LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page The key or hash, for the Enrolling of efi binaries in the MOK manager window?
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 12-27-2020, 07:45 AM   #1
shams
Member
 
Registered: Jan 2004
Posts: 535

Rep: Reputation: 30
The key or hash, for the Enrolling of efi binaries in the MOK manager window?

I installed the rEFInd boot manager with shim, and created my own this key:
Code:
openssl req -config ./mokconfig.cnf \
         -new -x509 -newkey rsa:2048 \
         -nodes -days 36500 -outform DER \
         -keyout "MOK.priv" \
         -out "MOK.der"
And converted the key also to PEM format:
Code:
openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pem
with the mokutil imported the MOK.der to the MOK database and after reboot selected Enroll MOK and the key was in the list of mokutil listing.
To Enroll the efi binaries in the mok manager window there are two options, the first option is:
Code:
Enroll with the key from the disk
And the second option is:
Code:
Enroll with hash from the disk
My questions is when i am using my above key witch option i should select, second what is deference between a hash and key in this case, Third can i create a hash for the MOK?
 
Old 12-27-2020, 08:19 AM   #2
teckk
LQ Guru
 
Registered: Oct 2004
Distribution: Arch
Posts: 5,137
Blog Entries: 6

Rep: Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826Reputation: 1826
I've never used this. Here is some info, if you haven't already looked at it.
Code:
pacman -Si shim
...
Name            : shim
Version         : 15-5
Description     : EFI preloader (unsigned EFI binaries)
...
URL             : https://github.com/rhboot/shim
Licenses        : BSD
...
Download Size   : 513.97 KiB
Installed Size  : 2653.30 KiB
...
https://github.com/rhboot/shim/blob/main/MokVars.txt
https://github.com/rhboot/shim/blob/main/README.tpm
https://github.com/rhboot/shim/blob/main/README
https://github.com/rhboot/shim/blob/...EADME.fallback
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Ooooy. EFI boot mmx64.efi.efi not found bulgin Linux - Newbie 12 12-20-2018 11:03 AM
LXer: How To Do Mass Enrolling Of Yubikey With LinOTP LXer Syndicated Linux News 0 03-06-2013 10:01 PM
Perl Hash of Hash reference query kdelover Programming 1 02-19-2011 04:47 AM
need help unpacking hmac-md5 hash into md5 hash lynx5 Programming 3 02-02-2008 04:06 PM
Using hash value as key for other hash in Perl scuzzman Programming 6 02-14-2006 05:08 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:47 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration