You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For the module to work in SecureBoot mode, the signer key must be added to the enrollment list. Can this situation be overcome by using another method(s) other than disabling SecureBoot or adding the self-signed generated key to the enrollment list (requires further operations)?
My workaround:
Platform: Centos Stream 9
[Before Module Installation]
For the module to work in SecureBoot mode, the signer key must be added to the enrollment list. Can this situation be overcome by using another method(s) other than disabling SecureBoot or adding the self-signed generated key to the enrollment list (requires further operations)?
My workaround:
Platform: Centos Stream 9
[Before Module Installation]
new kernel configuration signing key
$ cd /lib/modules/$(uname -r)/build/certs
$ openssl req -new -x509 -newkey rsa:2048 -keyout signing_key.pem -out signing_key.x509 -nodes -days 3650 -subj "/CN=Custom Kernel Module Signing"
$ openssl x509 -in signing_key.x509 -outform DER -out signing_key.der
import new key to enrollment list using mokutil
$ mokutil --import signing_key.der <<EOF
custompassword
custompassword
EOF
display imported key to be added to enrollment list
$ mokutil --list-new
Reboot and Complete Enrollment
$ reboot
During boot:
Select [Enroll MOK] and confirm the enrollment by entering the password you provided during the import.
Verify Enrollment: After rebooting, verify that the certificate has been enrolled correctly
$ mokutil --list-enrolled
Then, you can install [xt_tls] module.
The text was updated successfully, but these errors were encountered: