I've been struggling hard to complete the part when you must insert keys in the BIOS firmware in order to benefit from Secure Boot with GRUB and Linux.
My BIOS firmware could clean keys but there was no options for
inserting some and so we needed to do it with the help of a third-party
software. That's where KeyTool.efi enter the scene (installed with the
efitools
package on Archlinux, maybe the same package name for
other distros).
Let's cut the babbling and jump right into the matter. Here's how your
/etc/grub.d/40_custom
file should look like after you
copied KeyTool.efi as /efi/EFI/arch/KeyTool.efi
.
Don't forget to replace '1234-5678' by the partition UUID in which the
/efi
folder resides:
#!/bin/sh exec tail -n +3 $0 # This file provides an easy way to add custom menu entries. Simply type the # menu entries you want to add after this comment. Be careful not to change # the 'exec tail' line above. menuentry "KeyTool unsigned" { load_video set gfxpayload=keep insmod part_gpt insmod ext2 insmod fat insmod chain search --no-floppy --fs-uuid --set=root 1234-5678 chainloader /efi/arch/KeyTool.efi }