1. Security Guide for Oracle Exadata
  2. Security Features of Oracle Exadata Database Machine
  3. Restricting the Binaries Used to Boot the System
  4. Managing Keys and Certificates Used with Secure Boot
  5. Adding Keys for Secure Boot Using mokutil

2.2.3.1 Adding Keys for Secure Boot Using mokutil

You can import or add new keys for use with Secure Boot.

You can use the command mokutil --help to view additional options.
You must run these command as the root user.
  1. Create a DER-formatted X509 certificate file for the key you want to add.
  2. Check to see if the key is already active.
    # mokutil --test-key new_target_cert.cer
  3. If the key is not currently active, then import the key certificate.
    # mokutil --import new_target_cert.cer

Parent topic: Managing Keys and Certificates Used with Secure Boot