sbctl won't work on Fujtsu Lifebook A574/M, BIOS would just reset ANY USER intervention of the secure boot changes

[Mizumo-prjkt]

Pointers:

• sbsign can enable secure boot, but won't allow modification on its efivar, checking the BIOS option, it only has customized or default option, as well as a switch to enable/disable secure boot
• signing efi files won't work either using this tool
• didn't use the optionrom flag as this unit is using Lynx Point, for safety because there could be a huge chance of soft bricking everything, and this bios was from 2016 (now installed the last version on 2020)
• also had custom signed keys ready, with archlinux's wiki help

[Mizumo-prjkt]

Also forgot:

• used chattr, it did "work" but it just reverts itself like nothing happened (but secure boot flag did turn on)

[IPlayZed]

Could you provide screenshots of your UEFI setting step-by-step when doing your setup?

[Mizumo-prjkt]

its been a while so ill recreate this again

i realized i disabled secure boot so went to enable it and enable setup mode/custom mode

after everything is done

Fujitsu BIOS says:

[Mizumo-prjkt]

basically did the instruction on the readme but only took the --microsoft flag

[Mizumo-prjkt]

disabling the secure boot temporarily to check the chattr-ed files to see them having issues again

 [navia@fujitsu-a574m ~]$ sudo sbctl enroll-keys
[sudo] password for navia: 
‼ File is immutable: /sys/firmware/efi/efivars/KEK-8be4df61-93ca-11d2-aa0d-00e098032b8c
‼ File is immutable: /sys/firmware/efi/efivars/db-d719b2cb-3d3a-4596-a3bc-dad00e67656f
You need to chattr -i files in efivarfs

[Foxboron]

Which files did you sign before rebooting?