_defalt
2017-08-16, 18:53
I'm interested to boot kali under secure boot.
The default kali grub is unsigned so you can't boot kali while your secure boot is enabled. Shim boot loader is signed by the MIcrosoft private key which allows you to boot kali even when secure boot is ON. Shim is actually grub but it uses cryptography keys to run in secure boot.
Shim and shim-signed are available in kali-linux repositories. You can check this by sudo apt-cache search shim.
You can install shim by apt-get install shim-signed.
Setting up shim-signed (1.28+0.9+1474479173.6c180c6-1) ...
Installing for x86_64-efi platform.
Installation finished. No error reported.
No DKMS packages installed: not changing Secure Boot validation state.
Shim and shim-signed are similar. The only difference between them is shim can be signed by your private key but then you have to install your own self-signed certificates in UEFI. Your vendor already gives you pre-installed certificates of MIcrosoft in UEFI. To work shim with Microsoft keys shim-signed is used which is signed by Microsoft.
The installation goes well but i tried this. Shimx64.efi was supposed to be added in the EFI partition along side with grubx64.efi but it's not there. I tried reinstalling it multiple times using apt-get install --reinstall shim-signed and again the installation goes well but it is not adding entry of shimx64.efi.
Does anyone have solutions how to make it work?
There are valid reasons why secure boot should be kept enabled so if you are able to boot kali under secure boot it will be a plus point and better security approach.
If shim was unsupported for kali it wouldn't be there in kali repo.
The default kali grub is unsigned so you can't boot kali while your secure boot is enabled. Shim boot loader is signed by the MIcrosoft private key which allows you to boot kali even when secure boot is ON. Shim is actually grub but it uses cryptography keys to run in secure boot.
Shim and shim-signed are available in kali-linux repositories. You can check this by sudo apt-cache search shim.
You can install shim by apt-get install shim-signed.
Setting up shim-signed (1.28+0.9+1474479173.6c180c6-1) ...
Installing for x86_64-efi platform.
Installation finished. No error reported.
No DKMS packages installed: not changing Secure Boot validation state.
Shim and shim-signed are similar. The only difference between them is shim can be signed by your private key but then you have to install your own self-signed certificates in UEFI. Your vendor already gives you pre-installed certificates of MIcrosoft in UEFI. To work shim with Microsoft keys shim-signed is used which is signed by Microsoft.
The installation goes well but i tried this. Shimx64.efi was supposed to be added in the EFI partition along side with grubx64.efi but it's not there. I tried reinstalling it multiple times using apt-get install --reinstall shim-signed and again the installation goes well but it is not adding entry of shimx64.efi.
Does anyone have solutions how to make it work?
There are valid reasons why secure boot should be kept enabled so if you are able to boot kali under secure boot it will be a plus point and better security approach.
If shim was unsupported for kali it wouldn't be there in kali repo.