ASUS T100 - Linux&Ubuntu new-efi
Milestone information
- Project:
- ASUS T100 - Linux&Ubuntu
- Series:
- boot-grub
- Version:
- new-efi
- Released:
- Registrant:
- Lionel Dor
- Release registered:
- Active:
- No. Drivers cannot target bugs and blueprints to this milestone.
Activities
- Assigned to you:
- No blueprints or bugs assigned to you.
- Assignees:
- No users assigned to blueprints and bugs.
- Blueprints:
- No blueprints are targeted to this milestone.
- Bugs:
- No bugs are targeted to this milestone.
Download files for this release
Release notes
How to delete the secure boot keys to truly disable secure boot. No need to do this if you have successfully installed the ISO and can boot into Ubuntu. Usual disclaimers.
0) review the references at the end of this post
1) Make a backup of the whole mmcblk0. Macrium Reflect for Windows works well - also make the rescue USB. Another method is to DD mmcblk0 to a class10 (or better) SDcard.
2) Power on the device while pressing the <ESC> key (CHI users will need to attach a USB keyboard).
3) Pick "Enter Setup" from boot menu
4) Note the Bios version and Processor
This will help us if this "won't boot" issue is related to a particular BIOS or processor.
5) Navigate to "Security" tab, using <right-arrow> key
6) <down-arrow> to "Secure Boot Menu" then <enter>
7) <down-arrow> to "Secure Boot Support" and enable it
8) <down-arrow> to "Key Management" <enter>
9) <down-arrow> to "Save" <enter>
10) Pick file <enter>, <enter> to confirm saving 4 variables
(I used the option ending with "SubType 5)HD(part1, Sig ?)\" to save in EFI folder)
11)<down-arrow> to "Delete PK" <enter>, confirm
12)<down-arrow> to "Delete KEK" <enter>, confirm
13)<down-arrow> to "Delete DB" <enter>, confirm
14)<down-arrow> to "Delete DBX" <enter>, confirm
15)<esc> to Key Management <up-arrow> to Secure Boot Support
16)<enter> and disable Secure Boot Support
17) <F10> to save and reboot
To restore the keys follow steps 1-8 from above, then
- navigate to "Set new PK" <enter>
- <right-arrow> to No, <enter> (want to "load from file")
- select file - same file as step 10) <enter>
- <down-arrow> to "PK" <enter>
- navigate to "Public Key Certificate" <enter>, "Yes" <enter> <enter>
Repeat for {"KEK","DB","DBX"}
Disable secure boot [optional if abandonning linux] steps 15) and 16)
<F10> to save and reboot
These instructions verified on the T100CHI with American Megatrends 206 BIOS. This should work for other versions, though the precise details may vary...
Note: While this worked for me, you are on your own - proceed at your own risk. Usual disclaimers... Make sure you've read and understood the info at the following link about these keys. If you are careful and patient there should be no problems.
Reference: See: http://
"...simple description, the “Platform Key” shows who “owns and controls” the hardware platform. The “Key-Exchange keys” shows who is allowed to update the hardware platform, and the “Signature Database keys” show who is allowed to boot the platform in secure mode."
Written by John Brodie
Changelog
This release does not have a changelog.
0 blueprints and 0 bugs targeted
There are no feature specifications or bug tasks targeted to this milestone. The project's maintainer, driver, or bug supervisor can target specifications and bug tasks to this milestone to track the things that are expected to be completed for the release.
