Machine Owner Key (MOK)
Multiple Linux distributions have implemented UEFI Secure Boot, but this creates problems deploying 3rd party modules and custom-built kernels alongside components signed by the UEFI certificate Authority (CA). The Machine Owner Key MOK concept can be used with a signed shim loader to enable key management at the user/sysadmin level.
Figure 3-1 and Table 3-1 provide an overview of MOK.

Figure 3-1: Linux MOK Boot, (source: “UEFI Secure Boot Webinar”)

Table 3-1: Linux MOK Boot
Item
Entity
Provider
Location
TP
OS Kernel Verification
OSV
External storage
CDI
Shim
OSV
External storage
MOK list
User
Variable
UDI
OS Kernel
User
External storage
Last modified 1yr ago