0
I have a laptop running Win10Pro and has UEFI. I have a USB stick with Kali on it.
If I disable Secure Boot, I can boot from Kali with no problem, but then Win10/BitLocker complains. Naturally, I cannot boot with Secure Boot because Kali is not signed.
How can I manually sign my Kali so I can make it boot that way? I'm definitely not above signing it myself with a custom key then telling UEFI to trust that key... if that's possible.
iAdjunct
Posted 2019-04-19T22:39:11.907
Reputation: 1 570
0
The easiest is to use Linux Foundation signed PreLoader which works on file hash basis and does not require any configuration, but it will require manual intervention every time you update the kernel.
The proper way is to generate your own self-signed signing key, enroll it into UEFI and sign bootloader and kernel with it.
Another way is to use one of signed shims available (I prefer Fedora version) with your own self-signed key and kernel, which you don't want/can't enroll into UEFI.
Or, if you don't need "secure" part of Secure Boot, you can use Super UEFIinSecureBoot Disk bootloader.
ValdikSS
Posted 2019-04-19T22:39:11.907
Reputation: 1
@ramhound Unless UEFI can let me add a new trusted key – iAdjunct – 2019-04-19T22:54:08.647