0

Some time ago I have installed Ubuntu 22.04 and installed proprietary nvidia drivers on it. That triggered creation of the new MOK (Machine Owner Key). In a meantime I have decided to reinstall the whole system as I wanted to do dual-boot.

So I did the following:

  1. Secure Erase (Data Wipe) the SSD via UEFI
  2. Reinstall Ubuntu 22.04 in dual-boot

I know that those actions have no impact on Secure Boot Keys (PK, KEK, DB, DBX) as they are stored in the Firmware. However, I am not so sure about MOK and cannot find explicit answer by checking related questions like: Security boot and mok password or What exactly is MOK in Linux for?. I only found that MOK are stored in the database of shim (source: https://manpages.ubuntu.com/manpages/bionic/man1/mokutil.1.html).

The Question is: Are MOKs (Machine Owner Key) deleted after OS reinstall or Secure Erase (Data Wipe) on BIOS/UEFI level?

MTP
  • 1
  • 1
    No, no. UEFI firmware is independent from your storage aside from boot entries. – Artem S. Tashkinov Dec 10 '22 at 13:03
  • @ArtemS.Tashkinov Thx for Your reply! Yeah, I got it that UEFI Firmware is independent from storage. However, I am not really sure if MOK are too. Just a second ago I found in ubuntu wiki about UEFI - SecureBoot (https://wiki.ubuntu.com/UEFI/SecureBoot) that **" the generated MOK key is kept on the filesystem as regular files owned by root with read-only permissions."**. If I get it correctly, that would mean that MOKs are deleted after OS reinstall / SSD erase. Am I right? – MTP Dec 10 '22 at 18:44
  • The MOK key as a file belongs to the mass storage. The MOK key is normally imported into UEFI and after that it doesn't matter if the storage is still there. – Artem S. Tashkinov Dec 11 '22 at 03:12
  • @ArtemS.Tashkinov I have checked that and You were right. By using `mokutil --list-enrolled` I was able to find MOK, which was created on my previous OS installation. Long story short: **MOK (machine owned key) do survive OS reinstall / SSD erase**. Thx for help! – MTP Jan 06 '23 at 18:17

0 Answers0