MOK - what just happened?

Questions about Grub, UEFI,the liveCD and the installer
Forum rules
Before you post please read how to get help
Post Reply
spikerobinson
Level 1
Level 1
Posts: 12
Joined: Sun Jan 14, 2018 12:59 pm

MOK - what just happened?

Post by spikerobinson »

There is no forum section that relates to Updates - probably there should be? - so I am posting here. Site search for 'MOK' returned zero posts.

I applied a bunch of updates and very unusually I had a screen asking me to set a MOK password for a post-reboot activity that would preserve my third party drivers. If I didn't follow this procedure I would lose my drivers. This struck fear in my heart as previous Mint updates have killed my third party wifi drivers leaving my Mint machine more or less unusable. So I set the MOK password. There was no reboot initiated by the installer so I initiated one myself. A screen came up that I did not immediately understand or recognise from what had been said during the update. I was prompted to do a 'MOK Enroll' - I have no idea what this is and did not remember this phrase from the password-setting screen during the update. So I hit continue. Since nothing happened (I was waiting for some kind of prompt) I rebooted again. Guess what, the Enroll MOK option is now gone. So, seriously, I get one chance to do this unfamiliar, but apparently critical, procedure, and then that's it? One chance and I'm done? No more drivers, no more network, no more usable Mint machine? Not a great experience!

Code: Select all

$ inxi -Fxz
System:    Host: HP15 Kernel: 4.15.0-43-generic x86_64 (64 bit gcc: 5.4.0)
           Desktop: Cinnamon 3.6.7 (Gtk 3.18.9) Distro: Linux Mint 18.3 Sylvia
Machine:   System: Hewlett-Packard product: HP 15 Notebook PC v: 0973120000405F00001620180
           Mobo: Hewlett-Packard model: 21F7 v: 52.3B
           Bios: Insyde v: F.34 date: 02/05/2015
CPU:       Quad core AMD A6-5200 APU with Radeon HD Graphics (-MCP-) cache: 8192 KB
           flags: (lm nx sse sse2 sse3 sse4_1 sse4_2 sse4a ssse3 svm) bmips: 15970
           clock speeds: max: 2000 MHz 1: 968 MHz 2: 972 MHz 3: 808 MHz
           4: 817 MHz
Graphics:  Card: Advanced Micro Devices [AMD/ATI] Kabini [Radeon HD 8400 / R3 Series]
           bus-ID: 00:01.0
           Display Server: X.Org 1.18.4 drivers: ati,radeon (unloaded: fbdev,vesa)
           Resolution: 1366x768@60.02hz
           GLX Renderer: AMD KABINI (DRM 2.50.0 / 4.15.0-43-generic, LLVM 5.0.0)
           GLX Version: 3.0 Mesa 17.2.4 Direct Rendering: Yes
Audio:     Card-1 Advanced Micro Devices [AMD] FCH Azalia Controller
           driver: snd_hda_intel bus-ID: 00:14.2
           Card-2 Advanced Micro Devices [AMD/ATI] Kabini HDMI/DP Audio
           driver: snd_hda_intel bus-ID: 00:01.1
           Sound: Advanced Linux Sound Architecture v: k4.15.0-43-generic
Network:   Card-1: Broadcom and subsidiaries BCM43142 802.11b/g/n
           driver: wl bus-ID: 03:00.0
           IF: wlo1 state: up mac: <filter>
           Card-2: Realtek RTL810xE PCI Express Fast Ethernet controller
           driver: r8169 v: 2.3LK-NAPI port: 2000 bus-ID: 04:00.0
           IF: enp4s0 state: down mac: <filter>
Drives:    HDD Total Size: 1000.2GB (5.4% used)
           ID-1: /dev/sda model: ST1000LM024_HN size: 1000.2GB
Partition: ID-1: / size: 367G used: 43G (13%) fs: ext4 dev: /dev/sda7
           ID-2: swap-1 size: 8.91GB used: 0.00GB (0%) fs: swap dev: /dev/dm-0
RAID:      No RAID devices: /proc/mdstat, md_mod kernel module present
Sensors:   System Temperatures: cpu: 55.0C mobo: 20.0C gpu: 56.0
           Fan Speeds (in rpm): cpu: N/A
Info:      Processes: 203 Uptime: 12 min Memory: 930.8/3394.4MB
           Init: systemd runlevel: 5 Gcc sys: 5.4.0
           Client: Shell (bash 4.3.481) inxi: 2.2.35
spikerobinson
Level 1
Level 1
Posts: 12
Joined: Sun Jan 14, 2018 12:59 pm

Re: MOK - what just happened?

Post by spikerobinson »

Ok when doing further updates I get another opportunity and also a chance to copy the text of the instructions:

UEFI Secure Boot requires additional configuration to work with third-party drivers.

The system will assist you in configuring UEFI Secure Boot. To permit the use of third-party drivers, a new Machine-Owner Key (MOK) has been generated. This key now needs to be enrolled in your system's firmware.

To ensure that this change is being made by you as an authorized user, and not by an attacker, you must choose a password now and then confirm the change after reboot using the same password, in both the "Enroll MOK" and "Change Secure Boot state" menus that will be presented to you when this system reboots.

If you proceed but do not confirm the password upon reboot, Ubuntu will still be able to boot on your system but any hardware that requires third-party drivers to work correctly may not be usable.
tenfoot
Level 6
Level 6
Posts: 1114
Joined: Sun Jun 03, 2007 4:12 am

Re: MOK - what just happened?

Post by tenfoot »

I don't think I can help you from my experience but as I'd never heard of MOK before I did a little research and came up with

https://firmware.intel.com/blog/using-m ... suse-linux, which may lead you to something of help.
tenfoot
"Light thinks it travels faster than anything but it is wrong. No matter how fast light travels, it finds darkness always got there first, and is waiting for it." Terry Pratchett (Reaper Man)
JeremyB
Level 20
Level 20
Posts: 12070
Joined: Fri Feb 21, 2014 8:17 am

Re: MOK - what just happened?

Post by JeremyB »

I wouldn't worry about MOK if you have Secure Boot disabled. I need third party drivers for wifi on my laptop with Ubuntu but have never seen this MOK screen but I have had Secure Boot disabled from the start
pbear
Level 15
Level 15
Posts: 5656
Joined: Wed Jun 21, 2017 12:25 pm
Location: San Francisco

Re: MOK - what just happened?

Post by pbear »

spikerobinson wrote:
Thu Mar 14, 2019 2:44 pm
Site search for 'MOK' returned zero posts.
A bit off topic, but want to explain this as you went to the trouble of searching. FYI, the Forum's search engine does not support three character terms, which affects a lot of searches. One workaround (works on Google and most other engines) is to search for: site:forums.linuxmint.com <search terms>. Plus, of course, you can simply search the internet without limiting to the Forum. Here, for example, such a search turns up this Ubuntu page.
colosau
Level 1
Level 1
Posts: 2
Joined: Tue Dec 10, 2019 7:36 am

Re: MOK - what just happened?

Post by colosau »

Iam the same problem, how can i call again the MOK screen?
colosau
Level 1
Level 1
Posts: 2
Joined: Tue Dec 10, 2019 7:36 am

Re: MOK - what just happened?

Post by colosau »

So, i give up and start a new stallation with Secure boot off, did this on my Bios Setup
User avatar
Moem
Level 21
Level 21
Posts: 13254
Joined: Tue Nov 17, 2015 9:14 am
Location: The Netherlands
Contact:

Re: MOK - what just happened?

Post by Moem »

Colosau, just for future reference: it's better to start a new topic, not to post your question on an existing topic that someone else posted... and in fact that's what the forum rules ask you to do. Thanks for your understanding!
Image

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
jglen490
Level 5
Level 5
Posts: 998
Joined: Sat Jul 15, 2017 9:57 pm

Re: MOK - what just happened?

Post by jglen490 »

You can also look for
mokutil
and manage a lot of that from a terminal. But, yes, disabling Secure Boot in UEFI/BIOS will ensure that your machine won't be concerned with security keys in software.
I feel more like I do than I did when I got here.
Toshiba A135-S2386, Intel T2080, ATI Radeon® Xpress 200M Chipset, 2GB RAM, 500GB
Post Reply