Back to main site | Back to man page index

MOKUTIL(1)                                     General Commands Manual                                     MOKUTIL(1)



NAME
       mokutil - utility to manipulate machine owner keys


SYNOPSIS
       mokutil [--list-enrolled]
       mokutil [--list-new]
       mokutil [--list-delete]
       mokutil [--import keylist| -i keylist]
               ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
                [--simple-hash | -s])
       mokutil [--delete keylist | -d keylist]
               ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
                [--simple-hash | -s])
       mokutil [--revoke-import]
       mokutil [--revoke-delete]
       mokutil [--export | -x]
       mokutil [--password | -p]
               ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
                [--simple-hash | -s])
       mokutil [--clear-password | -c]
               ([--simple-hash | -s])
       mokutil [--disable-validation]
       mokutil [--enable-validation]
       mokutil [--sb-state]
       mokutil [--test-key | -t] ...
       mokutil [--reset]
               ([--hash-file hashfile | -f hashfile] | [--root-pw | -P] |
                [--simple-hash | -s])
       mokutil [--generate-hash=password | -gpassword]


DESCRIPTION
       mokutil is a tool to import or delete the machines owner keys (MOK) stored in the database of shim.


OPTIONS
       --list-enrolled
              List the keys the already stored in the database

       --list-new
              List the keys to be enrolled

       --list-delete
              List the keys to be deleted

       --import
              Collect the followed files and form a request to shim. The files must be in DER format.

       --revoke-import
              Revoke the current import request (MokNew)

       --revoke-delete
              Revoke the current delete request (MokDel)

       --export

              Enable the validation process in shim

       --sb-state
              Show SecureBoot State

       --test-key
              Test if the key is enrolled or not

       --reset
              Reset MOK list

       --generate-hash
              Generate the password hash

       --hash-file
              Use the password hash from a specific file

       --root-pw
              Use the root password hash from /etc/shadow

       --simple-hash
              Use the old SHA256 password hash method to hash the password
              Note: --root-pw invalidates --simple-hash



                                                   Thu Jul 25 2013                                         MOKUTIL(1)