Am 30.03.2017 um 15:48 schrieb jsegitz@suse.de:
On Wed, Mar 29, 2017 at 09:19:42PM +0200, Malte Gell wrote:
And, do I understand correctly, MokManager.efi is signed with the Microsoft KEK and writes my user key into the UEFI db key store? Thus, MokManager.efi is a way to get user keys into UEFI db?
yes, with MokManager you can enroll your own keys
Oh, is MokManager able to enroll new PK and KEK keys? That would be awesome, some mainboards have no EFI GUI for doing that and my Asrock only has a broken test PK..... :-(
thanks Malte
On Fri, Mar 31, 2017 at 01:12:34AM +0200, Malte Gell wrote:
Oh, is MokManager able to enroll new PK and KEK keys?
AFAIK not. This is something that should only be able in the BIOS
That would be awesome, some mainboards have no EFI GUI for doing that and my Asrock only has a broken test PK..... :-(
Did you check if you can fix this by updating you BIOS?
Johannes
-
jsegitz@suse.de -
Malte Gell