My laptop won't reboot after enrolling the keys

[alogim]

I followed the guide here:

sbctl status
sbctl create-keys
sbctl enroll-keys
sbctl status
Installed:	✔ Sbctl is installed
Owner GUID:	<my-guid>
Setup Mode:	✔ Disabled
Secure Boot:	✘ Disabled

And then I rebooted as it was written, but now my laptop doesn't properly turn on. The Caps Lock keeps going on and off intermittently and the screen is not powered on at all. I can't access the BIOS/UEFI or anything else.

Not sure what's going on.

[conrad-heimbold]

I guess it's because the Microsoft Third Party UEFI CA certificate is missing?

The Arch Wiki warns about that:
Warning: Replacing the platform keys with your own can end up bricking hardware on some machines, including laptops, making it impossible to get into the firmware settings to rectify the situation. This is due to the fact that some device (e.g GPU) firmware (OpROMs), that get executed during boot, are signed using Microsoft 3rd Party UEFI CA certificate.

The How-To in the README.md is bad in this regard.

The command should have been

sbctl enroll-keys --microsoft 

... instead of just:

sbctl enroll-keys

Your laptop probably had some OpROMs that were signed like this...

I don't know how to fix this, but I guess you can find some more help with this information.

[conrad-heimbold]

The Arch Wiki also says this:

[NekkoDroid]

To give some possible ways to fix this:

1. Try clearing the CMOS of your MoBo
2. If you have access to your BIOS/UEFI there might be an option to reset keys to factory default

To give some suggestions to the project (maybe):

• I feel like the -m/--microsoft should be the default (omitable) since it easily can cause problems when you don't provide it
• for those that would still want to not include MS keys there could be --no-ms-keys

[starchturrets]

If you don't want to include MS keys and have OPROMs then --tpm-eventlog should be used I think.