so.cl

Before we start, maybe I will quickly explain what Secure Boot is. It is a security feature, which allows our computer to decline booting operating systems that have not been signed by a key that the firmware trusts.

On 2022-12-11, I decided to setup Secure Boot on my new desktop with a help of sbctl. Unfortunately I have found that my firmware was… accepting every OS image I gave it, no matter if it was trusted or not. It wasn’t the first time that I have been self-signing Secure Boot, I wasn’t doing it wrong.

As I have later discovered on 2022-12-16, it wasn’t just broken firmware, MSI had changed their Secure Boot defaults to allow booting on security violations(!!). MSI’s (in)Secure Boot