Can I remove the existing keys from the systems databases (db and so on), while still booting my system with Secure Boot?

Solution Unverified - Updated -


  • I have my system setup with Secure Boot, it works. Now I want to remove the keys which my vendor deployed into the db-database, but I want to keep booting with Secure Boot. Is that technically possible? Is that supported?


  • Red Hat Enterprise Linux (RHEL) 7 and 8
  • Secure Boot

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content