[Solved] Undo Secure Boot setup - Cannot boot from anything else

[maddoc_x]

Hi,
I've followed the instructions in this guide to setup a secure boot:
https://pve.proxmox.com/wiki/Secure_Boot_Setup
(followed the Setup instructions for db key variant)

And while the secure boot works correctly, I cannot boot from anything else but the custom shim I've created from the instructions.
Also, cannot boot from a USB drive.

Getting this message on boot: "Invalid signature detected check secure boot policy in setup"

Tried mokutil --disable-validation and mokutil --reset - didn't helped.
I do not have an option to disable secure boot in my bios.

My box is Topton 11th Gen Intel i7 1165G7 6x i226-V 2.5G LAN from AliExpress.

How can I revert all this?

Running Proxmox VE 8.2

 

[maddoc_x]

Figured out myself.

Remove the PK and move the device back into setup mode using the private key:

mount -o remount,rw /sys/firmware/efi/efivars
chattr -i /sys/firmware/efi/efivars/PEP-*
efi-updatevar -d 0 -k /root/secureboot/PK.key PK

reboot

Remove the KEK and db keys:

mount -o remount,rw /sys/firmware/efi/efivars
chattr -i /sys/firmware/efi/efivars/KEK-*
chattr -i /sys/firmware/efi/efivars/db-*

efi-updatevar -d 0 -k /root/secureboot/KEK.key KEK
efi-updatevar -d 0 -k /root/secureboot/db.key db

Verify that all keys were removed:

efi-readvar

output:

Variable PK has no entries
Variable KEK has no entries
Variable db has no entries
Variable dbx has no entries
Variable MokList has no entries

Finally remove the automatic kernel signing:

rm /etc/kernel/postinst.d/zz-sign-kernel