search

lcp / mokutil

The utility to manipulate machine owner keys
GNU General Public License v3.0
67 stars 37 forks source link

Option to Show Current Validation State #9

Open wesinator opened 7 years ago

wesinator commented 7 years ago

Add a --validation-state | -v command line option to show the current shim validation process state (enabled or disabled).

If I understand correctly, the validation state is different than the sb-state; sb-state can be SecureBoot enabled even if the shim validation is disabled (https://askubuntu.com/questions/831574/re-enable-secure-boot-mok-secure-boot).

lcp commented 7 years ago

I'll take that into consideration. Thanks. Meanwhile, you can check /sys/firmware/efi/efivars/MokSBStateRT-* for the validation state.

wesinator commented 6 years ago

There is no MokSBState file (Ubuntu 16.04)

lcp commented 6 years ago

MokSBStateRT only exists if MoKSBState is set.