ASUS and Surface images now support Secure Boot

Anyone using the latest ASUS and Surface images can now use secure boot after enrolling the key by jumping over to their terminal and running:

ujust enroll-secure-boot-key

After the key has been imported, on reboot, you’ll be prompted for enrollment.

Keep in mind that this is a third party key and, if required, Secure Boot will need to be configured via the UEFI to accept it. For example, on my Surface Pro 7+, you can either press F2 on a connected keyboard during startup or press and hold the volume up button while the device is powered off then press and release the power button. Now you’re in the UEFI. Navigate to the “Security” tab over on the left, tap or click on “Change configuration” underneath the “Secure Boot” header, and then tap or click on “Microsoft & 3rd party CA”.

Both the ASUS and Surface kernel are now being signed with the same key used to sign our kernel modules via a GitHub action I worked on with KyleGospo. You can find the action here.

This action can be used to sign any kernel you’d like to use with any key pair. For instance, Bazzite will be using it for the fsync kernel. Read the notice here.

Have a great day!

3 Likes