UB
Universal Blue5mo ago
dnkmmr

How can I revert the mokutil secure boot enrollmentublue-os

There is no ujust command for reverting it back to default
11 Replies
HikariKnight
HikariKnight5mo ago
factory default your bios should be the easiest way. there is a reset command for mokutil but i have no clue how destructive that is (if that also removes the microsoft keys, in which case have fun finding and importing those)
M2
M25mo ago
sudo mokutil --delete /etc/pki/akmods/certs/akmods-ublue.der Should remove the key. On next boot you can check with mokutil --list-enrolled
dnkmmr
dnkmmr5mo ago
does the steam deck use secure boot? after running sudo mokutil --reset my deck can make new deployments again.
M2
M25mo ago
it's not enabled by default. Additionally, there is no PK, KEK, DB/DBX
dnkmmr
dnkmmr5mo ago
when enabled, some service won't finish the deploying during the shutdown phase after rebooting after the new deployment is made and then there is no new deployment.
M2
M25mo ago
Out of tree kmods are also signed with that key. If secureboot is enabled they will fail to load and services reliant on them will fail. Steam deck should not of had secureboot enabled by default in the bios. If it enabled, it should be in setup mode since valve doesn't ship keys. You have to manaully generate them and mok key is at a different layer. Which services are failing?
dnkmmr
dnkmmr5mo ago
ostreed finalize service after deploying. it got fixed since I reset secure boot with mokutil. I enabled secure boot because of this
No description
M2
M25mo ago
Okay, that's interesting that you are seeing the service fail for secureboot. That shouldn't be related. That warning is telling people if they are using secureboot they need to enroll the MOK key. We will be shipping a patched kernel soon which will be signed by our key and not fedora's key. If you are not using secureboot, you will still be able to boot with the key not enrolled.
1/4 Life
1/4 Life5mo ago
and the deck does not use secure boot doesn't even have MS's key enrolled so you can simply ignore it
©TriMoon™
©TriMoon™5mo ago
No it only clears all keys in the MOK, not in the other keydb's...
HikariKnight
HikariKnight5mo ago
ok good to know
Want results from more Discord servers?
Add your server
More Posts
BUG: The bazzite-nvidia image has 4gb of zram swap space assigned by defaultThis is mentioned as a feature in the SteamDeck image in the readme but is not noted in the desktop steam does not remember password; game mode blank screenHi folks, I'm just trying out Bazzite for the first time. Install went fine however I have two problNot receiving video signalShortly after booting up and logging into my PC it sends me back to the log in screen but every timeIssue Templates ThreadIssue Templates ThreadRPM file installHi. Hope you can help. I'm looking to install a displaylink-rpm that is no github for making displayKeyboard not working during enrollment of secure boot keyAfter using the ujust command and rebooting, the MOK management screen is completely frozen and no iupdated fan control not workingoThe updated fan control does nothing and now that I installed fantastic with decky loader its using Unable to enroll secure boot key.Attempting to enroll secure boot keys using the ujust command fails with the error `error: Recipe Unsure how to setup secondary disk to automount.I'm a intermediate Linux user who's fairly comfortable with the terminal but I've always used gnome error installing payloaddWhat does this mean