Perform Mok Management: Difference between revisions
No edit summary |
mNo edit summary |
||
| (2 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
UEFI Secure Boot is a verification mechanism for ensuring that code launched by a computer's UEFI firmware is trusted. Although an additional security layer, many users will not benefit from this and find it an annoyance. | UEFI Secure Boot is a verification mechanism for ensuring that code launched by a computer's UEFI firmware is trusted. Although an additional security layer, many users will not benefit from this and find it an annoyance. | ||
For Ubuntu and Mint, DKMS modules will not work on systems with Secure Boot enabled unless correctly configured. In order to make DKMS work, Secure Boot signing keys for the system must be imported in the system firmware, otherwise '''Secure Boot needs to be disabled'''. | |||
== Disable Secure Boot from BIOS == | |||
#Enter BIOS setup | |||
#Disable secure boot | |||
#Save configuration | |||
#Reboot the system | |||
== Disable Secure Boot Using mokutil == | |||
1. run command | |||
sudo mokutil --disable-validation | |||
2. Enter a temporary password | |||
3. reboot | |||
4. at MOK management select to change the boot state | |||
5. enter password and select YES to disable secure boot in shim-signed. | |||
[[Category:Computer Technology]] | |||
Latest revision as of 12:30, 15 November 2024
This relates to "Secure Boot" in the computer BIOS. If you see "Perform Mok Management" on the first boot of a clean install of your operating system, such as Linux, this indicates you did not disable "Secure Boot" in BIOS prior to installation.
If for some reason you do wish to use Secure Boot then you have to enroll the bootloader in the UEFI NVRAM MOK database so that it is trusted.
UEFI Secure Boot is a verification mechanism for ensuring that code launched by a computer's UEFI firmware is trusted. Although an additional security layer, many users will not benefit from this and find it an annoyance.
For Ubuntu and Mint, DKMS modules will not work on systems with Secure Boot enabled unless correctly configured. In order to make DKMS work, Secure Boot signing keys for the system must be imported in the system firmware, otherwise Secure Boot needs to be disabled.
Disable Secure Boot from BIOS
- Enter BIOS setup
- Disable secure boot
- Save configuration
- Reboot the system
Disable Secure Boot Using mokutil
1. run command
sudo mokutil --disable-validation
2. Enter a temporary password
3. reboot
4. at MOK management select to change the boot state
5. enter password and select YES to disable secure boot in shim-signed.