Hello fellow openSUSErs,
I opted for SecureBoot and I verified it was working after install. I decided to check the status after I suspected it was no longer active and indeed that was the case.
mokutil --sb-state
[FONT=monospace]SecureBoot disabled
Platform is in Setup Mode
[/FONT]
I’m afraid that if I
mokutil --revoke-import
I’ll need to turn off SecureBoot to boot. Currently there is only one cert installed:
sudo mokutil --list-enrolled
[key 1]
SHA1 Fingerprint: 33:ce:a7:1b:a1:6a:67:ba:d8:6b:93:cb:da:2e:19:a7:e9:df:95:66
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
fa:be:d8:bf:40:9a:5e:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=openSUSE Secure Boot CA, C=DE, L=Nuremberg, O=openSUSE Project/emailAddress=buil
d@opensuse.org
Validity
Not Before: Aug 3 12:35:39 2020 GMT
Not After : Jun 12 12:35:39 2030 GMT
Subject: CN=openSUSE Secure Boot Signkey, C=DE, L=Nuremberg, O=openSUSE Project/emailAddres
s=build@opensuse.org
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00[FONT=monospace]...(truncated)
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Subject Key Identifier:
C8:BD:C7:AC:1A:1D:85:96:62:17:FD:93:EB:FC:14:F4:A2:00:B8:14
X509v3 Authority Key Identifier:
keyid:68:42:60:0D:E2:2C:4C:47:7E:95:BE:23:DF:EA:95:13:E5:97:17:62
DirName:/CN=openSUSE Secure Boot CA/C=DE/L=Nuremberg/O=openSUSE Project/emailAddres
s=build@opensuse.org
serial:01
X509v3 Key Usage: critical
Digital Signature
X509v3 Extended Key Usage:
Code Signing
Signature Algorithm: sha256WithRSAEncryption
4b...(truncated)
[/FONT]
How can I get my SecureBoot working again? Please note, I can still currently boot and use the OS. Many thanks!