I am attempting to install Kali Linux alongside a preinstalled Windows 10. Secure boot restricts me from booting from USB, so what happens if I delete its variables?
Asked
Active
Viewed 1.5e+01k times
3 Answers
11
Secure Boot should not prevent booting from a USB drive per se, although it should prevent booting an unsigned boot loader from any disk. I don't happen to know offhand if Kali provides a signed or unsigned boot loader, so this might or might not be your problem.
You should be able to disable Secure Boot from the firmware setup utility. If you can't do so, return the computer to the store for a refund and tell the manufacturer why you did so. You do NOT want a computer you can't control, which is what you've got if you can't shut off Secure Boot. (In the past, Microsoft required that users be able to disable Secure Boot on x86 and x86-64 computers bearing a Windows 8 logo. They made this optional for Windows 10, but most manufacturers are continuing to provide the option.)
If you want to take full control of your computer's Secure Boot functionality, you can replace the keys with your own. The process to do so is difficult to describe because the tools to do this are not very user-friendly and some critical details vary from one computer to another. I wrote this page on the subject, if you care to look into it. It's definitely easier to simply disable Secure Boot, but of course if you want the benefits of Secure Boot without using Microsoft's (or your computer manufacturer's) keys, replacing those keys is the way to go.
Rod Smith
- 22,290
0
Clearing the Secure Boot database would technically make you unable to boot anything, since nothing to boot would have corresponded to the Secure Boot's database of signatures/checksums allowed to boot. If you don't want to mess with this and install an OS not compatible with Secure Boot, the easiest option is to disable it by accessing the UEFI Firmware Settings (Hold Shift while rebooting -> Advanced Options -> UEFI Firmware Setttings), or you can add your own keys.
Sylveon
- 190
0
In my case on ASUS Zenbook Flip UX360U, disabling the secure boot didn't help and the full NVRAM prevented to even boot from USB with error
Couldn't Create Moklist: Volume Full , Something serious has gone wrong, import_mok_state():failed
I took the risk to "delete all secure boot variables", (could also be named differently "remove all keys", or "enter setup mode"). It seems not very well communicated by BIOS or other answers that after entering the setup mode, you'll get the option to fill in the factory default keys as well as adding your own keys or disable secure boot.
This is my experience but I've seen others report the same from vids and forums around the net. It make sense to not let user delete the hardcoded defaults alltogether, so even the "deletion" is safe as they are backed up elsewhere.
smido
- 101