Link Search Menu Expand Document

mokutil

Configure Secure Boot Machine Owner Keys (MOK). Some operations, such as enabling and disabling Secure Boot or enrolling keys require a reboot. More information: https://github.com/lcp/mokutil.

  • Show if Secure Boot is enabled:

mokutil --sb-state

  • Enable Secure Boot:

mokutil --enable-validation

  • Disable Secure Boot:

mokutil --disable-validation

  • List enrolled keys:

mokutil --list-enrolled

  • Enroll a new key:

mokutil --import {{path/to/key.der}}

  • List the keys to be enrolled:

mokutil --list-new

  • Set shim verbosity:

mokutil --set-verbosity true