Provided by: mokutil_0.3.0+1538710437.fb6250f-0ubuntu2~16.04.1_amd64
NAME
mokutil - utility to manipulate machine owner keys
SYNOPSIS
mokutil [--list-enrolled | -l] ([--mokx | -X]) mokutil [--list-new | -N] ([--mokx | -X]) mokutil [--list-delete | -D] ([--mokx | -X]) mokutil [--import keylist| -i keylist] ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] | [--simple-hash | -s] | [--mokx | -X]) mokutil [--delete keylist | -d keylist] ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] | [--simple-hash | -s] | [--mokx |- X]) mokutil [--revoke-import] ([--mokx | -X]) mokutil [--revoke-delete] ([--mokx | -X]) mokutil [--export | -x] mokutil [--password | -p] ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] | [--simple-hash | -s]) mokutil [--clear-password | -c] ([--simple-hash | -s]) mokutil [--disable-validation] mokutil [--enable-validation] mokutil [--sb-state] mokutil [--test-key keyfile | -t keyfile] ([--mokx | -X]) mokutil [--reset] ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] | [--simple-hash | -s] | [--mok | -X]) mokutil [--generate-hash=password | -gpassword] mokutil [--ignore-db] mokutil [--use-db] mokutil [--import-hash hash] ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] | [--simple-hash | -s] | [--mokx | -X]) mokutil [--delete-hash hash] ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] | [--simple-hash | -s] | [--mokx | -X]) mokutil [--set-verbosity (true | false)] mokutil [--pk] mokutil [--kek] mokutil [--db] mokutil [--dbx]
DESCRIPTION
mokutil is a tool to import or delete the machines owner keys (MOK) stored in the database of shim.
OPTIONS
-l, --list-enrolled List the keys the already stored in the database -N, --list-new List the keys to be enrolled -D, --list-delete List the keys to be deleted -i, --import Collect the followed files and form a enrolling request to shim. The files must be in DER format. -d, --delete Collect the followed files and form a deleting request to shim. The files must be in DER format. --revoke-import Revoke the current import request (MokNew) --revoke-delete Revoke the current delete request (MokDel) -x, --export Export the keys stored in MokListRT -p, --password Setup the password for MokManager (MokPW) -c, --clear-password Clear the password for MokManager (MokPW) --disable-validation Disable the validation process in shim --enrolled-validation Enable the validation process in shim --sb-state Show SecureBoot State -t, --test-key Test if the key is enrolled or not --reset Reset MOK list --generate-hash Generate the password hash --hash-file Use the password hash from a specific file -P, --root-pw Use the root password hash from /etc/shadow -s, --simple-hash Use the old SHA256 password hash method to hash the password Note: --root-pw invalidates --simple-hash --ignore-db Tell shim to not use the keys in db to verify EFI images --use-db Tell shim to use the keys in db to verify EFI images (default) -X, --mokx Manipulate the MOK blacklist (MOKX) instead of the MOK list -i, --import-hash Create an enrolling request for the hash of a key in DER format. Note that this is not the password hash. -d, --delete-hash Create an deleting request for the hash of a key in DER format. Note that this is not the password hash. --set-verbosity Set the SHIM_VERBOSE to make shim more or less verbose --pk List the keys in the public Platform Key (PK) --kek List the keys in the Key Exchange Key Signature database (KEK) --db List the keys in the secure boot signature store (db) --dbx List the keys in the secure boot blacklist signature store (dbx)