Users should follow the steps below to enroll the Trend Micro public key:

1. Enable XDR capability for the endpoint from Trend Micro Vision One Endpoint Inventory. After enabled, the Trend Micro public key is in /opt/TrendMicro/vls_agent/DS20.der.
2. Install the Machine Owner Key (MOK) facility, if it isn't already installed. Use the following command:
   yum install mokutil
3. Add the public key, DS20.der, to the MOK list:
   mokutil --import DS20.der
    

   For details about manually adding the public key to the MOK list, see your Linux documentation.

    
4. When prompted, enter a password that you will use later in this procedure.
5. Reboot the system.
6. After the computer restarts, the Shim UEFI key management console opens.

   

7. Press any key to get started.
8. On the Perform MOK management screen, select Enroll MOK.
9. On the Enroll MOK screen, select View key 0.
10. On the Enroll the key(s)? screen, select Yes and then enter the password you set in step 4, above.
11. On the The system must now be rebooted screen, select OK to confirm your changes and reboot.
12. Use the mokutil utility to check if the key successfully enrolled or not. Use the command below:
    mokutil --test-key /opt/ds_agent/DS20.der
13. Use the keyctl utility to check that the key is on the system key ring. If the keyctl utility is not already installed, use this command to install it:
    yum install keyutils
14. Check the keys that are on the system key ring by using this command:
    keyctl list %:.system_keyring