Wiki source code of RangeeOS - Enroll MOK for Secure Boot
Last modified by René Vögeli on 2026/01/27 13:51
Show last authors
| author | version | line-number | content |
|---|---|---|---|
| 1 | (% class="wikigeneratedid" %) | ||
| 2 | Starting with RangeeOS 13.00, **Secure Boot **can be used on the devices. However, before **Secure Boot **can be enabled on your own hardware, it must be ensured that our Rangee MOK (Machine Owner Key) is installed on the device. | ||
| 3 | |||
| 4 | (% class="wikigeneratedid" %) | ||
| 5 | There are **two options** to start the installation of the MOK. | ||
| 6 | |||
| 7 | (% class="box warningmessage" %) | ||
| 8 | ((( | ||
| 9 | The installation of the MOK consists of **two steps**. | ||
| 10 | The installation process is started via the Kommbox or an installation medium. However, the actual transfer to the BIOS takes place **outside of RangeeOS**. | ||
| 11 | |||
| 12 | Please note that this process **cannot be performed remotely**. | ||
| 13 | ))) | ||
| 14 | |||
| 15 | {{toc/}} | ||
| 16 | |||
| 17 | = Rolling out the key via... = | ||
| 18 | |||
| 19 | == ... an existing RangeeOS installation == | ||
| 20 | |||
| 21 | * Navigate in the Kommbox to** System ->** **Bootloader.** | ||
| 22 | * Click the **Enroll **button next to the option **Enroll Rangee SecureBoot Signing key (MOK)**. | ||
| 23 | [[image:1769420162118-671.png||height="192" width="600"]] | ||
| 24 | |||
| 25 | * Note the displayed PIN and click **Submit**. | ||
| 26 | [[image:1769420223013-526.png||height="186" width="600"]] | ||
| 27 | |||
| 28 | * Restart the client and follow the further instructions. | ||
| 29 | |||
| 30 | == ... a RangeeOS installation medium == | ||
| 31 | |||
| 32 | (% class="box infomessage" %) | ||
| 33 | ((( | ||
| 34 | The options described here are only available when booting ISO files **without the suffix “unattended”** in the file name. | ||
| 35 | ))) | ||
| 36 | |||
| 37 | * Create a USB stick for the RangeeOS installation as described [[here>>doc:HowTos.USB-Installer.WebHome]]. | ||
| 38 | * Boot the client from the USB stick. | ||
| 39 | * (Optional) First perform the installation of RangeeOS on the device. | ||
| 40 | * Select the option **Enroll MOK for Secure Boot**. | ||
| 41 | [[image:1769419349061-481.png||height="412" width="600"]] | ||
| 42 | |||
| 43 | * Confirm the security prompt with **Yes. | ||
| 44 | [[image:1769419444164-614.png||height="224" width="600"]]** | ||
| 45 | |||
| 46 | * Note the password displayed here. | ||
| 47 | [[image:1769419480776-801.png||height="230" width="600"]] | ||
| 48 | |||
| 49 | * Restart the client and follow the further instructions. | ||
| 50 | |||
| 51 | = Transferring the key to the BIOS = | ||
| 52 | |||
| 53 | (% class="wikigeneratedid" %) | ||
| 54 | After restarting, the client automatically starts the **Shim UEFI Key Management**, which guides you through the required steps. | ||
| 55 | |||
| 56 | 1. Press any key within **60 seconds** to start the installation of the key. If no key is pressed within this time, the rollout process must be started again. | ||
| 57 | [[image:step1.png||height="450" width="600"]] | ||
| 58 | |||
| 59 | 1. Select **Enroll MOK**. | ||
| 60 | [[image:step2.png||height="450" width="600"]] | ||
| 61 | |||
| 62 | 1. Select **Continue**. | ||
| 63 | [[image:step3.png||height="450" width="600"]] | ||
| 64 | |||
| 65 | 1. Select **Yes**. | ||
| 66 | [[image:step4.png||height="450" width="600"]] | ||
| 67 | |||
| 68 | 1. Enter the previously noted **PIN**. | ||
| 69 | [[image:step5.png||height="450" width="600"]] | ||
| 70 | |||
| 71 | 1. Select **Reboot**. | ||
| 72 | [[image:step6.png||height="450" width="600"]] | ||
| 73 | |||
| 74 | The rollout of the MOK is now complete. You can now restart the device and enable Secure Boot in the BIOS. |