If UEFI Secure Boot is enabled, the boot loader, the Linux kernel, and all kernel modules must be signed with a private key and authenticated with the corresponding public key.
A certificate is called Machine Owner Key (MOK)
, and the keys can be maintained using the mokutil
program.
Sources:
For additional info, search for secure boot and out of tree kernel drivers
.
— Martin Burnicki martin.burnicki@burnicki.net, last updated 2022-01-19