MOK - what is that? All you need to know

Isaac

2 minutes

MOK, Linux

Surely the screen you see in this image has ever appeared to you. It arises after an update of some of the kernel drivers. When these are updated, after restarting the machine it is likely that you will come across these screens. You should not be scared, you should not worry, but you should know what's that MOK and why it happens.

How is it a fairly frequent doubt among some users, I will try to clarify here everything you should know about MOK and these types of screens that are shown to you on some occasions ...

The first thing is to say that the owner key of the machine or MOK (Machine Owner Key) it is a way to ensure a boot process. It does this by allowing only those components and drivers that have been approved by the operating system to run. All this comes from the implementation of the famous Secure Boot of UEFI systems.

MOK must be implemented by the BIOS / UEFI or some basic start code of a team. That way only signed code can be executed to prevent malicious or unauthorized code may run while loading the operating system. Once started, the OS can take over this responsibility.

Surely, when you have installed a kernel module or driver, surely you have had to generate keys, use mokutil, etc., if so, the reason is that MOK uses a cryptography with a public key. For example, it sure happened to you for the controller vboxdrv for VirtualBox. That is why you can generate a key pair yourself and then sign the modules so that they can be executed.

That is quite an advantage, since it was not like that before and everything had to go through Microsoft's happy system. So you needed SHIM, a kind of middleman between the UEFI and GRUB.

Ultimately, the role of these firms is protect the system of cyber attackers or malware that could be executed during the system startup. If any of the kernel components or drivers had been tampered with, it would be detected and prevent it from booting.

Now, Is it really necessary on all teams? The truth is that no, as long as there is not an attacker who can have physical access to the computer and can obtain privileges. That is, in most homes, if someone has entered your home and accessed your computer, I think the least they care about is whether or not they have modified the boot code ... But it can be good on exposed systems more people, organizations where there are more personnel with access, etc.


Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.