UEFI Secureboot key length 4096bit not supported?

On the Jetson Orin Nano Devkit, I successfully enabled UEFI Secureboot with 2048 and 3072 bit keys. But when using 4096bit, the board always fails to validate the kernel image and the boot fails.
Could you please confirm this limitation, because the documentation on
https://docs.nvidia.com/jetson/archives/r35.4.1/DeveloperGuide/text/SD/Security/SecureBoot.html#uefi-secureboot
does not mention any such limitation on the UEFI keys, but does also not mention which key lengths are supported.

hello business37,

the limitation is mentioned here… SecureBoot - Debian Wiki
re-cap as below.

NOTE:
It seems that shim will not support adding a 4096 RSA key to the MokList (it might freeze when loading and verifying the grubx64.efi binary), so make sure you use a 2048 key for now.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.