Login
SignUp

How to enable secure boot for CloudLinux 9.2

Enabling Secure Boot on CloudLinux 9.2 can help enhance system integrity and security—especially on production servers. Here’s how you can enable it step by step.

Verify UEFI Mode Is Enabled

Secure Boot only works in UEFI mode. To check your current boot mode:

ls /sys/firmware/efi

If the directory exists, you are in UEFI mode. If not, you need to reinstall the OS with UEFI enabled in your BIOS.

Read more: How to Boot Ubuntu 24.04 into Rescue Mode

Check Secure Boot Status

To see if Secure Boot is already enabled or not:

mokutil --sb-state

If you see:

SecureBoot disabled

You’ll need to enable it from your BIOS/UEFI settings.

Read more: How to check system logs in Ubuntu

Enable Secure Boot in BIOS

Restart your server and enter the BIOS/UEFI firmware (usually by pressing F2, F10, or DEL during boot).

Then:

  • Navigate to the Boot or Security tab.

  • Set Secure Boot to Enabled.

  • Save and exit.

Boot back into your system.

Read more: How to enable wlan0 in kali linux

Install Required Packages

CloudLinux 9.2 is based on RHEL, so use dnf to install the required tools:

dnf install mokutil pesign openssl

Create Machine Owner Key (MOK)

Secure Boot requires a signed kernel and modules. First, generate a key pair:

mkdir -p /root/secureboot/keys
cd /root/secureboot/keys

openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -out MOK.crt -nodes -days 3650 -subj "/CN=Secure Boot/"
openssl x509 -in MOK.crt -outform DER -out MOK.cer

Then enroll the MOK:

mokutil --import MOK.cer

You’ll be asked to set a password—note it, as you’ll need it after reboot.

Read more: How do I create my own proxy server?

Reboot and Enroll the Key

After reboot, a blue MOK Manager screen will appear.

  • Choose Enroll MOK

  • Select Continue

  • Enter the password you set earlier

  • Reboot again

Now your custom key is enrolled.

Sign the Kernel (Optional for Custom Kernels)

If you’re using a custom kernel or modules, sign them with the key:

pesign --sign --key MOK.key --cert MOK.crt --in vmlinuz-custom --out vmlinuz-custom.signed

Then update GRUB to boot from the signed kernel.

Read more: How to install Signal on Debian 12?

Verify Secure Boot Is Active

After everything is set up, you can confirm Secure Boot is active:

dmesg | grep -i secure

You should see a message like:

Secure boot enabled

Or use:

mokutil --sb-state

It should now report:

SecureBoot enabled

This setup gives you a working Secure Boot on CloudLinux 9.2 with support for custom keys and signed kernels. It’s especially useful for environments that require hardened boot paths, such as hosting servers or enterprise workloads.

Read more: How to Secure Email Ports on VPS Against Spam and Attacks

Share:

More Posts

Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments

Dropvps is a VPS hosting provider that offers Linux, Windows, RDP, and Forex VPS solutions.

Twitter
Services

Linux VPS

Windows Desktop VPS

Buy RDP

Buy VPS With Bitcoin

Buy VPS With Perfect Money

Buy VPS With USDT 

Buy RDP With USDT 

Locations

Canada VPS

USA VPS

Los Angles VPS

San Jose VPS

Chicago VPS

New York VPS

Florida VPS

Tampa VPS

Miami VPS

Texas VPS

Seattle VPS

Dallas VPS

Phoenix VPS

St. Louis VPS

France VPS

Paris VPS

Sweden VPS

Romania VPS

Denmark VPS

Austria VPS

Bulgaria VPS

Switzerland VPS

Netherlands VPS

Amsterdam VPS

Germany VPS

Frankfurt VPS

Poland VPS

Gdansk VPS

Warsaw VPS

UK VPS

London VPS

Manchester VPS

Spain VPS

Finland VPS

Dubai VPS

India VPS

Singapore VPS

China VPS

Hong-Kong VPS

Japan VPS

Malaysia VPS

Turkey VPS

Russia VPS

Moscow VPS

Australia VPS

New Zealand VPS

Contact

About US | Contact US

Terms and Conditions

© 2024 DropVPS