About this task
The Machine Owner Key (MOK) facility is a feature that can be used to augment the UEFI Secure Boot key database. When Linux boots on a UEFI-enabled system with Secure Boot enabled, the keys on the MOK list are also added to the system keyring in addition to the keys from the key database. The MOK list keys are also stored persistently and securely in the same fashion as the Secure Boot key database keys, but these are two separate facilities. The MOK facility is supported by the shim first-stage boot loader.
Enrolling a MOK key requires manual interaction by a physically present user at the UEFI system console on each target system.
Steps
Follow these steps to add the public key to the MOK list: