SYNOPSIS
mokutil [--list-enrolled]mokutil [--list-new]
mokutil [--list-delete]
mokutil [--import keylist| -i keylist]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--delete keylist | -d keylist]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--revoke-import]
mokutil [--revoke-delete]
mokutil [--export | -x]
mokutil [--password | -p]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--clear-password | -c]
([--simple-hash | -s])
mokutil [--disable-validation]
mokutil [--enable-validation]
mokutil [--sb-state]
mokutil [--test-key | -t] ...
mokutil [--reset]
([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
[--simple-hash | -s])
mokutil [--generate-hash=password | -gpassword]
DESCRIPTION
mokutil is a tool to import or delete the machines owner keys (MOK) stored in the database of shim.
OPTIONS
- --list-enrolled
- List the keys the already stored in the database
- --list-new
- List the keys to be enrolled
- --list-delete
- List the keys to be deleted
- --import
- Collect the followed files and form a request to shim. The files must be in DER format.
- --revoke-import
- Revoke the current import request (MokNew)
- --revoke-delete
- Revoke the current delete request (MokDel)
- --export
- Export the keys stored in MokListRT
- --password
- Setup the password for MokManager (MokPW)
- --clear-password
- Clear the password for MokManager (MokPW)
- --disable-validation
- Disable the validation process in shim
- --enrolled-validation
- Enable the validation process in shim
- --sb-state
- Show SecureBoot State
- --test-key
- Test if the key is enrolled or not
- --reset
- Reset MOK list
- --generate-hash
- Generate the password hash
- --hash-file
- Use the password hash from a specific file
- --root-pw
- Use the root password hash from /etc/shadow
- --simple-hash
-
Use the old SHA256 password hash method to hash the password
Note: --root-pw invalidates --simple-hash