A fast way to enroll 300 dbx hashes?

I am customizing secure boot on amd version and I wonder how to enroll the 300 dbx hashes back. I followed the Secure boot article on Arch Wiki to extract the keys and used sbctl.

I don’t have an answer for you but I’m exceptionally curious as to your use case.

1 Like

It’s that the default dbx has more than 300 hashes, and I enrolled Microsoft’s keys into the firmware and would like to re-enroll the original dbx to enhance security.

1 Like

So why not reset to defaults and then just add MS keys in addition? Did you clear all keys before adding MS keys?