Double Lockout

Recently I was playing around with the boot systems on my two main computers - laptop and desktop - to enable Secure Boot. This is a quite old tech by now, and helps protect against "evil maid" attacks where somebody has temporary access to your hardware and uses it to install some kind of persistent backdoor. I don't think this is a huge threat to me in real life but it's fairly standard behaviour now so I figured I'd familiarise myself with it.

In the process I managed to get myself locked out of both. This was mildly concerning, because usually I'd use one system to help me repair the other. Fortunately I managed to "repair" the desktop by simply disabling Secure Boot.

The laptop was a bit more complicated. ( Nerdy details )

For all that parts of this experience were frustrating, and the stakes were moderately high since going without my laptop would be a huge pain, I quite enjoyed this little pair of experiments. I learned new things, refreshed my memory of a few others, and found a weak spot in my nerding abilities. A larger, and more importantly faster, USB stick will be replacing its venerable predecessor on my keyring - and I'll keep the old one around for smaller file transfers too, so I don't have to keep reformatting.

Next steps are to figure out why Secure Boot doesn't work on the desktop, and to try and replace Grub with systemd-bootd on the laptop. But that can wait for a while before I'm in another geeky mood...