Update readme with instructions for resetting secure boot on shodan
This commit is contained in:
parent
c3df26037e
commit
c876e563d8
|
@ -57,3 +57,12 @@ The secrets are managed in sops files within the hosts folders, there is only on
|
||||||
``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"``
|
``nix-shell -p sops --run "sops ./nixos/hosts/<hostname>/secrets/sops.yaml"``
|
||||||
|
|
||||||
This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself.
|
This requires your system to have the keyfile available for sops to use, by default sops looks in the sops/age folder in your user folder for a keys.txt file with the private key. You can change this behaviour by setting the **\$SOPS_AGE_KEY_FILE** environment variable, or setting the **\$SOPS_AGE_KEY** environment variable to the key itself.
|
||||||
|
|
||||||
|
### [Secure Boot Shodan](https://steamcommunity.com/app/1675200/discussions/0/3541546590704253536/)
|
||||||
|
|
||||||
|
Removing the secure boot for shodan involves some trickery on the command line, first disable the read only on the efivars on the system with
|
||||||
|
``sudo chattr -i /sys/firmware/efi/efivars/PK-8be4df61-93ca-11d2-aa0d-00e098032b8c``
|
||||||
|
then enable setup mode for the system with
|
||||||
|
``sudo efi-updatevar -d 0 -k /etc/secureboot/keys/PK/PK.key PK``
|
||||||
|
This should allow you to reinstall or do other things with the sytem (and crucially disable secure boot in the boot menu).
|
||||||
|
``
|
Loading…
Reference in a new issue