I want to sometimes use Linux, sometimes windows.
I found out that, Puppy Linux is small, I can install it on a USB. But the problem is, if I click on my USB in the boot menu, I have to disable secure boot first.
I found out, I will need a secure boot key. But I cant find it anywhere.
Does anybody know where to get the Puppy Linux secure boot key? Thank you sm. (I dont want to keep secureboot turned off. Read more about my opinion here: My opinion
Tested on FossaPup64 9.5. It's all broken.
Puppy Linux uses old Debian's shim + their own GRUB. Debian's shim allow to run any non-Debian .efi executables, but for that the custom signing key should be added upon boot, with a special dialogue program called MokManager.
However, there were multiple vulnerabilities in GRUB since 2019, the files from which uses Puppy, and the MokManager signing key have been revoked, that's why Puppy's GRUB cannot launch because MokManager cannot launch to import the key.
If we remove the key from the revoked list and add the required key with MokManager, we will get into GRUB, which, however, cannot load the OS, with "Bootloader has not verified the loaded image. System is compromised. Halting." message. It seems that the kernel is signed with yet another key (or not signed at all).
You have two options:
Generate your own signing keys, sign the bootloader and the kernel of Puppy Linux yourself. You have to do that every time the bootloader or kernel is updated. You would also probably need to sign all the modules, however that depends on how the kernel is compiled.
Ask Puppy developers to fix their Secure Boot.
Easy solution: Super UEFIinSecureBoot Disk.
