I installed the rEFInd boot manager with shim, and created my own this key:
Code:
openssl req -config ./mokconfig.cnf \
-new -x509 -newkey rsa:2048 \
-nodes -days 36500 -outform DER \
-keyout "MOK.priv" \
-out "MOK.der"
And converted the key also to PEM format:
Code:
openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pem
with the mokutil imported the MOK.der to the MOK database and after reboot selected Enroll MOK and the key was in the list of mokutil listing.
To Enroll the efi binaries in the mok manager window there are two options, the first option is:
Code:
Enroll with the key from the disk
And the second option is:
Code:
Enroll with hash from the disk
My questions is when i am using my above key witch option i should select, second what is deference between a hash and key in this case, Third can i create a hash for the MOK?