I have set up a machine (NUCi10FNK for the curious) for secure booting, created my own MOK, enrolled it, signed a kernel with it, works like charm.
Now, I want to remove all MOKs except for mine, so that only kernels signed by me can boot. I take the following steps:
mkdir m; cd m; mokutil –export
Go through the certs (for i in *; do openssl x509 -in $i -inform DER -text | less; done) and rm mine.
Run for i in MOK*; do sudo mokutil –delete $i; done on the remaining.
Upon reboot, the MOK manager comes on, I go through the delete dance, and the machine reboots.
If I run mokutil –list-enrolled, the Canonical Master CA key is back on:
SHA1 Fingerprint: 76:a0:92:06:58:00:bf:37:69:01:c3:72:cd:55:a9:0e:1f:de:d2:e0
Version: 3 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=GB, ST=Isle of Man, L=Douglas, O=Canonical Ltd., CN=Canonical Ltd. Master Certificate Authority
Not Before: Apr 12 11:12:51 2012 GMT
Not After : Apr 11 11:12:51 2042 GMT
Subject: C=GB, ST=Isle of Man, L=Douglas, O=Canonical Ltd., CN=Canonical Ltd. Master Certificate Authority
Note that it is the second key, which means that it was intalled after my key, which means that something put it back.
What is that something, and how do I get rid of it?
What am I trying to accomplish: I want only kernels signed by me to be bootable on that machine; I keep disk encryption keys in the TPM. The machine can only boot from disk, but an adversary can still replace the boot disk with one freshly installed on another machine, with secure boot off, boot on the target machine, and extract the keys from the TPM.