I've been struggling hard to complete the part when you must insert keys in the BIOS firmware in order to benefit from Secure Boot with GRUB and Linux.
My BIOS firmware could clean keys but there was no options for
inserting some and so we needed to do it with the help of a third-party
software. That's where KeyTool.efi enter the scene (installed with the
efitools package on Archlinux, maybe the same package name for
other distros).
Let's cut the babbling and jump right into the matter. Here's how your
/etc/grub.d/40_custom file should look like after you
copied KeyTool.efi as /efi/EFI/arch/KeyTool.efi.
Don't forget to replace '1234-5678' by the partition UUID in which the
/efi folder resides:
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries. Simply type the
# menu entries you want to add after this comment. Be careful not to change
# the 'exec tail' line above.
menuentry "KeyTool unsigned" {
load_video
set gfxpayload=keep
insmod part_gpt
insmod ext2
insmod fat
insmod chain
search --no-floppy --fs-uuid --set=root 1234-5678
chainloader /efi/arch/KeyTool.efi
}