Enabling SecureBoot on ARM EC2 instances in AWS

Easy enough to do, even if it's not the default

SecureBoot is a way to ensure the integrity of a system by configuring it to only boot if the images (programs) being loaded are signed by an authorized source. This is true of physical machines, but also of virtual machines, and by extension, cloud instances. However, I recently discovered that in AWS, an AMI of the popular Ubuntu operating system, when running on arm64 instance types such as t4g.nano, didn’t have SecureBoot enabled. So I sought to fix that, and discovered that while it is quite simple to do, it’s not very obvious. Here’s a tutorial and some explanation that will probably be useful for x64_64 and arm64 systems alike, but was written purely based on my own use case, so adapt and test as necessary and report back what you find!

[Read More]