"Perform MOK Management"

In relation to After an update - ‘Press any key to enter mok management‘ during the restart., When I get the “Perform MOK Management” screen, is there anything I should know that needs to be done? My system boots fine:

That screen indicates that there has been a request to enroll a key.

If you know about that, and don’t want to enroll it, then go with “Continue boot”. Otherwise select “Enroll MOK”. It will give you the fingerprint of the key and ask if you want to enroll. And if it asks for a password, that is likely to be the root password.

4 Likes

Then I read articles likes these and I’m afraid of crashing and burning: https://www.linux.org/threads/mok-secure-boot-problem.49598/ | "Enroll MOK" dialog after the 1-st reboot when you install Linux Mint 20.1 - what is it for (secure boot)? - Unix & Linux Stack Exchange

Yes, it can be confusing when that first shows up. But you won’t crash and burn. The worst that can happen is that you miss enrolling the key, and then maybe something won’t quite work.

1 Like

Opensuse is mostly idiot proof - I am proof positive of that since I’m using it. MOK mngmnt looks like a global secure boot device that requires a machine like response. I can’t guarantee that for myself. I read about enrolling the keys in case the shim program can’t bring up grub2. I would be lost if that happened; I’m still trying to understand the docs.

OK, it wasn’t that bad. I followed the blue screen instructions to the letter with no problem. But I’m docking that MOK mngmt -2 points for not letting me see my keystrokes: SDB:NVIDIA drivers - openSUSE Wiki

This is a feature since decades that you don‘t see the input when you type the password (no matter if user or root…) in any terminal type input window. It is a kind of security feature.

2 Likes

But would it forgive me like the Konsole in Opensuse for inputting the wrong password?

It will tell you that password is wrong and you can try again.

Make that > 50 years :wink:

In those times characters you typed on the TTY where send over the data communication line to the computer which then echoed back the code which made the TTY throw that character on the paper. For secret things like passwords, the echoing was switched off. It has ever been like that. It is thus NOT a feature of the terminal (and that is why it works on all terminal (emulator)s). It is in the terminal driver of the kernel.

And of course, what you type arrives at the terminal driver and thus will be forwarded to the password checker. And it will be rejected when wrong.

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.