The key or hash, for the Enrolling of efi binaries in the MOK manager window?
by shams from LinuxQuestions.org on (#5C45F)
I installed the rEFInd boot manager with shim, and created my own this key:
Code:openssl req -config ./mokconfig.cnf \
-new -x509 -newkey rsa:2048 \
-nodes -days 36500 -outform DER \
-keyout "MOK.priv" \
-out "MOK.der"And converted the key also to PEM format:
Code:openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pemwith the mokutil imported the MOK.der to the MOK database and after reboot selected Enroll MOK and the key was in the list of mokutil listing.
To Enroll the efi binaries in the mok manager window there are two options, the first option is:
Code:Enroll with the key from the diskAnd the second option is:
Code:Enroll with hash from the diskMy questions is when i am using my above key witch option i should select, second what is deference between a hash and key in this case, Third can i create a hash for the MOK?
Code:openssl req -config ./mokconfig.cnf \
-new -x509 -newkey rsa:2048 \
-nodes -days 36500 -outform DER \
-keyout "MOK.priv" \
-out "MOK.der"And converted the key also to PEM format:
Code:openssl x509 -in MOK.der -inform DER -outform PEM -out MOK.pemwith the mokutil imported the MOK.der to the MOK database and after reboot selected Enroll MOK and the key was in the list of mokutil listing.
To Enroll the efi binaries in the mok manager window there are two options, the first option is:
Code:Enroll with the key from the diskAnd the second option is:
Code:Enroll with hash from the diskMy questions is when i am using my above key witch option i should select, second what is deference between a hash and key in this case, Third can i create a hash for the MOK?