Is it possible to delete an enrolled key using mokutil without the original .der file?

While fighting with my discrete graphics card, I reinstalled Ubuntu several times. The first couple times I was very careful to move the .priv and .der key I was using to sign my dkms kernel modules to another partition. Unfortunately, as I got more frustrated I became less careful and apparently accidentally cut and pasted from the backup (rather than copying and pasting) and then reformatted over the sole remaining key in the next re-install. I used photorec to try and recover the files but unfortunately no *.der or *.priv files were recovered.

It seems that the intended way to un-enroll machine owner keys (MOKs) is

mokutil --delete keyname.der 

Given that I no longer have the public key, is there another way for me to un-enroll it?


Figured it out. The --reset parameter does the trick.

sudo mokutil --reset

If you had multiple MOKs enrolled and only wanted to remove one it might not be ideal.

If someone comes up with a better option I'll accept that answer.

Category: uefi Time: 2016-07-31 Views: 1

Related post

iOS development

Android development

Python development

JAVA development

Development language

PHP development

Ruby development


Front-end development


development tools

Open Platform

Javascript development

.NET development

cloud computing


Copyright (C), All Rights Reserved.

processed in 0.283 (s). 12 q(s)