The blue screen on reboot after adding keys for secure boot confuses me and I would like to know more about it and where to learn about it, hopefully with pictures.
Sometimes to run software on my Fedora machine I have to sign keys for secure boot.
The documentation provided by fedora called Working with Kernel Modules is very helpful.
There is one part of it that I feel is lacking, and this goes for most other articles or documentation I’ve seen on signing keys for secure boot..
- They tend to gloss over the reboot process, and what steps to take when you see the
Uefi Console. (I may be calling it the wrong thing, I know it mainly as the blue screen that scares me when I reboot after creating keys.)
I’ll show an example the fedora Working with Kernel Modules documentation I mentioned earlier:
- Request enrollment of your public key.
mokutil --import my_signing_key_pub.der
- Reboot, and complete the enrollment at the UEFI console.
- After the system reboots, verify the keys on the system key ring again.
This line of instructions is probably the most common way I have seen it described. I am still very confused by the blue screen.
My confusions about it can be separated
How to get to the screen:
Does it automatically show up after importing a key with
mokutil? (I’ve done this process a few times and I can’t remember if it was automatic or I had to press some key to prompt it).
I feel like I have seen the blue screen pop up but I did not respond in time, and it just booted normally. In those cases how do I reload the screen to reattempt.
What to do once on the screen:
It’s not immediately obvious to me which options to choose or how to determine if I have chosen the right ones. It seems like there could be many possible paths based on the options you choose.
Where is the documentation for this screen? Is it different per distro? Is it the same for all distros?