Secure Boot

Caution

This feature is experimental. Use at your own risk, as it could brick your device.

Setup

1. NixOS

   Create keys to use for secure boot.

   sudo nix run nixpkgs#sbctl create-keys

2. Enable Secure Boot in the UEFI and enter Setup Mode or erase the Platform Keys.

3. Enroll the keys.

   NixOS

   sudo nix run nixpkgs#sbctl enroll-keys -- --microsoft

Troubleshooting

Outdated secure boot keys

After an OS update while using secure boot, keys might become outdated and this error appears on boot:

Verification failed: (0x1A) Security Violation

The following steps might resolve this issue.

1. Disable secure boot in the UEFI.

2. Reset the keys.

   NixOS

   sudo nix run nixpkgs#sbctl reset

3. Setup secure boot again.

Further reading

• Setting up lanzaboote on Nix