Hi everyone,
I have several servers running Red Hat Enterprise Linux 8 (64-bit). I need to access Shim UEFI Key Management to enroll some third-party keys.
However, the current method to access the Shim UEFI Key Management interface requires a reboot, which would heavily impact the critical services running on these production servers.
Is there any method or tool that allows enrolling keys into Shim UEFI Key Management without rebooting the server, or is a reboot strictly required for this operation?
Thanks in advance for your support.
@Mk_83 I dont think you can avoid reboot here. After enrolling keys, the system needs to be rebooted for the changes to take effect. Upon reboot, the system can validate the signatures of bootloaders and kernels using the enrolled keys.
A reboot is needed; anything else would contradict the security principles of Secure Boot.
The running OS has no control over those processes for obvious reasons.
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.