@wesinator
> but when I am in OS and i check for shim secure boot state i got this
>
> $ mokutil --sb-state
> SecureBoot disabled
This queries the SecureBoot state of the _mainboard firmware_, not the
state of the key validation functionality in the shim bootloader.
> i want to delete it in MokManager I got again error 0xEd or something
similar
The proper way to delete an enrolled machine owner key is to:
1. Export all the enrolled machine owner keys to the working directory
by running the following command:
```
mokutil --export
```
2. Verify the machine owner key to be removed by using the following
command:
```
openssl x509 -in _certificate_file_ -noout -text
```
3. Revoke the machine owner key by running the following command:
```
sudo mokutil --delete _certificate_file_
```
then complete the single-time machine owner presence validation by:
1. Reboot the system.
2. When the blue background countdown prompt appears, press any key to
enter the Perform MOK management menu.
3. Select the Delete MOK option in the Perform MOK management menu.
4. View details of all machine owner keys to be deleted to avoid
misoperation, then select the Continue option to continue.
5. Select the Yes option in the Delete the key(s)? prompt.
6. Enter the password specified in the `mokutil --delete` command.
7. Select the Reboot option in the Perform MOK management menu.
Refer to the following webpage for more information:
https://gitlab.com/brlin/mokutil-workspace
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1776068
Title:
Can't remove enrolled keys and change SecureBoot state
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mokutil/+bug/1776068/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
