Contribute
Register

[GUIDE] OpenCore and UEFI Secure Boot using Windows Subsystem for Linux

@miliuco
Hello, in my bios I cannot disable the Security Boot menu, and it does not have a Key Manager in the Menu. That's why I use Keytool.efi. Previously I used a Bootloader called Universal USB Installer and successfully managed to add the Enroll_This_Key_In_MokManager.cer certificate via Keytool. Sorry for my bad English, I'm using Google Translate.
 
miliuco said:
@RAFAELRAZOR

Please cut the log or put it into an attached txt file to improve readability of the post. It's too long.

You write
Code: 
cp /home/ubuntu/Downloads/MicCorUEFCA2011_2011-06-27.crtcp /mnt/c/Users/Ubuntu/Downloads/MicCorUEFCA2011_2011-06-27.crt

But it must be
Code: 
cp /home/ubuntu/Downloads/MicCorUEFCA2011_2011-06-27.crt cp /mnt/c/Users/Ubuntu/Downloads/MicCorUEFCA2011_2011-06-27.crt

Note .crtcp >> .crt cp.
I see that this is fixed later.

You write
Code: 
sudo apt-get install unzip~

But it must be
Code: 
sudo apt-get install unzip

But unzip seems to be installed.

In BIOS you have a menu to enable/disable UEFI Secure Boot, right? Are you trying to shove the keys with UEFI Secure Boot disabled? Do you have in BIOS a menu to reset or manage the secure boot keys?
Click to expand...
Can I use Ubuntu Ubuntu on WSL2 on Windows 11?
 
@RAFAELRAZOR
Yes, WSL2 can set Ubuntu as Linux environment.
 
@RAFAELRAZOR
Please edit the post 39 to put the log text into a code block to improve readability. Thanks.
 
Last edited:
@miliuco Coincidentally, I'm trying to update to OpenCore 0.9.6 following this same order of steps I always do, but I can't get OpenCore Vault to work:
miliuco said:
@Gobias

This is what I've done:
  • In order not to have to switch from mac to windows so many times, I have installed Ubuntu 14.04 virtual machine with UTM
  • On Ubuntu I have digitally signed all OC 0.8.5.efi files except OpenCore.efi
  • On macOS I have vaulted the EFI folder with the signed files, including OpenCore.efi not signed yet
  • On Ubuntu I have signed the OpenCore.efi file which already has Vault applied
  • Back in macOS I have copied the EFI folder to the EFI partition
  • I have rebooted activating UEFI Secure Boot and... it worked!
So it's just like you said, I hadn't read the OC setup text carefully either.

It is a tedious task. The most boring part is copying files between macOS and Ubuntu. UTM in theory has the option to define a shared folder to exchange files but I have not been able to get it to work. I have used Wetransfer in both mac and linux browsers to send files between both systems. Pretty heavy but at least I've learned how to have Vault and UEFI Secure Boot at the same time.
Click to expand...

I've tried going through the steps 3 times now, but I always get this "no public key" error when I boot up:
Gobias said:
I tried and got this OpenCore error:

Code: 
OC: Configuration requires signed vault but no public key provided!
Click to expand...

I have no idea what I'm doing wrong because I haven't changed my process, and I'm using the latest version sign.command included with OpenCore 0.9.6.
 
Hack Pro [RIP]
GA-Z87X-UD5H |  i7 4770K |  RX 580 Pulse 8GB
Hack Pro II
Prime Z490-A |  i7 10700K |  RX 6600 Pulse 8GB
miliuco said:
You’re right, fixed.
Click to expand...
rafaelpassos@DESKTOP-KTGMRAA:~/efikeys$ openssl x509 -inform DER -in MicWinProPCA2011_2011-10-19.crt -outform PEM -out MicWinProPCA2011_2011-10-19.pem
Could not open file or uri for loading certificate from MicWinProPCA2011_2011-10-19.crt
400735A6FD7E0000:error:16000069:STORE routines:eek:ssl_store_get0_loader_int:unregistered scheme:../crypto/store/store_register.c:237:scheme=file
400735A6FD7E0000:error:80000002:system library:file_open:No such file or directory:../providers/implementations/storemgmt/file_store.c:267:calling stat(MicWinProPCA2011_2011-10-19.crt)
Unable to load certificate
1700266197608.png
 
@RAFAELRAZOR

Did you download MicCorUEFCA2011_2011-06-27.crt and MicWinProPCA2011_2011-10-19.crt to efikeys folder?

When I run

Code: 
openssl x509 -in MicWinProPCA2011_2011-10-19.crt -inform DER -out MicWinProPCA2011_2011-10-19.pem -outform PEM
openssl x509 -in MicCorUEFCA2011_2011-06-27.crt -inform DER -out MicCorUEFCA2011_2011-06-27.pem -outform PEM

I don't get such error.

If Microsoft certificates are already downloaded, try downloading them again in case the downloaded files are corrupted.
 
Gobias said:
@miliuco Coincidentally, I'm trying to update to OpenCore 0.9.6 following this same order of steps I always do, but I can't get OpenCore Vault to work:


I've tried going through the steps 3 times now, but I always get this "no public key" error when I boot up:


I have no idea what I'm doing wrong because I haven't changed my process, and I'm using the latest version sign.command included with OpenCore 0.9.6.
Click to expand...

I finally figured out the issue while trying to update to OpenCore 0.9.7. I hadn't accepted the Xcode license after updating Xcode. I got an error saying that OpenCore.efi was borked because I hadn't accepted the license when I tried to create the OpenCore Vault, but I didn't notice it before when I was trying to update to OpenCore 0.9.6. I just had to open Xcode and click Accept, and then OpenCore Vault worked.
 
Hack Pro [RIP]
GA-Z87X-UD5H |  i7 4770K |  RX 580 Pulse 8GB
Hack Pro II
Prime Z490-A |  i7 10700K |  RX 6600 Pulse 8GB
You must log in or register to reply here.
Copyright © 2010 - 2024 tonymacx86 LLC
Back
Top