Warning: Some posts on this platform may contain adult material intended for mature audiences only. Viewer discretion is advised. By clicking ‘Continue’, you confirm that you are 18 years or older and consent to viewing explicit content.
You’re looking at bootloaders, not kernels; you need to enroll the kernel with one of those bootloaders. Usually running sudo update-grub while in the OS will automatically detect and add any available kernels to the default version of GRUB.
I have the kernel in the bootloader, problem is I need to enroll it with MOK manager to actually boot it in secure boot. But it starts in /boot/efi with no option to go back to /boot so I don’t really understand how exactly I’m supposed to do it.
If you have already made a certificate and imported it with mokutil maybe you just need to select the MokManager.efi from your screenshot and start that to enroll the key.
I’ve honestly never wrestled with Secure Boot in this way; I usually disable it if it won’t let me boot my preferred kernel. From my brief online searches, enrolling your own keys is possible, but that depends on the kernel modules being signed in the first place, and carries risk of bricking devices if not done correctly. So you might just want to disable Secure Boot, or otherwise stick to kernels provided by your distribution.
You’re looking at bootloaders, not kernels; you need to enroll the kernel with one of those bootloaders. Usually running
sudo update-grub
while in the OS will automatically detect and add any available kernels to the default version of GRUB.If you can’t boot into the OS, you can select the kernel manually from the GRUB command line: https://www.unix-ninja.com/p/Manually_booting_the_Linux_kernel_from_GRUB
I have the kernel in the bootloader, problem is I need to enroll it with MOK manager to actually boot it in secure boot. But it starts in /boot/efi with no option to go back to /boot so I don’t really understand how exactly I’m supposed to do it.
https://www.dannyvanheumen.nl/post/secure-boot-linux-shim-mokmanager/ seems to be a good introduction to the concept. Your distribution should have specific documentation on how to make custom kernels and secure boot work if you need more details.
If you have already made a certificate and imported it with mokutil maybe you just need to select the MokManager.efi from your screenshot and start that to enroll the key.
I’ve honestly never wrestled with Secure Boot in this way; I usually disable it if it won’t let me boot my preferred kernel. From my brief online searches, enrolling your own keys is possible, but that depends on the kernel modules being signed in the first place, and carries risk of bricking devices if not done correctly. So you might just want to disable Secure Boot, or otherwise stick to kernels provided by your distribution.