Changes
efi-updatevar -f KEK.auth KEK
efi-updatevar -f PK.auth PK
* The EFI variables may be immutable (i-flag in lsattr output) in recent kernels (e.g. 4.5.4). Use chattr -i to make them mutable again if you can’t update the variables with the commands above:
chattr -i /sys/firmware/efi/efivars/{PK,KEK,db,dbx}-*
* Review installed certificates
* From now on only EFI binaries signed with any db key can be loaded
reboot
<br>
== See also ==
[[category:software]]
[[category:Application notes]]
[[category:fitlet2]]
