Multiple Linux distributions have implemented UEFI Secure Boot, but this creates problems deploying 3rd party modules and custom-built kernels alongside components signed by the UEFI certificate Authority (CA). The Machine Owner Key MOK concept can be used with a signed shim loader to enable key management at the user/sysadmin level.
Figure 3-1 and Table 3-1 provide an overview of MOK.
Table 3-1: Linux MOK Boot
OS Kernel Verification