Recently I've had to deal with issues booting using UEFI as outlined in my Linux Boot Failure! Debugging UEFI Boot Issues blog post, where I also go into detail about UEFI and the UEFI boot process.

Been down the rabbit hole lately of UEFI Secure Boot issues, and decided to write an overview of how it works out-of-the-box in the excellent Debian-based Linux Mint LMDE 6.

Have mostly been researching this stuff as I was looking to replace GRUB entirely with systemd-boot on one of my systems. Will likely write a follow-up piece documenting that journey if I think it’d be interesting to some nerds out there.

  • @witx
    09 months ago

    The EFI binary is signed by a private key, whose public key signature is present in the trusted Signature Database (db).

    Shouldn’t it be the opposite? i.e signed by a public key?

    • @Hugin@lemmy.world
      109 months ago

      Nope. You sign with the private key and verify with the public key. Basically you use the private key to do stuff only you should be able to do and the public key is used by the public to verify it was you who did it.