Update readme with instructions for resetting secure boot on shodan

This commit is contained in:
Lillian Violet 2024-11-30 18:39:47 +01:00
parent c3df26037e
commit c876e563d8

View file

@ -57,3 +57,12 @@ The secrets are managed in sops files within the hosts folders, there is only on
``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"`` ``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"``
This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself. This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself.
### [Secure Boot Shodan](https://steamcommunity.com/app/1675200/discussions/0/3541546590704253536/)
Removing the secure boot for shodan involves some trickery on the command line, first disable the read only on the efivars on the system with
``sudo chattr -i /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c``
then enable setup mode for the system with
``sudo efi-updatevar -d 0 -k /etc/secureboot/keys/PK/PK.key PK``
This should allow you to reinstall or do other things with the sytem (and crucially disable secure boot in the boot menu).
``