After installing, my BIOS asked for

paulie420 · 27 October 2021 21:12

A PEM key or a ... DAN key?

I DID use secure boot, and I do not have a lot of knowledge about it...

When the BIOS pop-up came up, I selected what I thought was right... there was an option to simply continue booting, and another option for viewing the key.

I viewed the PEM(?) key and selected it... the system booted and seems to be rebooting/booting fine now?

So - what was that? Did I do right by selecting the key and... adding it? Is this "TPM"?

I was huge into computers pre-2000, and then came back to Apple hardware in 2010, before getting back to *nix 7 years ago. I'm fairly knowledgeable w/ Linux, but... I lack in some of the areas where technology advanced while I was away.

I'd really like to learn about some of these features that I think I miss- secure boot, UEFI, TPM and certificates in BIOS...

Thanks for any help...

pAULIE42o
. . . . . . . . . .
/s

Aravisian · 27 October 2021 21:24

It is a Windows Thing.

If you are not dual-booting with Windows, TPM (Which is a backdoor access point) and Secure Boot (only Microsoft signed programs can boot at init) can both be disabled.

paulie420 · 27 October 2021 23:51

Thanks - hence, why I know nothing of the sort... Guess I'll turn both off, again.

StarTreker · 28 October 2021 00:18

When you decided to turn off TPM and SECURE BOOT, you made an excellent life choice. In essence, life gets better when your computer works great.

I agree with Aravisian, those two things are Windows use only, so are not needed for Linux. Don't ever turn those things back on, otherwise your computer starts going freaky deaky all over again.

Aravisian · 28 October 2021 00:24

TPM is the thing that bothers me... And Win 11 demands it be active. A backdoor. For Security...

Call me crazy but I would feel more secure with a backdoor that they have access to but I do not that was disabled.

Winged1 · 28 October 2021 12:57

Try the following command and if tpm is enabled you should see something like my output. I dual boot with windows 11 so it is enabled in my case.

dmesg | grep -i tpm

[

    0.000000] efi: ACPI 2.0=0x9eb4f000 ACPI=0x9eb4f000 TPMFinalLog=0x9ebb9000 SMBIOS=0x9f539000 MEMATTR=0x996f2018 ESRT=0x9b535818 MOKvar=0x9a6a8000 RNG=0x9f551e18 TPMEventLog=0x93a89018 
[    0.013072] ACPI: TPM2 0x000000009EB9ECF8 000034 (v04 ALASKA A M I    00000001 AMI  00000000)
[    0.013097] ACPI: Reserving TPM2 table memory at [mem 0x9eb9ecf8-0x9eb9ed2b]

Winged1 · 28 October 2021 13:10

To check EFI and secure boot.
ls /sys/firmware/efi
mokutil --sb-state

Elegant_Emperor · 28 October 2021 13:38

Honestly, I had no idea what secure boot was and how it would effect my computer....But then after installing Linux, I got the same message where the BIOS asked for the

and my mind automatically whispered to my ears, "It is the damned secure boot, man, turn it off!" and so I did that.

paulie420 · 28 October 2021 15:53

[    0.000000] efi: ACPI=0x45bfe000 ACPI 2.0=0x45bfe014 TPMFinalLog=0x45ac5000 SMBIOS=0x439e3000 SMBIOS 3.0=0x439e1000 MEMATTR=0x3f8e6018 ESRT=0x3fb8f298 MOKvar=0x3f8ea000 RNG=0x439e4b18 TPMEventLog=0x39f3a018 
[    0.007647] ACPI: SSDT 0x0000000045BE1000 00077B (v02 INSYDE Tpm2Tabl 00001000 INTL 20160422)
[    0.007649] ACPI: TPM2 0x0000000045BE0000 00004C (v04 INSYDE TGL-ULT  00000002 ACPI 00040000)
[    0.007696] ACPI: Reserving TPM2 table memory at [mem 0x45be0000-0x45be004b]
[    1.186160] tpm_tis NTC0702:00: 2.0 TPM (device-id 0xFC, rev-id 1)```

paulie420 · 28 October 2021 15:55

config_table  esrt              fw_vendor      runtime      systab
efivars       fw_platform_size  mok-variables  runtime-map  vars
paulie420@frame-work:~$ mokutil --sb-state
SecureBoot enabled

Thanks, I'm gonna turn off secure boot and TPM.

pAULIE42o
. . . . . . . . . .
/s

StarTreker · 28 October 2021 17:14

I feel like our forum requires a big giant statement in bold that says, new users, TURN OFF SECURE BOOT! Then another one that says, TURN OFF TPM! That would literally cut down on support load by probably at least 40% to 50%.

paulie420 · 28 October 2021 17:32

Ok, I think I've got things set a bit better now:

config_table  esrt              fw_vendor      runtime      systab
efivars       fw_platform_size  mok-variables  runtime-map  vars
paulie420@frame-work:~$ mokutil --sb-state
SecureBoot disabled
paulie420@frame-work:~$ dmesg | grep -i tpm
[    1.360754] ima: No TPM chip found, activating TPM-bypass!

Hopefully this is a bit better now; although my X11 window overlapping issue is still present.
pAULIE42o
. . . . . . . . . .
/s

Aravisian · 28 October 2021 18:12

Is this a topic for a new thread?

system · 26 January 2022 18:12

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.