On 05/10/2023 04:06, Valerio Vanni wrote:
I don't know if there is an EFI shell.
I am not sure, but some motherboards may have it preinstalled. Check files on EFI system partition. It may be available in boot menu invoked by some F* key (not grub menu), it may be necessary to enable it in Firmware (BIOS) settings. On a screenshot of AMI bios some related option is present in "Exit" menu in advanced mode.
Some commands and links: https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface#UEFI_Shell
For Linux, I found this (there's no version for Debian): https://github.com/rhboot/dbxtool But it says it was replaced by this: https://github.com/fwupd/fwupd
My impression is that fwupd may install updates if they are provided by hardware vendors.
Concerning secure boot keys, I would start from mokutil, but since I never debugged similar issues, I am not sure.
