
On Mon, Jul 27, 2020 at 01:57:02PM -0400, D. Hugh Redelmeier via talk wrote:
Secure Boot:
Microsoft requires PC hardware to be shipped with Secure Boot enabled. I think that they also require that it be possible to disable it (but only manually, not by program).
Secure boot requires that there be a cryptographically authenticated unbroken chain of things that lead to loading the OS. Authentication of things loaded by the UEFI amounts to being signed by a key for which the firmware knows the public key.
The only public key most UEFI firmware knows is controlled by Microsoft. Red Hat has arranged for Microsoft to sign a loader that will then load other things: shim.efi. Red Hat made this available to any other Linux Distro, I think.
Some other Linux systems have adopted this. For example, UBUNTU and SuSE. I don't know if your distro has.
Suggestion: disable secure boot and continue your experiments. I know you said that you cannot find the setting, but it must be there somewhere in the firmware setup screen.
Odd: googling seems to suggest that the only way to turn off SB on Asus boards is to delete the PK key. If you are going to do this, please save the key first in case you need to restore it.
No need. There is a load default keys option to restore the microsoft keys. -- Len Sorensen