-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Neither .der nor .auth keys generated #86
Comments
They are intentionally not created. I'm more curious to figure out why |
sbctl status:
sbctl enroll-keys:
sbctl enroll-keys again (as root of course):
|
I tried both with Setup Mode enabled and disabled. |
Did you |
Yes. |
Output of |
|
Did you reset the keys? These should be empty and without the Microsoft CA. Some hardware vendors have terrible UI for reseting the keys and enabling user mode. See #67 (comment) |
I had already pressed the delete all keys button, but it hadn't worked. |
This is where I should start providing some debug tools for myself inside sbctl :) Output of |
db:
PK:
KEK:
|
This all looks correct to me. Output of |
archlinux% sudo sbctl status |
I'm not sure what the issue is. I need to write some better debug tools in Can you run |
I don't have a |
What sort of computer is this? Desktop or laptop? I'm curious if the issue is signed firmware loaded on boot, the rejection of the db key or any of the boot files. The TPM2 eventlog should record this so if you have a TPM it would be great to look at it :) |
I am on desktop. I don't think I have a TPM. |
In order to enroll a PK, a motherboard should be in the setup mode. Read the |
I already said I tried both with Setup Mode enabled and disabled (#86 (comment)). It isn't the issue. I am able to enroll keys. |
I suspect this is solved with some of the recent documentation we have on properly getting into user mode. |
I ran
sbctl create-keys
, which succeeded without errors, but neither .der nor .auth files were generated:Is this normal?
I need them because I have an issue similar to #67, and I'd like to try to enroll them in my UEFI (it doesn't accept .pem files).
The text was updated successfully, but these errors were encountered: