure Boot state (PCR 7)
    • The booted UKI being the correct one (PCR 11)
    • Entering the correct TPM2 PIN (Why)