How can I revert the mokutil secure boot enrollmentublue-os
There is no ujust command for reverting it back to default
Hfactory default your bios should be the easiest way.
there is a reset command for mokutil but i have no clue how destructive that is (if that also removes the microsoft keys, in which case have fun finding and importing those)
there is a reset command for mokutil but i have no clue how destructive that is (if that also removes the microsoft keys, in which case have fun finding and importing those)
Msudo mokutil --delete /etc/pki/akmods/certs/akmods-ublue.der Should remove the key. On next boot you can check with mokutil --list-enrolled
Ddoes the steam deck use secure boot? after running
sudo mokutil --reset my deck can make new deployments again.Mit's not enabled by default. Additionally, there is no PK, KEK, DB/DBX
Dwhen enabled, some service won't finish the deploying during the shutdown phase after rebooting after the new deployment is made and then there is no new deployment.
MOut of tree kmods are also signed with that key.
If secureboot is enabled they will fail to load and services reliant on them will fail.
Steam deck should not of had secureboot enabled by default in the bios. If it enabled, it should be in setup mode since valve doesn't ship keys. You have to manaully generate them and mok key is at a different layer.
Which services are failing?
If secureboot is enabled they will fail to load and services reliant on them will fail.
Steam deck should not of had secureboot enabled by default in the bios. If it enabled, it should be in setup mode since valve doesn't ship keys. You have to manaully generate them and mok key is at a different layer.
Which services are failing?
Dostreed finalize service after deploying. it got fixed since I reset secure boot with mokutil. I enabled secure boot because of this
MOkay, that's interesting that you are seeing the service fail for secureboot. That shouldn't be related.
That warning is telling people if they are using secureboot they need to enroll the MOK key. We will be shipping a patched kernel soon which will be signed by our key and not fedora's key. If you are not using secureboot, you will still be able to boot with the key not enrolled.
That warning is telling people if they are using secureboot they need to enroll the MOK key. We will be shipping a patched kernel soon which will be signed by our key and not fedora's key. If you are not using secureboot, you will still be able to boot with the key not enrolled.
Kand the deck does not use secure boot
Kdoesn't even have MS's key enrolled
Kso you can simply ignore it
©No it only clears all keys in the MOK, not in the other keydb's...
Hok good to know
