What is the best way to test Shim with Vendor Certificate
Jurij-Ivastsuk opened this issue · comments
Hi all, what is the best way to test if Shim works with the integrated vendor certificate, assuming you don't have a Microsoft certificate yet and secure boot is enabled.
It sounds like you need to sign shim yourself (with a different certificate) and then add that certificate (but not your vendor cert, since that's only meant to work for things loaded by shim) to the firmware SB db
allow list.
@mikebeaton Thank you very much ! Is that the only way? Can you give me a hint, which linux-tools can I use to add a test-certificate to db?
KeyTool.efi which is included in the efitools package, or your BIOS may have a section for adding/appending to this from files stored on the ESP.
@mikebeaton Thank you very much!