Been down the rabbit hole lately of UEFI Secure Boot issues, and decided to write an overview of how it works out-of-the-box in the excellent Debian-based Linux Mint LMDE 6.

Have mostly been researching this stuff as I was looking to replace GRUB entirely with systemd-boot on one of my systems. Will likely write a follow-up piece documenting that journey if I think it'd be interesting to some nerds out there.

  • witx@lemmy.sdf.org
    link
    fedilink
    arrow-up
    0
    arrow-down
    2
    ·
    1 year ago

    The EFI binary is signed by a private key, whose public key signature is present in the trusted Signature Database (db).

    Shouldn't it be the opposite? i.e signed by a public key?