Do you use a Linux distrubution other than Fedora or Red Hat? Then it may not have dbxtool. If so, …sorry to say, but your distro sucks.
DBxtool is the only Linux method of checking if the UEFI Secure Boot keys are up-to-date/revoked. If you are not checking for these keys for your security is still useful, what’s the point of even using security? Yet that’s the case with most Linux distros, not including this core open source tool as a package for users to check their systems.
Richard Hughes of fwupd is asking some distros to include this tool. I agree, wholeheartedly: