Enable Linux Secure Boot
You can use the signed Arctic Wolf certificate to enable Linux Secure Boot on a device for Aurora Protect.
Follow these instructions to enable Linux Secure Boot using the Arctic Wolf certificate before installing the agent.
If Secure Boot is already enabled using a certificate, you must additionally enroll the Arctic Wolf certificate in your Machine Owner Key (MOK). This step ensures a smooth transition while Arctic Wolf gradually releases updated Linux kernel drivers signed with Arctic Wolf keys. Adding the Arctic Wolf certificate ensures that drivers load successfully during agent upgrades and avoids downtime.
Support for Aurora Protect Desktop agent with Linux Secure Boot is currently only available on Red Hat Enterprise Linux and Ubuntu distributions. You must use a supported version of the Aurora Protect Desktop agent. The minimum required agent version is 2.1.1580.
- Download the signed Arctic Wolf Signed Secure Boot certificate and store it on the device where you want to enable Secure Boot.
- Sign in to the Arctic Wolf Unified Portal.
- In the navigation menu, click
Resources > Downloads.
- Scroll to the Aurora Endpoint Software Downloads section.
- In the Product drop-down menu, click Tools.
- Find Arctic Wolf Signed Secure Boot Certificate (awn-secureboot.der) and click Download.
- On the device with the certificate, import the certificate for MOK enrollment.
- Complete the MOK enrollment.
- Select Enroll MOK.
- Select Continue.
- Enter the password that you specified.
- Approve the enrollment.
- Reboot the device again when prompted.
- Verify the certificate enrollment.
- Check that the Arctic Wolf certificate is enrolled using this command:
mokutil --list-enrolled | grep -i arctic - Check that the signature is valid using this command:
dmesg | grep -i 'module verification' - Check that Secure Boot is enabled using this command:
mokutil --sb-state
- Check that the Arctic Wolf certificate is enrolled using this command: