Il 04/10/2023 17:11, Max Nikulin ha scritto:
But neither Asus (bios from start of September) nor Microsoft
(Windows 11) do that blacklisting.
Do you mean Windows install on hard drive or Windows install image?
should be "installed"---------^
Ok, "installed".
I am curious if just booting a recent media published by Microsoft (not
install, just booting till first dialog) may change secure boot keys. If
I have got you right, Windows with all updates installed still allows to
boot old Clonezilla.
I'll try. Now I don't have the machine.
If firmware has the "EFI shell" option then you may try "bcfg boot
dump -v". Unsure if it is possible to redirect output to a file.
I'll try. Is there nothing inside Linux efi tools?
Sorry, your question is unclear for me. I was trying to suggest a way to
inspect UEFI boot variables without disturbing its state. If Linux
images may do something with secure boot keys then I see the following
alternatives:
- Firmware may have EFI shell boot option included
- Perhaps there are some tools for Windows
I don't know if there is an EFI shell.
For Linux, I found this (there's no version for Debian):
https://github.com/rhboot/dbxtool
But it says it was replaced by this:
https://github.com/fwupd/fwupd
I'll try.
