Error enrolling secure boot key

I tried with or without secure boot enabled in the BIOS and I get this error each time:


thanks

From what I’ve seen by searching for possible errors like this, if I had to guess, it’s a bug in your particular system’s UEFI implementation.

The older the machine, the more likely this is, not because it has gained a bug with age, but just because older UEFI implementations seemed to have more bugs as I think the manufacturers were still figuring it out.

On a system like that, you could try upgrading the BIOS/UEFI if there is one available, or just disable SecureBoot and don’t sweat it.

1 Like

Ok thanks a lot, much appreciated @bsherman :pray:

@bsherman gave you fantastic analysis and advice, but I’d also add that the timeout is just a convenience. You could still try to manually ‘wget https://github.com/ublue-os/bazzite/raw/refs/heads/main/secure_boot.der && sudo mokutil --import secure_boot.der’ or whatever the newest key is. Just be ready to click on view/enroll right away when it pops up.

1 Like

Hey @MaxJanky , thanks for sharing.
Sounds good, I’m ready!
Do I have to download that secure_boot.der file and if yes, where can I find it?
:slightly_smiling_face:

I think all the spins are using the same ublue key and that’s the new one. So I’d try the command as written once you’ve satisfied yourself that the link is legit: wget https://github.com/ublue-os/bazzite/raw/refs/heads/main/secure_boot.der && sudo mokutil --import secure_boot.der

I suspect it’s the same thing the ujust script that failed you would attempt. Just be ready for the blue box on reboot asking you to enroll keys (unless it also fails). It could be more user-friendly and you won’t have time to look it up on your cell or whatever before it times out.

gl!

1 Like

You can also inspect any ujust recipe…

The original command was ujust -n enroll-secure-boot-key.

Add -n after ujust and you’ll see the command it’s running:

$ ujust -n enroll-secure-boot-key 
echo 'Enter password "universalblue" if prompted after your user password.'
sudo mokutil --timeout -1
sudo mokutil --import /etc/pki/akmods/certs/akmods-ublue.der
echo 'When you reboot your computer, follow the instructions to start MOK util'
echo 'by pressing a key, then enroll the secure boot key and enter "universalblue" as the password'

You can then run the bits you want.

1 Like