How To Consolidate Multiple MOK Keys Or Delete Unnecessary Ones?How to list drivers/kernel modules affected...

Accidentally leaked the solution to an assignment, what to do now? (I'm the prof)

Why doesn't Newton's third law mean a person bounces back to where they started when they hit the ground?

How is this relation reflexive?

Shell script can be run only with sh command

Email Account under attack (really) - anything I can do?

A Journey Through Space and Time

How to add power-LED to my small amplifier?

Infinite past with a beginning?

Why is this code 6.5x slower with optimizations enabled?

What typically incentivizes a professor to change jobs to a lower ranking university?

How do you conduct xenoanthropology after first contact?

Why are 150k or 200k jobs considered good when there are 300k+ births a month?

whey we use polarized capacitor?

What would the Romans have called "sorcery"?

Why was the small council so happy for Tyrion to become the Master of Coin?

What are these boxed doors outside store fronts in New York?

Schwarzchild Radius of the Universe

Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)

Japan - Plan around max visa duration

Example of a relative pronoun

Can an x86 CPU running in real mode be considered to be basically an 8086 CPU?

I probably found a bug with the sudo apt install function

A newer friend of my brother's gave him a load of baseball cards that are supposedly extremely valuable. Is this a scam?

The use of multiple foreign keys on same column in SQL Server



How To Consolidate Multiple MOK Keys Or Delete Unnecessary Ones?


How to list drivers/kernel modules affected by SecureBoot?Mok Management Will Not Load on BootHow Shim verifies binaries in secure boot?Re-signing kernel modules after update - VMMONUEFI Secure Boot - unable to sign VirtualBox kernel modules - sign-key does nothingTrying to Set up VirtualBox with Live Persistent USB made using Mkusb18.04 LTS unstable performance [very slow startup + sudden desktop freezing]services failing to start - control process exited with error codeDoes Ubuntu Secure Boot make Intel TXT unnecessary?Trying to repair bootup






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ margin-bottom:0;
}







1















AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year. 



-rw------- 1 root root 1.1K Jun 13  2018 /root/keyfiles/MOK.der

-rw------- 1 root root 1.4K Jun 13  2018 /root/keyfiles/MOK.priv.gpg

-rw-r--r-- 1 root root  910 Aug 13  2018 /var/lib/shim-signed/mok/MOK.der

-rw------- 1 root root 1.7K Aug 13  2018 /var/lib/shim-signed/mok/MOK.priv


The MOK files I know I have are the first pair. The 2nd pair was news to me.



MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



a) I am not comfortable touching a file in /var/lib/shim-signed/ and



b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



-rw-r--r-- 1 root root  854 Apr  7 18:34 /var/lib/sb/MOK.2

-rw-r--r-- 1 root root 1.8K Apr  7 18:49 /var/lib/sb/MOK.secdata

-rw-r--r-- 1 root root    0 Apr  7 18:34 /var/lib/sb/MOK.seclock

-rw-r--r-- 1 root root  228 Apr  7 18:34 /var/lib/sb/MOK.secmeta


I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.






18.04 kernel secure-boot dkms







share|improve this question





























    1















    AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



    A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



    I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year. 



    -rw------- 1 root root 1.1K Jun 13  2018 /root/keyfiles/MOK.der
    
-rw------- 1 root root 1.4K Jun 13  2018 /root/keyfiles/MOK.priv.gpg
    
-rw-r--r-- 1 root root  910 Aug 13  2018 /var/lib/shim-signed/mok/MOK.der
    
-rw------- 1 root root 1.7K Aug 13  2018 /var/lib/shim-signed/mok/MOK.priv


    The MOK files I know I have are the first pair. The 2nd pair was news to me.



    MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



    a) I am not comfortable touching a file in /var/lib/shim-signed/ and



    b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



    To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



    -rw-r--r-- 1 root root  854 Apr  7 18:34 /var/lib/sb/MOK.2
    
-rw-r--r-- 1 root root 1.8K Apr  7 18:49 /var/lib/sb/MOK.secdata
    
-rw-r--r-- 1 root root    0 Apr  7 18:34 /var/lib/sb/MOK.seclock
    
-rw-r--r-- 1 root root  228 Apr  7 18:34 /var/lib/sb/MOK.secmeta


    I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



    Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.






    18.04 kernel secure-boot dkms







    share|improve this question

























      1












      1








      1








      AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



      A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



      I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year. 



      -rw------- 1 root root 1.1K Jun 13  2018 /root/keyfiles/MOK.der
      
-rw------- 1 root root 1.4K Jun 13  2018 /root/keyfiles/MOK.priv.gpg
      
-rw-r--r-- 1 root root  910 Aug 13  2018 /var/lib/shim-signed/mok/MOK.der
      
-rw------- 1 root root 1.7K Aug 13  2018 /var/lib/shim-signed/mok/MOK.priv


      The MOK files I know I have are the first pair. The 2nd pair was news to me.



      MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



      a) I am not comfortable touching a file in /var/lib/shim-signed/ and



      b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



      To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



      -rw-r--r-- 1 root root  854 Apr  7 18:34 /var/lib/sb/MOK.2
      
-rw-r--r-- 1 root root 1.8K Apr  7 18:49 /var/lib/sb/MOK.secdata
      
-rw-r--r-- 1 root root    0 Apr  7 18:34 /var/lib/sb/MOK.seclock
      
-rw-r--r-- 1 root root  228 Apr  7 18:34 /var/lib/sb/MOK.secmeta


      I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



      Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.






      18.04 kernel secure-boot dkms







      share|improve this question














      AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



      A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



      I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year. 



      -rw------- 1 root root 1.1K Jun 13  2018 /root/keyfiles/MOK.der
      
-rw------- 1 root root 1.4K Jun 13  2018 /root/keyfiles/MOK.priv.gpg
      
-rw-r--r-- 1 root root  910 Aug 13  2018 /var/lib/shim-signed/mok/MOK.der
      
-rw------- 1 root root 1.7K Aug 13  2018 /var/lib/shim-signed/mok/MOK.priv


      The MOK files I know I have are the first pair. The 2nd pair was news to me.



      MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



      a) I am not comfortable touching a file in /var/lib/shim-signed/ and



      b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



      To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



      -rw-r--r-- 1 root root  854 Apr  7 18:34 /var/lib/sb/MOK.2
      
-rw-r--r-- 1 root root 1.8K Apr  7 18:49 /var/lib/sb/MOK.secdata
      
-rw-r--r-- 1 root root    0 Apr  7 18:34 /var/lib/sb/MOK.seclock
      
-rw-r--r-- 1 root root  228 Apr  7 18:34 /var/lib/sb/MOK.secmeta


      I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



      Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.






      18.04 kernel secure-boot dkms




      18.04 kernel secure-boot dkms






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 25 mins ago









      GaiaGaia

      1401113




      1401113






















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function() {
          var channelOptions = {
          tags: "".split(" "),
          id: "89"
          };
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function() {
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled) {
          StackExchange.using("snippets", function() {
          createEditor();
          });
          }
          else {
          createEditor();
          }
          });

          function createEditor() {
          StackExchange.prepareEditor({
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader: {
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          },
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          });


          }
          });














          draft saved

          draft discarded


















          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1132010%2fhow-to-consolidate-multiple-mok-keys-or-delete-unnecessary-ones%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes
















          draft saved

          draft discarded




















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid



          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.


          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function () {
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1132010%2fhow-to-consolidate-multiple-mok-keys-or-delete-unnecessary-ones%23new-answer', 'question_page');
          }
          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          -

          Popular posts from this blog

          Why do type traits not work with types in namespace scope?What are POD types in C++?Why can templates only be...

          Image
          What does it mean to express a gate in Dirac notation? A Strange Latex Symbol How can Republicans who favour free markets, consistently express anger when they don't like the outcome of that choice? What happened to Captain America in Endgame? How to solve constants out of the internal energy equation? How can I place the product on a social media post better? Will tsunami waves travel forever if there was no land? Unexpected email from Yorkshire Bank What is the relationship between spectral sequences and obstruction theory? How can I practically buy stocks? Will a top journal at least re
          Read more

          Will tsunami waves travel forever if there was no land?Why do tsunami waves begin with the water flowing away...

          Image
          How much cash can I safely carry into the USA and avoid civil forfeiture? Is there really no use for MD5 anymore? Is contacting this expert in the field something acceptable or would it be discourteous? How to pronounce 'C++' in Spanish How to creep the reader out with what seems like a normal person? Critique of timeline aesthetic Sci fi novel series with instant travel between planets through gates. A river runs through the gates How did Captain America manage to do this? Are Boeing 737-800’s grounded? Error message with tabularx How to make a pipeline wait for end-of-file or stop af
          Read more

          Should I use Docker or LXD?How to cache (more) data on SSD/RAM to avoid spin up?Unable to get Windows File...

          Image
          kill -0 <PID> は何をするのでしょうか? Why avoid shared user accounts? Using only 1s, make 29 with the minimum number of digits Cookies - Should the toggles be on? Can I string the DnD Starter Set campaign into another modules, keeping the same characters? Why do neural networks need so many training examples to perform? Intern applicant asking for compensation equivalent to that of permanent employee Why would space fleets be aligned? It took me a lot of time to make this, pls like. (YouTube Comments #1) Can a long polymer chain interact with itself via van der Waals forces? What is the purpose of
          Read more