If your machine uses the UEFI boot firmware, you must import and enroll the ELRepo key.

Importing the ELRepo key

Run the following command to import the ELRepo key distributed with Entrust PKI Hub.

sudo mokutil --import /etc/pki/elrepo/SECURE-BOOT-KEY-elrepo.org.der

When prompted:

  1. Type the password of the sysadmin  user.
  2. Type a password for the key.
  3. Confirm the key password.

Enrolling the ELRepo key

Once imported, enroll the key as explained below.

See http://elrepo.org/tiki/SecureBootKey for more details on enrolling the ElRepo key.

To enroll the ElRepo key

  1. Log into the console of the local machine. The following operations do not support a remote console like an SSH client. 
  2. Reboot the system and wait for the Shim UEFI key management screen.
  3. Press any key within 10 seconds to display the Perform MOK management dialog.
  4. Select Enroll MOK and press Enter to display the Enroll MOK dialog.
  5. Select View key 0 and press Enter to display the key information.
  6. Check that the serial number is 0xe9d471cfb4fe136c.
  7. Check that the SHA1 fingerprint is e1:21:a2:f6:07:2e:f2:94:de:20:0e:6b:5d:1b:49:c0:65:dc:e3:e7.
  8. Press ESC to return to the Enroll MOK dialog.
  9. Select Continue and press Enter to display the enrollment confirmation dialog.
  10. Select Yes and press Enter to display the password form.
  11. Type the key password you selected when importing the ELRepo key.
  12. Press Enter to return to the Perform MOK management dialog.
  13. Select Reboot and press Enter.