I am customizing secure boot on amd version and I wonder how to enroll the 300 dbx hashes back. I followed the Secure boot article on Arch Wiki to extract the keys and used sbctl.
I don’t have an answer for you but I’m exceptionally curious as to your use case.
1 Like
It’s that the default dbx has more than 300 hashes, and I enrolled Microsoft’s keys into the firmware and would like to re-enroll the original dbx to enhance security.
1 Like
So why not reset to defaults and then just add MS keys in addition? Did you clear all keys before adding MS keys?