Mokutil stands for Machine Owner Keys utility.It is used to manage keys which is used by shim to validate boot images.It is open source utility that your can install and manage keys.
If you want to install the mokutil tool then follow the below steps:
1) Download the mokutil from the official git repository
2) Extract the zip file
3) Go inside the extract folder & Open terminal and run below commands.
./autogen.sh
./configure && make && make install
./autogen.sh
./configure && make && make install
4) To check mokutil run the below command
mokutil --list-enrolled
It will show the current enrolled keys with mokutil.
Another option that you can use with Mokutil is below.
Options:
--help Show help
--list-enrolled List the enrolled keys
--list-new List the keys to be enrolled
--list-delete List the keys to be deleted
--import <der file...> Import keys
--delete <der file...> Delete specific keys
--revoke-import Revoke the import request
--revoke-delete Revoke the delete request
--export Export keys to files
--password Set MOK password
--clear-password Clear MOK password
--disable-validation Disable signature validation
--enable-validation Enable signature validation
--sb-state Show SecureBoot State
--test-key <der file> Test if the key is enrolled or not
--reset Reset MOK list
--generate-hash[=password] Generate the password hash
--ignore-db Ignore DB for validation
--use-db Use DB for validation
--import-hash <hash> Import a hash into MOK or MOKX
--delete-hash <hash> Delete a hash in MOK or MOKX
--set-verbosity <true/false> Set the verbosity bit for shim
--pk List the keys in PK
--kek List the keys in KEK
--db List the keys in db
--dbx List the keys in dbx
--timeout <-1,0..0x7fff> Set the timeout for MOK prompt
Supplimentary Options:
--hash-file <hash file> Use the specific password hash
--root-pw Use the root password
--simple-hash Use the old password hash method
--mokx Manipulate the MOK blacklist
Sharing is Caring 😀
--help Show help
--list-enrolled List the enrolled keys
--list-new List the keys to be enrolled
--list-delete List the keys to be deleted
--import <der file...> Import keys
--delete <der file...> Delete specific keys
--revoke-import Revoke the import request
--revoke-delete Revoke the delete request
--export Export keys to files
--password Set MOK password
--clear-password Clear MOK password
--disable-validation Disable signature validation
--enable-validation Enable signature validation
--sb-state Show SecureBoot State
--test-key <der file> Test if the key is enrolled or not
--reset Reset MOK list
--generate-hash[=password] Generate the password hash
--ignore-db Ignore DB for validation
--use-db Use DB for validation
--import-hash <hash> Import a hash into MOK or MOKX
--delete-hash <hash> Delete a hash in MOK or MOKX
--set-verbosity <true/false> Set the verbosity bit for shim
--pk List the keys in PK
--kek List the keys in KEK
--db List the keys in db
--dbx List the keys in dbx
--timeout <-1,0..0x7fff> Set the timeout for MOK prompt
Supplimentary Options:
--hash-file <hash file> Use the specific password hash
--root-pw Use the root password
--simple-hash Use the old password hash method
--mokx Manipulate the MOK blacklist
Sharing is Caring 😀
0 Comments