cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Mk_83
Cadet
Cadet
‎07-31-2025 11:14 AM
  • 310 Views

RHEL 8 – Enroll 3rd-Party Keys in Shim UEFI Without Reboot?

Hi everyone,

I have several servers running Red Hat Enterprise Linux 8 (64-bit). I need to access Shim UEFI Key Management to enroll some third-party keys.

However, the current method to access the Shim UEFI Key Management interface requires a reboot, which would heavily impact the critical services running on these production servers.

Is there any method or tool that allows enrolling keys into Shim UEFI Key Management without rebooting the server, or is a reboot strictly required for this operation?

Thanks in advance for your support.

 

Labels (2)
Labels
Join the discussion
2 Replies
Chetan_Tiwary_
Community Manager
Community Manager
‎07-31-2025 06:24 PM
  • 283 Views

@Mk_83 I dont think you can avoid reboot here. After enrolling keys, the system needs to be rebooted for the changes to take effect. Upon reboot, the system can validate the signatures of bootloaders and kernels using the enrolled keys.

PetrCihlar
Moderator
Moderator
‎08-01-2025 07:20 AM
  • 259 Views

A reboot is needed; anything else would contradict the security principles of Secure Boot.
The running OS has no control over those processes for obvious reasons.

Join the discussion
You must log in to join this conversation.
Red Hat Learning Community

Red Hat

Learning Community

A collaborative learning environment, enabling open source skill development.

Red Hat Inc. Copyright ?2025 Red Hat, Inc. Privacy policy Terms of use