Results 1 to 2 of 2

Thread: Installing shim bootloader to boot kali under secure boot

  1. #1
    Join Date
    2016-Oct
    Location
    /dev/sda
    Posts
    1,012

    Installing shim bootloader to boot kali under secure boot

    I'm interested to boot kali under secure boot.

    The default kali grub is unsigned so you can't boot kali while your secure boot is enabled. Shim boot loader is signed by the MIcrosoft private key which allows you to boot kali even when secure boot is ON. Shim is actually grub but it uses cryptography keys to run in secure boot.

    Shim and shim-signed are available in kali-linux repositories. You can check this by sudo apt-cache search shim.

    You can install shim by apt-get install shim-signed.
    Setting up shim-signed (1.28+0.9+1474479173.6c180c6-1) ...
    Installing for x86_64-efi platform.
    Installation finished. No error reported.
    No DKMS packages installed: not changing Secure Boot validation state.


    Shim and shim-signed are similar. The only difference between them is shim can be signed by your private key but then you have to install your own self-signed certificates in UEFI. Your vendor already gives you pre-installed certificates of MIcrosoft in UEFI. To work shim with Microsoft keys shim-signed is used which is signed by Microsoft.

    The installation goes well but i tried this. Shimx64.efi was supposed to be added in the EFI partition along side with grubx64.efi but it's not there. I tried reinstalling it multiple times using apt-get install --reinstall shim-signed and again the installation goes well but it is not adding entry of shimx64.efi.

    Does anyone have solutions how to make it work?

    There are valid reasons why secure boot should be kept enabled so if you are able to boot kali under secure boot it will be a plus point and better security approach.

    If shim was unsupported for kali it wouldn't be there in kali repo.
    Last edited by _defalt; 2017-08-17 at 11:14.

  2. #2
    Join Date
    2016-Oct
    Location
    /dev/sda
    Posts
    1,012
    I tried sudo grub-install --uefi-secure-boot /dev/sda but shim is still not there.

    Finally i decided to copy shimx64.efi.signed in EFI but when i tried to boot it, it says verification failed. It is probably due to the signature mismatch. Is it really signed by Microsoft? I'm going to send bug report about this.
    Last edited by _defalt; 2017-08-18 at 10:17.

Similar Threads

  1. Boot with Secure Boot enabled
    By matteodev in forum General Archive
    Replies: 1
    Last Post: 2022-08-11, 22:03
  2. "Secure Boot Violation" with Kali USB Boot
    By ChaoticErnie in forum Installing Archive
    Replies: 4
    Last Post: 2021-04-14, 13:19
  3. Secure Boot to Custom Boot
    By T0xicPilot in forum Installing Archive
    Replies: 3
    Last Post: 2017-03-01, 20:47
  4. Dual Boot Kali Linux with Windows 8.1 (UEFI and SECURE BOOT)
    By sentostv in forum Installing Archive
    Replies: 2
    Last Post: 2015-01-01, 02:53

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •