On 2023-09-26 13:08, cagsm wrote:
semi offtopic question here additionally about mokutil and its database and this password one sets when adding? enrolling? settingup? another key into its database.
what is this password exactly about? is this a kind of one time challenge/password just to be asked once during next reboot to insert the additional key into the mok database? why? (maybe it can?) can it not be inserted directly into the MOK-database directly? is this some security measure? how? did enterprise suse corporate key become inserted into the MOK database? what was the password for that situation? can i just have or re use that password to begin with? i kind of like to know what reasoning there is behind a password protection and what architecture. can or must i keep track of this password (my password) for the future? or is it only like used once only (as i have thought about it above)
i dont yet understand the password concept of this MOK database stuff. i found some whateverxxxxexchange discussion about some debian or ubuntu folks also trying to virtualbox installation their stuff and having huge loads of problems with the MOK password about early boot initial keyboard layout settings and what not and even such claims as MOK password were only to be allowed for five characters max or stuff. this kind of hints for me that its rather a one time only challenge or something.
When during boot you get asked for a password to enroll a key, that is root's password. But it is not clear, it could be the BIOS password. The wording in the piece of software asking for it is not clear. The software appears to come from the BIOS, because it comes in plain ugly text during the BIOS boot. But in fact comes from openSUSE. -- Cheers / Saludos, Carlos E. R. (from openSUSE 15.5 (Laicolasse))