On Tue, Jun 13, 2023 at 02:23:34PM +0800, joeyli wrote:
On Mon, Jun 12, 2023 at 02:23:58PM +0300, Andrei Borzenkov wrote:
On 12.06.2023 11:48, Jiri Slaby wrote:
If so, @joey, can the mok question appear only when SB is actually enabled?
It will not help. Enrollment request is one-time only - shim will delete all pending requests whether they are acted upon or not.
Yes, current behavior of MokManager is that it shows up when it saw the EFI variable be generated by "mokutil --import" command, which means that the MokNew and MokAuth EFI variable bes generated. MokNew is the new mok and MokAuth is the sha256 hash of one time password for enrolling.
The MokAuth will be removed if user didn't enroll it in next booting. I prefer ^^^^^^^ MokNew and MokAuth will be removed
Sorry for my typo. Joey Lee