-
Notifications
You must be signed in to change notification settings - Fork 71
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unenroll keys #248
Comments
The process for unenrolling the sbctl-enrolled keys is the same as removing the manufacturer keys (or any other secure boot keys). See steps 1-5 of the example workflow. As for the keys themselves, I would figure deleting the directory they were installed to ( |
@Foxboron Is there the way to query the firmware to reset all keys to vendor provided one programatically from userspace? I see that in the documentation, there is the |
You misunderstand what the You can't only enroll vendor provided ones, that isn't the job of sbctl. Use the BIOS menu for that. |
Than this issue could be closed to not clutter the actual ones. |
I was attempting to get Secure Boot setup on my Surface Book 2 and I seem to have skipped some steps, so I've got sbctl installed but I can't actually get it working as it should. Looking at the help and man pages, there's nothing that explains how to properly unenroll/remove the keys that were generated so that I can start from scratch.
Is there an option/ability to do so, and if so, what are the commands needed for that?
Also feels like this would be good to be documented somewhere, as I'm sure others have run into this as well.
The text was updated successfully, but these errors were encountered: