(In reply to Tripple Moon from comment #113) > (In reply to Martin Wilck from comment #111) > > (In reply to Tripple Moon from comment #108) > > > Is there any way to revoke this choice, or is it only used by the current > > > opensuse-shim? > > > > Yes. "mokutil --list-enrolled" shows currently enrolled certificates in the > > MoK. "mokutil --delete" will create a MoK request to delete this key. You > > have to reboot and enter mokmanager to confirm. > > If it is only enrolled in the MokList of the current boot then there is no > problem at all. > But when i boot into KeyTool from my own boot menu i don't see any key from > openSUSE in the MokList, so where is this choice stored? > > How does one enter the MokManager at boot time using the openSUSE shim? "mokutil --import" will create an EFI variable called MokNew. When shim detects the existence of MokNew, it loads MokManager for the further process.