How To Install Mokutil In Linux

Please Read This 👇🏾


Mokutil stands for Machine Owner Keys utility.It is used to manage keys which is used by shim to validate boot images.It is open source utility that your can install and manage keys.

If you want to install the mokutil tool then follow the below steps:

1) Download the mokutil from the official git repository

2) Extract the zip file

3) Go inside the extract folder & Open terminal and run below commands.

./configure && make && make install

4) To check mokutil run the below command

mokutil --list-enrolled

It will show the current enrolled keys with mokutil.

Another option that you can use with Mokutil is below.

  --help                                Show help
  --list-enrolled                    List the enrolled keys
  --list-new                           List the keys to be enrolled
  --list-delete                        List the keys to be deleted
  --import <der file...>         Import keys
  --delete <der file...>           Delete specific keys
  --revoke-import                  Revoke the import request
  --revoke-delete                   Revoke the delete request
  --export                              Export keys to files
  --password                          Set MOK password
  --clear-password                 Clear MOK password
  --disable-validation             Disable signature validation
  --enable-validation              Enable signature validation
  --sb-state                              Show SecureBoot State
  --test-key <der file>             Test if the key is enrolled or not
  --reset                                   Reset MOK list
  --generate-hash[=password]            Generate the password hash
  --ignore-db                           Ignore DB for validation
  --use-db                                Use DB for validation
  --import-hash <hash>           Import a hash into MOK or MOKX
  --delete-hash <hash>             Delete a hash in MOK or MOKX
  --set-verbosity <true/false>          Set the verbosity bit for shim
  --pk                                  List the keys in PK
  --kek                                List the keys in KEK
  --db                                  List the keys in db
  --dbx                                List the keys in dbx
  --timeout <-1,0..0x7fff>              Set the timeout for MOK prompt

Supplimentary Options:

  --hash-file <hash file>               Use the specific password hash
  --root-pw                          Use the root password
  --simple-hash                      Use the old password hash method
  --mokx                           Manipulate the MOK blacklist

Sharing is Caring 😀

Post a Comment