lcp
commented
3 years ago Did "mokutil -l" list only one key? If so, it's the key embedded in shim binary and mirrored to MokListRT, so it cannot be removed.
Closed johnnyjacq16 closed 3 years ago
lcp
commented
3 years ago Did "mokutil -l" list only one key? If so, it's the key embedded in shim binary and mirrored to MokListRT, so it cannot be removed.
smudgered
commented
3 years ago variation of the problem. I don't want to reset and lose all my keys, mostly generated by openSUSE. But I've noticed that I have a stuck key that mokutil is unable to delete generating message Failed to get file status
sudo mokutil --delete MOK-0006.der Failed to get file status, MOK-0006.der
sudo mokutil --list-delete MokDel is empty
Its not a big deal at the moment.But if I have to reinstall, it could become a nuisance. That particular key didn't work due to lack of extended signing,which is now required by suse. But i don't think that is the reason as when I forgot before it was no problem to delete the obsolete key.
lcp
commented
3 years ago variation of the problem. I don't want to reset and lose all my keys, mostly generated by openSUSE. But I've noticed that I have a stuck key that mokutil is unable to delete generating message Failed to get file status
sudo mokutil --delete MOK-0006.der Failed to get file status, MOK-0006.dersudo mokutil --list-delete MokDel is empty
It seems mokutil failed to read the file. Could you post the output of "ls -l MOK-0006.der"?
Its not a big deal at the moment.But if I have to reinstall, it could become a nuisance. That particular key didn't work due to lack of extended signing,which is now required by suse. But i don't think that is the reason as when I forgot before it was no problem to delete the obsolete key.
smudgered
commented
3 years ago It worked this time. I didn't expect that. Once more, having deleted the old ones, I exported the der files (which I assumed, I think now erroneously, was like exporting a log or txt file). And ran the ls -l command. Then just to triple check I ran the --delete command and it worked suddenly.
xxx@localhost:~> sudo mokutil --export
[sudo] password for root:
xxx@localhost:~> ls -l MOK*
-rw-r--r-- 1 root root 1177 Feb 26 11:52 MOK-0004.der
-rw-r--r-- 1 root root 890 Feb 26 11:52 MOK-0005.der
-rw-r--r-- 1 root root 777 Feb 26 11:52 MOK-0006.der
-rw-r--r-- 1 root root 798 Feb 26 11:52 MOK-0007.der
-rw-r--r-- 1 root root 1144 Feb 26 11:52 MOK-0008.der
xxx@localhost:~> sudo mokutil --delete MOK-0006.der
input password:
input password again:
xxx@localhost:~> Here is what I think. It may not be well advertised/documented, or else I just missed it, but maybe you need to export the der files and run the command from within the directory in which the der files have been exported to (almost certainly user's home dir).
The der file(s) that is exported seems to provide a necessary reference for mokutil to delete what it needs to delete elsewhere. Exporting is not just for checking/confirming as one might intuitively suppose unless informed otherwise.
Another process is running so I haven't rebooted yet, but I imagine I will get the MOK blue screen options ok when I do.
Thanks for getting back so quickly. I hope this helps.
lcp
commented
3 years ago Good to know that mokutil works for you now :)
I should find some time to overhaul the document...
When I run the command
mokutil --list-enroll, thenmokutil --resetand reboot to remove the key from MokManager upon boot I get the error shown below: ERROR "Failed to set variable: (0xE) Not Found"After fully booting up the keys have not been removed.