How To Consolidate Multiple MOK Keys Or Delete Unnecessary Ones?How to list drivers/kernel modules affected by SecureBoot?Mok Management Will Not Load on BootHow Shim verifies binaries in secure boot?Re-signing kernel modules after update - VMMONUEFI Secure Boot - unable to sign VirtualBox kernel modules - sign-key does nothingTrying to Set up VirtualBox with Live Persistent USB made using Mkusb18.04 LTS unstable performance [very slow startup + sudden desktop freezing]services failing to start - control process exited with error codeDoes Ubuntu Secure Boot make Intel TXT unnecessary?Trying to repair bootup

Are tax years 2016 & 2017 back taxes deductible for tax year 2018?

Why is an old chain unsafe?

If Manufacturer spice model and Datasheet give different values which should I use?

What are these boxed doors outside store fronts in New York?

What would the Romans have called "sorcery"?

Motorized valve interfering with button?

How to type dʒ symbol (IPA) on Mac?

Circuitry of TV splitters

Email Account under attack (really) - anything I can do?

Is it tax fraud for an individual to declare non-taxable revenue as taxable income? (US tax laws)

Why did the Germans forbid the possession of pet pigeons in Rostov-on-Don in 1941?

Why is "Reports" in sentence down without "The"

Chess with symmetric move-square

What defenses are there against being summoned by the Gate spell?

I see my dog run

Pronouncing Dictionary.com's W.O.D "vade mecum" in English

How to make payment on the internet without leaving a money trail?

Download, install and reboot computer at night if needed

What would happen to a modern skyscraper if it rains micro blackholes?

How old can references or sources in a thesis be?

Is there really no realistic way for a skeleton monster to move around without magic?

Japan - Plan around max visa duration

Possibly bubble sort algorithm

Why are 150k or 200k jobs considered good when there are 300k+ births a month?



How To Consolidate Multiple MOK Keys Or Delete Unnecessary Ones?


How to list drivers/kernel modules affected by SecureBoot?Mok Management Will Not Load on BootHow Shim verifies binaries in secure boot?Re-signing kernel modules after update - VMMONUEFI Secure Boot - unable to sign VirtualBox kernel modules - sign-key does nothingTrying to Set up VirtualBox with Live Persistent USB made using Mkusb18.04 LTS unstable performance [very slow startup + sudden desktop freezing]services failing to start - control process exited with error codeDoes Ubuntu Secure Boot make Intel TXT unnecessary?Trying to repair bootup






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;








1















AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year.



-rw------- 1 root root 1.1K Jun 13 2018 /root/keyfiles/MOK.der
-rw------- 1 root root 1.4K Jun 13 2018 /root/keyfiles/MOK.priv.gpg
-rw-r--r-- 1 root root 910 Aug 13 2018 /var/lib/shim-signed/mok/MOK.der
-rw------- 1 root root 1.7K Aug 13 2018 /var/lib/shim-signed/mok/MOK.priv


The MOK files I know I have are the first pair. The 2nd pair was news to me.



MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



a) I am not comfortable touching a file in /var/lib/shim-signed/ and



b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



-rw-r--r-- 1 root root 854 Apr 7 18:34 /var/lib/sb/MOK.2
-rw-r--r-- 1 root root 1.8K Apr 7 18:49 /var/lib/sb/MOK.secdata
-rw-r--r-- 1 root root 0 Apr 7 18:34 /var/lib/sb/MOK.seclock
-rw-r--r-- 1 root root 228 Apr 7 18:34 /var/lib/sb/MOK.secmeta


I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.










share|improve this question




























    1















    AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



    A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



    I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year.



    -rw------- 1 root root 1.1K Jun 13 2018 /root/keyfiles/MOK.der
    -rw------- 1 root root 1.4K Jun 13 2018 /root/keyfiles/MOK.priv.gpg
    -rw-r--r-- 1 root root 910 Aug 13 2018 /var/lib/shim-signed/mok/MOK.der
    -rw------- 1 root root 1.7K Aug 13 2018 /var/lib/shim-signed/mok/MOK.priv


    The MOK files I know I have are the first pair. The 2nd pair was news to me.



    MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



    a) I am not comfortable touching a file in /var/lib/shim-signed/ and



    b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



    To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



    -rw-r--r-- 1 root root 854 Apr 7 18:34 /var/lib/sb/MOK.2
    -rw-r--r-- 1 root root 1.8K Apr 7 18:49 /var/lib/sb/MOK.secdata
    -rw-r--r-- 1 root root 0 Apr 7 18:34 /var/lib/sb/MOK.seclock
    -rw-r--r-- 1 root root 228 Apr 7 18:34 /var/lib/sb/MOK.secmeta


    I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



    Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.










    share|improve this question
























      1












      1








      1








      AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



      A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



      I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year.



      -rw------- 1 root root 1.1K Jun 13 2018 /root/keyfiles/MOK.der
      -rw------- 1 root root 1.4K Jun 13 2018 /root/keyfiles/MOK.priv.gpg
      -rw-r--r-- 1 root root 910 Aug 13 2018 /var/lib/shim-signed/mok/MOK.der
      -rw------- 1 root root 1.7K Aug 13 2018 /var/lib/shim-signed/mok/MOK.priv


      The MOK files I know I have are the first pair. The 2nd pair was news to me.



      MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



      a) I am not comfortable touching a file in /var/lib/shim-signed/ and



      b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



      To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



      -rw-r--r-- 1 root root 854 Apr 7 18:34 /var/lib/sb/MOK.2
      -rw-r--r-- 1 root root 1.8K Apr 7 18:49 /var/lib/sb/MOK.secdata
      -rw-r--r-- 1 root root 0 Apr 7 18:34 /var/lib/sb/MOK.seclock
      -rw-r--r-- 1 root root 228 Apr 7 18:34 /var/lib/sb/MOK.secmeta


      I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



      Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.










      share|improve this question














      AFAIK I've only had one MOK.priv file since I started using secureboot on Bionic.



      A kernel update last week (as usual) asked me to create a MOK password and to re-enter this password in the MOK enrollment screen at boot up. But I missed the enrollment screen (for the 1st time).



      I've since been able to enroll the MOK key and sign the needed kernel modules, re-enabling secure boot. I then found an "orphan" MOK key on my machine. Maybe missing the enrollment caused me to end up with one more MOK key? Or maybe not, since it is dated Aug last year.



      -rw------- 1 root root 1.1K Jun 13 2018 /root/keyfiles/MOK.der
      -rw------- 1 root root 1.4K Jun 13 2018 /root/keyfiles/MOK.priv.gpg
      -rw-r--r-- 1 root root 910 Aug 13 2018 /var/lib/shim-signed/mok/MOK.der
      -rw------- 1 root root 1.7K Aug 13 2018 /var/lib/shim-signed/mok/MOK.priv


      The MOK files I know I have are the first pair. The 2nd pair was news to me.



      MOK files should not be left available on the machine. I could possibly just encrypt the 2nd key, but



      a) I am not comfortable touching a file in /var/lib/shim-signed/ and



      b) I'd like to keep a single MOK file on the machine (and enrolled in the BIOS)



      To make matters worse, today I had to install an upgrade to the Acronis backup agent (which depends on snapapi26, a kernel module) and now have more MOK files (though the extension is different, it looks to me that MOK.secdata is a key)



      -rw-r--r-- 1 root root 854 Apr 7 18:34 /var/lib/sb/MOK.2
      -rw-r--r-- 1 root root 1.8K Apr 7 18:49 /var/lib/sb/MOK.secdata
      -rw-r--r-- 1 root root 0 Apr 7 18:34 /var/lib/sb/MOK.seclock
      -rw-r--r-- 1 root root 228 Apr 7 18:34 /var/lib/sb/MOK.secmeta


      I'd like to have a single (encrypted) MOK.priv and MOK.der on my machine. How do I "consolidate" these MOK keys into a single one (by size alone you can see that they are not identical)? If this is not possible, do I need more than one MOK key? If not, which one should I keep?



      Side note, and not required to answer my main question: I'd appreciate an explanation (or link to one) on whether the BIOS stores multiple MOK keys or just one and what causes a new MOK key to be created when you already have a working one.







      18.04 kernel secure-boot dkms






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked 13 mins ago









      GaiaGaia

      1401113




      1401113




















          0






          active

          oldest

          votes












          Your Answer








          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "89"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          autoActivateHeartbeat: false,
          convertImagesToLinks: true,
          noModals: true,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: 10,
          bindNavPrevention: true,
          postfix: "",
          imageUploader:
          brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
          contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
          allowUrls: true
          ,
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













          draft saved

          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1132010%2fhow-to-consolidate-multiple-mok-keys-or-delete-unnecessary-ones%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown

























          0






          active

          oldest

          votes








          0






          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















          draft saved

          draft discarded
















































          Thanks for contributing an answer to Ask Ubuntu!


          • Please be sure to answer the question. Provide details and share your research!

          But avoid


          • Asking for help, clarification, or responding to other answers.

          • Making statements based on opinion; back them up with references or personal experience.

          To learn more, see our tips on writing great answers.




          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f1132010%2fhow-to-consolidate-multiple-mok-keys-or-delete-unnecessary-ones%23new-answer', 'question_page');

          );

          Post as a guest















          Required, but never shown





















































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown

































          Required, but never shown














          Required, but never shown












          Required, but never shown







          Required, but never shown







          Popular posts from this blog

          Möglingen Índice Localización Historia Demografía Referencias Enlaces externos Menú de navegación48°53′18″N 9°07′45″E / 48.888333333333, 9.129166666666748°53′18″N 9°07′45″E / 48.888333333333, 9.1291666666667Sitio web oficial Mapa de Möglingen«Gemeinden in Deutschland nach Fläche, Bevölkerung und Postleitzahl am 30.09.2016»Möglingen

          Virtualbox - Configuration error: Querying “UUID” failed (VERR_CFGM_VALUE_NOT_FOUND)“VERR_SUPLIB_WORLD_WRITABLE” error when trying to installing OS in virtualboxVirtual Box Kernel errorFailed to open a seesion for the virtual machineFailed to open a session for the virtual machineUbuntu 14.04 LTS Virtualbox errorcan't use VM VirtualBoxusing virtualboxI can't run Linux-64 Bit on VirtualBoxUnable to insert the virtual optical disk (VBoxguestaddition) in virtual machine for ubuntu server in win 10VirtuaBox in Ubuntu 18.04 Issues with Win10.ISO Installation

          Torre de la Isleta Índice Véase también Referencias Bibliografía Enlaces externos Menú de navegación38°25′58″N 0°23′02″O / 38.43277778, -0.3838888938°25′58″N 0°23′02″O / 38.43277778, -0.38388889Torre de la Illeta de l’Horta o Torre Saleta. Base de datos de bienes inmuebles. Patrimonio Cultural. Secretaría de Estado de CulturaFicha BIC Torre de la Illeta de l’Horta. Dirección General de Patrimonio Cultural. Generalitat ValencianaLugares de interés. Ayuntamiento del CampelloTorre de la Isleta en CastillosNet.org