2019年8月13日 · First, the MOK is created and prepared for installation while the OS is running, and a one-time password is created to protect the second phase of the installation process. Then, the system is rebooted, and the shimx64.efi will detect that a MOK installation process has been started, and shows the blue MOK Manager screen at boot. At that point ...

2021年11月30日 · The actual MOK will be located in /var/lib/shim-signed/mok/ directory once it has been created. It is a two-part cryptographic key: the public part, also called certificate, will be in the MOK.der file. This is the part that gets registered into the system firmware.

2021年3月24日 · If you don't do the "Enroll MOK" on the next reboot right after running update-secureboot-policy --enroll-key, the enrollment procedure will be on hold, waiting for you to either complete it by selecting "Enroll MOK" on a subsequent boot, or to cancel it with sudo mokutil --revoke-import within Linux.

2023年11月29日 · The MOK password prompt typically only runs once at initial machine set up. It is probably running more often because it has never succeeded. Typically the MOK password utility is only activated when secure boot is enabled AND you install a driver that must be compiled (like the nvidia dkms driver).

2023年6月20日 · If you are using the same MOK key each time, there should be no need for the key (re)installation procedure. If you used Debian/Ubuntu tools to create your MOK, there should be two files in /var/lib/shim-signed/mok/ directory: the private key as MOK.priv and the public key as MOK.der. But you said you have your own signing keys at some other ...

2024年2月20日 · That directory should contain two files: MOK.der is the public key that can be used to check the validity of the signatures, and a corresponding MOK.priv, the private key that can be used to create signatures. To restart the MOK enrollment procedure with an existing key (with which your NVidia modules are already signed), run:

2020年9月7日 · I am trying to enroll a MOK under Ubuntu 20.04.1 for supporting some third-party kernel modules while keeping Secure Boot enabled. The system boots fine with the stock kernel and modules, but I am having issues with using the Mok Manager to enroll the generated MOK that is being used to sign third-party kernel modules.

2022年12月10日 · Some time ago I have installed Ubuntu 22.04 and installed proprietary nvidia drivers on it. That triggered creation of the new MOK (Machine Owner Key). In a meantime I have decided to reinstall the...

2024年7月5日 · I'm using the mok --import command, and rebooting form the serial console. The problem is that, when the splash screen appears, the serial console does not accept any input, and I can't get passed the 30 second splash screen. Is there any other way to force the enrollment of a new key or starting mok manager while the machine is booted?

2018年2月6日 · sudo mokutil --import MOK.der where MOK.der is the output file from generating the key. When I reboot, I am greeted with a message: Press any key to run MOK Management. A countdown to boot normally is shown in the bottom left of the screen. When I press a button, the countdown freezes, but nothing else happens.