{"description": "Ensure that Secure Boot is enabled with the <tt>mokutil</tt> command.", "rationale": "By ensuring the integrity of the boot process, Secure Boot protects against rootkits,\nbootkits, and other low-level malware that could compromise the system before traditional defenses activate. This helps maintain both the confidentiality and integrity of the system, ensuring that sensitive data remains protected and only trusted code is executed.", "severity": "medium", "references": {"ism": ["1745"]}, "control_references": {"ism": ["1745"]}, "components": [], "identifiers": {}, "ocil_clause": "Secure Boot is not enabled", "ocil": "Check that Secure Boot is enabled with the <tt>mokutil</tt> command.\n\nWhen Secure Boot is enabled:\n<pre>\nmokutil --sb-state\nSecureBoot enabled\n</pre>\n\nWhen Secure Boot is disabled:\n<pre>\nmokutil --sb-state\nFailed to read SecureBoot\n</pre>\n\nor:\n<pre>\nmokutil --sb-state\nSecureBoot disabled\n</pre>", "oval_external_content": null, "fixtext": "", "checktext": "", "vuldiscussion": "", "srg_requirement": "", "warnings": [], "conflicts": [], "requires": [], "policy_specific_content": {}, "platform": null, "platforms": [], "sce_metadata": {}, "inherited_platforms": ["machine"], "cpe_platform_names": [], "inherited_cpe_platform_names": ["machine"], "bash_conditional": null, "fixes": {}, "title": "Ensure that Secure Boot is enabled", "definition_location": "/aptdata/openscap/scap-security-guide/linux_os/guide/system/secureboot/secure_boot_enabled/rule.yml", "template": null}