mokutil:tldr:9659f
The command "mokutil --list-enrolled" is used to list all the enrolled Machine Owner Keys (MOKs) in the system. MOKs are used to sign third-party kernel modules in Linux systems that have Secure Boot enabled. Secure Boot is a security feature implemented in modern computers to ensure that only trusted software is allowed to run during the boot process.
When Secure Boot is enabled, the kernel modules should be signed with a trusted key. However, in some cases, the system may need to load third-party kernel modules that are not signed with the default key. In such cases, the system administrator can enroll additional keys, known as Machine Owner Keys (MOKs), which are authorized to sign these third-party kernel modules.
The "mokutil" command is a utility that manages MOKs in Linux systems. The "--list-enrolled" option is used with this command to display a list of all the enrolled keys in the system. It will show details such as the key's hash, description, and the time it was enrolled. This information can be useful in verifying the currently enrolled MOKs and ensuring that the system is using the intended keys for verifying third-party kernel modules.