Description
Manages Machine Owner Keys used by shim and Secure Boot workflows. It can inspect, import, delete, or prepare key enrollment data that affects which boot components a firmware trust chain accepts.
Use it only when you understand Secure Boot and key enrollment. Incorrect key changes can prevent kernels, bootloaders, or drivers from loading until the trust configuration is repaired.