Good evening, after searching on google I didn't find the answer to my question.
When installing a distribution such as Ubuntu with secure boot activated, the installer creates a MOK key in the NVRAM which can be seen with ‘mokutil -l ’.
Later, I decide to change distribution to Fedora, the installer will insert its own key in the NVRAM that I can see with ‘mokutil -l’ but the Ubuntu key is not visible from Fedora.
Does this mean that each distribution creates its own database in NVRAM? Is it possible to see the previously installed keys of other distributions? To clean NVRAM of these old MOKs from old distributions?
This is for security reasons, but also to save space. As the amount of NVRAM is very small, isn't there a risk that it will be full if you install frequently?
Restoring the Secure Boot factory settings in the UEFI resets the PEK, KEK, DB and DBX keys but does not seem to remove the MOK keys in my case.
Asked by user611925
May 29, 2024, 07:15 PM
Last activity: May 30, 2024, 04:18 PM
Last activity: May 30, 2024, 04:18 PM