2

I'm trying to understand How MoK shim64 works exactly.

What I understand it as is: Securenboot has a list with Whitelisted Kernerl-hashes belonging to Windows, Ubuntu, Fedora, OpenSuse and others. Which are signed and approved by Microsft Ubuntu checks a different Whitelist with(Machine owner Keys) managed by shim64

1 Ubuntu asks SB: am i alowed to run SB: yes

2 Drivers ask Ubuntu : am i alowed to run Ubuntu: yes

If No

3: Ubuntu asks user to enroll MoK whitelist and reboots

4 during reboot user is asked to approve the new MoK

if yes

5 repeat

Question

Does adding MoKs modify the oiginal MS whitelist in NVRAM or is it stored completely seperatly

Do MoKs have to be stored in NVRAM?

Improve this question

0

Reset to default

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.