.TH MOKUTIL 1 "Thu Jul 25 2013"
.SH NAME

mokutil \- utility to manipulate machine owner keys

.SH SYNOPSIS
\fBmokutil\fR [--list-enrolled]
.br
\fBmokutil\fR [--list-new]
.br
\fBmokutil\fR [--list-delete]
.br
\fBmokutil\fR [--import \fIkeylist\fR| -i \fIkeylist\fR]
        ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P] |
         [--simple-hash | -s])
.br
\fBmokutil\fR [--delete \fIkeylist\fR | -d \fIkeylist\fR]
        ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P] |
         [--simple-hash | -s])
.br
\fBmokutil\fR [--revoke-import]
.br
\fBmokutil\fR [--revoke-delete]
.br
\fBmokutil\fR [--export | -x]
.br
\fBmokutil\fR [--password | -p]
        ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P] |
         [--simple-hash | -s])
.br
\fBmokutil\fR [--clear-password | -c]
        ([--simple-hash | -s])
.br
\fBmokutil\fR [--disable-validation]
.br
\fBmokutil\fR [--enable-validation]
.br
\fBmokutil\fR [--sb-state]
.br
\fBmokutil\fR [--test-key | -t] ...
.br
\fBmokutil\fR [--reset]
        ([--hash-file \fIhashfile\fR | -f \fIhashfile\fR] | [--root-pw | -P] |
         [--simple-hash | -s])
.br
\fBmokutil\fR [--generate-hash=\fIpassword\fR | -g\fIpassword\fR]
.br

.SH DESCRIPTION
\fBmokutil\fR is a tool to import or delete the machines owner keys
(MOK) stored in the database of shim.

.SH OPTIONS
.TP
\fB--list-enrolled\fR
List the keys the already stored in the database
.TP
\fB--list-new\fR
List the keys to be enrolled
.TP
\fB--list-delete\fR
List the keys to be deleted
.TP
\fB--import\fR
Collect the followed files and form a request to shim. The files must be in DER
format.
.TP
\fB--revoke-import\fR
Revoke the current import request (MokNew)
.TP
\fB--revoke-delete\fR
Revoke the current delete request (MokDel)
.TP
\fB--export\fR
Export the keys stored in MokListRT
.TP
\fB--password\fR
Setup the password for MokManager (MokPW)
.TP
\fB--clear-password\fR
Clear the password for MokManager (MokPW)
.TP
\fB--disable-validation\fR
Disable the validation process in shim
.TP
\fB--enrolled-validation\fR
Enable the validation process in shim
.TP
\fB--sb-state\fR
Show SecureBoot State
.TP
\fB--test-key\fR
Test if the key is enrolled or not
.TP
\fB--reset\fR
Reset MOK list
.TP
\fB--generate-hash\fR
Generate the password hash
.TP
\fB--hash-file\fR
Use the password hash from a specific file
.TP
\fB--root-pw\fR
Use the root password hash from /etc/shadow
.TP
\fB--simple-hash\fR
Use the old SHA256 password hash method to hash the password
.br
Note: --root-pw invalidates --simple-hash