[CentOS] How to get UEFI setting by shell?
Gordon Messmer
gordon.messmer at gmail.com
Fri Jan 22 21:23:31 UTC 2016
On 01/22/2016 11:11 AM, John R Pierce wrote:
> if you can insert a custom Machine Owner Key into this keyring, then
> anyone with sufficient ingenuity can, too. which renders the whole
> signature thing moot, other than as another step to be cracked.
I'm not sure you understand mokutil. You do know that in order to
enroll a key you must be physically present at the console before the
kernel boots, right? In order to enroll a key, you must have admin
access in the OS, and physical access to the hardware.
Outside of an immutable key database, I think that's nearly as secure as
it's possible to get.
More information about the CentOS
mailing list