MOK passwoord for veeamsnap-ueficert?

[ipro-bgardner]

Working with Veeam Linux Agent on CentOS 8.3.

When I install or remove veeamsnap-ueficert.noarch via dnf, I get messages like:

Certificate /etc/uefi/certs/veeamsnap-ueficert.crt has been imported successfully, please reboot this computer to enroll it into the UEFI database.

or

Certificate /etc/uefi/certs/veeamsnap-ueficert.crt has been deleted successfully, please reboot this computer to remove it from the UEFI database.

Then I reboot and go into MOK Manager, and either install or remove the cert, but I am prompted for a password.

What is the password?

Without knowing the password, I am forced to proceed with boot without completing the MOK Manager operation. Then I can manually set the cert for installation/deletion using mokutil, set a password, reboot, and I am able to do the MOK Manager operation because I know the password because I just set it.

I would like to skip having to reboot twice and mess with mokutil. How do I find the password that is used when installing/uninstalling veeamsnap-ueficert using a package manager such as yum, dnf, apt-get, etc.?

Regards,

Brent Gardner

[Natalia Lupacheva]

Hi Brent,

Just to clarify - did you try a bypass suggested here?

Thanks!

[PTide]

@ipro-bgardner ,

mokutils is supposed to ask you to specify a MOK password when you import ueficert in CLI (unless someone has specified the password earlier)

Thanks!

[ipro-bgardner]

@Natalia Lupacheva,

I just tried this using the local system's root password and it worked. Thanks for the link. But it seems that this is not documented in Veeam documents anywhere, or my google-fu is weak.

To clarify: If I install or uninstall the veeamsnap-ueficert package using a package manager such as dnf, if I reboot and go into MOK Manager, I can complete the installation or removal of the cert using the local system's root password when prompted for a password.

Regards,

Brent Gardner

[ipro-bgardner]

@PTide,

mokutil behaves as you describe when I use it interactively.

My question was about the password to be used in MOK Manager when the cert is installed or removed using a package manager such as DNF. In this case, the password is not set by me running mokutil, it is set by some interaction between the package manager and the package, and the password to be used is not documented in Veeam official documentation.

Regards,

Brent Gardner

[PTide]

Ok, now I see what you mean. Veeam does not set any password, hence root password is used (default behaviour for mokutils), but I can see that you've already figured that : )

Thanks!

[jcyanquen]

Hi.
I didn't know mokutils used root password when yum installed the package (veeamsnap-ueficert).

So, in my case I opted for cancel enroll and do it manually with an easy-to-type passwd.

# mokutil --revoke-import
# mokutil --import /etc/uefi/certs/veeamsnap-ueficert.crt