I use linux-xanmod-anbox kernel. It seems this kernel hasn't been signed.

Following https://wiki.archlinux.org/title/Unified_Extensible_Firmware_Interface/Secure_Boot#Signing_EFI_binaries, I could sign the kernel by

sbsign --key db.key --cert db.crt --output /boot/initramfs-linux-xanmod-anbox.img /boot/initramfs-linux-xanmod-anbox.img

But where to obtian db.key and db.crt files?

I have signed refind by PreLoader.

Cheers (:

Edit:

Well, thanks to u/K900_ I got those files generated by openssl. I could sign the kernel, but unfortunately, it didn't boot as it showed it was failed to verify.

Anyway, refind's has built-in HashTool, just had to enable by showtools shutdown,reboot,mok_tool,firmware

submitted by /u/mishab_mizzunet
[link] [comments]