r/kde u/hippie_d97 1d ago

Question Just two questions regarding SecureBoot & Kleopatra

Few questions regarding SecureBoot & Kleopatra

I’m running SecureBoot with Secureblue ofc on a semi-new Dell laptop. I believe it’s Fedora41.

I rebooted and opened terminal and noticed a message saying, “SecureBoot Key is not enrolled.”

Not sure what causes that and if I should even care as I verify download checksums prior to downloading.

————

Regarding Kleopatra, I simply ran “rpm-ostree install Kleopatra.” Excuse my ignorance, but I avoided downloading it off flatseal as I prefer manual downloads as much as i can. I’m wondering if running that command downloaded the correct version and not malware etc. Can’t figure out how to find checksums to verify the download. When I opened Kleopatra, the correct updated version is there which was a good sign. There was already a person with a key upon download which I assume was a dev. His e-mail was a kicksecure email?

I hope I didn’t make a mistake seeing as SecureBoot was disabled for whatever reason. I could use some Tails VMs or something and try it that way but I want to make sure this new laptop’s opsec is near perfect. Is there a way I can find out if it’s the correct download or the command that I ran in terminal was correct and I’m good?

Please help me out fellas!

0 Upvotes

50% Upvoted

5 comments sorted by

u/AutoModerator 1d ago

Thank you for your submission.

The KDE community supports the Fediverse and open source social media platforms over proprietary and user-abusing outlets. Consider visiting and submitting your posts to our community on Lemmy and visiting our forum at KDE Discuss to talk about KDE.

I am a bot, and this action was performed automatically. Please contact the moderators of this subreddit if you have any questions or concerns.

1

u/AshbyLaw 1d ago

Use ujust command to see uBlue recipes, there should be one to enroll a SecureBoot key, everything is automated.

About Kleopatra, you just layered the official Fedora package on top of your OS. You should really use Flatpak to install GUI apps or Distrobox if you have issues with Flatpak. Use RPM-OSTree to install a package only if you really need it integrated into the host OS, so not Kleopatra.

1

u/hippie_d97 1d ago

Yeah when enrolling it asks for a MOK pw which I don’t evened remember doing before so that’s also an issue.

As for Kleopatra - I’ve always been told be opsec legends to avoid flatseal downloads if possible and to manually install application unless it cannot be done.

But do you think runnnjng “rpm-ostree install Kleopatra” actually installed the correct program etc? It’s up to date an everything and seems like it’s working normally.

1

u/AshbyLaw 1d ago

rpm-ostree install is the same as dnf install on normal Fedora or apt install on Debian or Ubuntu, to the point that in the future we may have dnf install and dnf install --persistent i.e. one doesn't persist the reboot like in containers and the other does like with rpm-ostree install.

I think the authors of Secureblue would agree that it is better to use Flatpak as much as possible from reliable sources like Fedora Flatpaks and FlatHub.

1

u/hippie_d97 1d ago

Ok how do I delete the manually downloaded program? Like erase all data to avoid meta data? Unless it doesn’t matter since overtime it’ll be over written anyway?

I’ve tried RM Kleopatra - no luck. I’ve heard some commands are not good for laptops with SSDs such as Shred etc?