mokutil
Configure Secure Boot Machine Owner Keys (MOK). Some operations, such as enabling and disabling Secure Boot or enrolling keys require a reboot. More information: https://github.com/lcp/mokutil.
- Show if Secure Boot is enabled:
mokutil --sb-state
- Enable Secure Boot:
mokutil --enable-validation
- Disable Secure Boot:
mokutil --disable-validation
- List enrolled keys:
mokutil --list-enrolled
- Enroll a new key:
mokutil --import {{path/to/key.der}}
- List the keys to be enrolled:
mokutil --list-new
- Set shim verbosity:
mokutil --set-verbosity true