I would like to use unified kernel images (UKIs) and systemd-boot
to take advantage of some of the hardware security features it provides (such as measured boot and real secure boot). I think that the ukify
tool that comes with systemd
should make it possible to do this as long as you have the private key and certificate for the machine owner key (MOK) that was enrolled with secure boot on your machine.
Ubuntu 24.04 recently enabled secure boot by default and enrolls a MOK as part of the process. Where can I find the private key and certificate for this MOK so that I can use them to ukify
the system.
Any detail on how to accomplish this on Ubuntu 24.04 and Debian 12 would also help.