Enrolling MOK not working?
I tried to follow the instructions to enable secure boot and ran into issues enrolling the MOK. So I tried to enroll it and was asked to put in the password so typed ublue-os and it said password doesn’t match. So now I don’t have any idea how it could fix this.
Help would be much appreciated
6 Replies
mokutil uses an US keyboard
the
- is the 2nd key to the left of backspace on the number row
ujust enroll-secure-boot-key to try againThanks it worked now, but I got a nother question since my knowledge with such stuff is not that broad I want to know, does such a MOK put my BIOS in some kind of risk or could such a MOK even be malicious?
bios no
essentially it is you importing a user defined key that you trust to be allowed to use secure boot
the alternative is disabling secureboot, meaning any system trying to boot on the machine is allowed to do so
the mok keys work as an allow list
by default microsofts keys and usually known big linux vendors are allowed and nothing else
enrolling our key allows ublue systems to boot on the system and the drivers and kernel modules we sign while secureboot is enabled since you added the key to the allow list
Ok thanks now I have a better picture of it. Anyway thanks for the help and have a nice day
Hello it is me again, I wanted to ask if it is possible for Malware to use the MOK key to boot something malicious because the passwords for enrolling the key is known and publicly available on your website?
Or is such a key securely stored in the BIOS?
that mok enrollment password is whatever you set its only used to verify that you enroll it
we just auto set it
so for a malware that is kernel based to get through secure boot, it needs to be signed with our private key which is as the name suggests, private
Ok thanks