Difference between revisions of "Perform Mok Management"

Latest revision as of 13:30, 15 November 2024

This relates to "Secure Boot" in the computer BIOS. If you see "Perform Mok Management" on the first boot of a clean install of your operating system, such as Linux, this indicates you did not disable "Secure Boot" in BIOS prior to installation.

If for some reason you do wish to use Secure Boot then you have to enroll the bootloader in the UEFI NVRAM MOK database so that it is trusted.

UEFI Secure Boot is a verification mechanism for ensuring that code launched by a computer's UEFI firmware is trusted. Although an additional security layer, many users will not benefit from this and find it an annoyance.

For Ubuntu and Mint, DKMS modules will not work on systems with Secure Boot enabled unless correctly configured. In order to make DKMS work, Secure Boot signing keys for the system must be imported in the system firmware, otherwise Secure Boot needs to be disabled.

Disable Secure Boot from BIOS

1. Enter BIOS setup
2. Disable secure boot
3. Save configuration
4. Reboot the system

Disable Secure Boot Using mokutil

1. run command

sudo mokutil --disable-validation

2. Enter a temporary password

3. reboot

4. at MOK management select to change the boot state

5. enter password and select YES to disable secure boot in shim-signed.