How to reenable Secure Boot?


I am running Fedora Workstation 37 and had Secure Boot enabled from the beginning. Now I’ve installed Windows 10 on a second drive. After installation the boot entry for Fedora vanished (for me: pressing F11 on bootup) and I had to navigate to EFI/FEDORA and boot GRUBX64.EFI by hand. It boots up fine, but Secure Boot seems to be disabled right now:

$ sudo mokutil --sb-state
SecureBoot disabled

And $ sudo mokutil --list-enrolled is pretty much empty, don’t know if that should be the case or not.

I am by far no expert in Secure Boot…how can I fix this issue by not reinstalling Fedora?

1 Like

You did not mention whether you are using drivers that may have required signing to work with secure boot.

Secure boot is usually enabled & disabled from inside the bios management screens when first booting. Booting into bios would be the way to enable it. Normally a system is delivered with secure boot enabled so if it is disabled the user mostly has to do that manually.

A system also mostly has at least one key enrolled, mine has 4, one of which was created by me when I generated the key to sign the nvidia modules.

The fact that mokutil does not return anything probably is related to the fact that with secure boot disabled the keys are not used.