Results 1 to 1 of 1

Thread: Strange key in DB

  1. #1
    Join Date
    Apr 2008
    Beans
    168

    Strange key in DB

    Hello
    On my very old laptop (Lenovo E540) I had to put a new mainboard in because the previous one has failed.
    Secure boot was enabled so at first boot of Ubuntu, a process ran to install the Canonical Secure Boot key. It failed and ran for hours using 100% of one thread. I installed the /var/lib/shim-signed/mok/MOK.der by hand (as I knew from a previous attempt *).
    And all was fine.
    Today, wanting to document my work in my notes, I've found that I have a key in the DB which is somewhat strange. All I've got is :
    Code:
    # mokutil --db
    [key 1]
      [SHA-256]
      14e62a4905e19189e7082898XXXXXXXXXX0a331XXXXXXXXXX2b0e818a827f436  (key edited obviously...)
    
    [key 2]
    ........well known key from Redmond....
    I do not know were this key comes from and if it was present before installing the Mobo or not. Bur I can't export it to a .der file in order to remove it nor manipulate it.
    So I've got a couple of questions :
    1) what is this key and were did it comes from ?
    2) is it safe to remove and if yes how ?
    Many many thanks in advance for your help and answer.
    Have a nice and bright day !
    * : The Lenovo BIOS and ACPI is somewhat flawed on this machine. I've a bunch of ACPI errors during boot (not solved by BIOS update nor Linux Kernel updates) and even Grub is unable to display it's menu if I use the unicode.pf2 font... So I'm not surprised that the automatic installation of the Canonical Secure Boot key is not working as it is on a lot of other machines I've worked with...
    Last edited by georgesgiralt; May 7th, 2021 at 08:46 AM. Reason: Typos fixing. Should proofread before posting...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •