Machine Owner Key (MOK) – Understanding the UEFI Secure Boot Chain

MOK Architecture. The keys added via mokutil via any Linux OS, will be stored in the MOK database. Since its a boot service variable, it will be stored in the BIOS NVRAM. On next boot the shim layer will prompt for enrolling the key. Once enrolled the key can be used to validate the respective async drivers (not part of OS distribution) by kernel to allow installing them during OS boot or run time.

Source: Machine Owner Key (MOK) – Understanding the UEFI Secure Boot Chain

About the Author

Yogi

21 years of experience in various layers of software. Primarily experienced in system side software design and development on server management software. Interested in linux development in x86 and arm architecture.

Leave a Reply