Resolved: Unable to enable secure boot ASUS H97i-PLUS

jayliu · April 29, 2025, 9:52pm

Using ASUS H97i-PLUS motherboard:

When I run ujust enroll-secure-boot-key

It gives me

Failed to set MokTimeout
error: Recipe `enroll-secure-boot-key` failed on line 33 with exit code 255

when I try running sudo mokutil -i /etc/pki/akmods/certs/akmods-ublue.der

it gives me this error

Failed to enroll new keys

Secure Boot is disabled.

Update: I found the answer here.

Load up the key onto a usb drive: github.com/ublue-os/bazzite/raw/refs/heads/main/secure_boot.der
Run upick bios
In BIOS: use “advanced mode” and navigate to Boot/SecureBoot/ManageKeys menus.
The key goes in the ‘db’ repository. So pick, “append to db” and select ‘no’ in the dialog box that pops up asking what you want to do. (counterintuitive to say the least). Navigate the UEFI storage path to your USB key, pick it and hit Enter. It will ask what the file is, pick “…blob”.
As a final step to enable secure boot, choose the “Windows secure boot…” option and not “Other OS” at the end of the steps above, to re-enable secure boot

Topic		Replies	Views
Secure Boot Notice Bazzite announcements	18	9375	August 23, 2024
Secure Boot and Encryption Bazzite	1	1575	June 8, 2024
Error enrolling secure boot key Bluefin	7	344	December 27, 2024
Unable to disable secure boot to enroll MOK Bluefin	3	258	November 28, 2024
Secure boot key / MOK management General	15	1965	October 6, 2024