Hey pbear, I tried this procedure and the success was... mixed.What I would try next is disabling validation. (...) The command is simple: sudo mokutil --disable-validation.
(...)
Double-check procedure worked, e.g., mokutil --sb-state. You're looking for “SecureBoot enabled, SecureBoot validation is disabled in shim.” (...)
The procedure itself worked flawlessly. Everything downright to the messages appeared correctly. I was able to disable the validation and, during boot, the loader says "booting without validation." However, what I couldn't test yet due to lack of time was that (disk-installed) Debian bootloader passes it. This is because I (in the midst of all these tests) ended up installing Fedora temporarily to investigate further, and deleted that first Debian installation.
What I did try was to boot a non-shimmed Linux distro (Alpine) - which did not work. Which is surprising, I think, since in theory we're not validating anything, right?
On the light of this, I guess my last question is: does this disabling of validation persists even after I remove the original install that I used to do this? Does this setting "persist" within the UEFI firmware for every other OS? As you all may have noticed, I have very little knowledge of the Secure Boot environment.
Still crossing fingers, but that seems to be the order of things, indeed...Frankly, if that doesn't work, I don't know what to suggest. The admin password you don't have is the intended solution as far as the computer's maker is concerned.
Statistics: Posted by klaamanit — 2025-01-20 18:34 — Replies 6 — Views 194