Enrolling Veeam Kernel Module Key Using MOK Management

The Veeam kernel module key is available in the ueficert package that resides in the Veeam software repository. Depending on the Linux distribution version, the full name of the package can be veeamsnap-ueficert-6.1.0.1498-1.noarch or blksnap-ueficert-6.1.0.1498-1.noarch.

To enroll the Veeam public key to the MOK list, do the following:

  1. Install the package that contains the public key for pre-built Veeam kernel module by using the following command:

rpm -i <...>/veeamsnap-ueficert-6.1.0.1498-1.noarch.rpm

or

rpm -i <...>/blksnap-ueficert-6.1.0.1498-1.noarch.rpm

TIP

After the package is installed, you can verify that the key enrollment is planned for the next reboot using the following command: mokutil -N. If the command output shows that the key enrollment is not planned, request the enrollment of the public key manually with the following command: mokutil --import veeamsnap-ueficert.crt or mokutil --import blksnap-ueficert.crt.

  1. Reboot the computer to enroll the Veeam public key into the UEFI database.
  2. During reboot, when prompted, press any key to perform MOK management.

Enrolling Veeam Kernel Module Key Using MOK Management 

IMPORTANT

The prompt will time out in 10 seconds. If you don't press any key, the system will continue booting without enrolling the key. If you don't enroll the key at reboot, you will have to reconfigure the key by reinstalling the ueficert package and reboot again.

  1. At the first step of the wizard, select Enroll MOK and press [Enter].

Enrolling Veeam Kernel Module Key Using MOK Management 

  1. At the Enroll MOK step, select Continue and press [Enter].

Enrolling Veeam Kernel Module Key Using MOK Management 

  1. At the Enroll the key(s) step, select Yes and press [Enter].

Enrolling Veeam Kernel Module Key Using MOK Management 

  1. Provide the password for the root account and press [Enter].

Enrolling Veeam Kernel Module Key Using MOK Management 

  1. At the final step, select Reboot and press [Enter].

Enrolling Veeam Kernel Module Key Using MOK Management 

  1. After the system reboots, verify that the key is successfully enrolled with the following command: mokutil -l.

By default, the key is stored in the /etc/uefi/certs directory.