dkms in bullseye has a sign script that expect the mok key to be in
/root (not /var/lib/dkms/:
dkms: /etc/dkms/sign_helper.sh
/lib/modules/"$1"/build/scripts/sign-file sha512 /root/mok.priv /root/mok.der
"$2"
dkms in bookworm has no sign_tool script anymore but fromĀ
On Thu, 18 Nov 2021 13:32:58 +0100 Thomas Goirand
wrote:
> On 11/18/21 7:15 AM, Tomas Pospisek wrote:
> > On Thu, 18 Nov 2021, Thomas Goirand wrote:
> >
> >> On 11/17/21 11:01 AM, Tomas Pospisek wrote:
(...)
> >> Hopefully, we can have the automation to sign DKMS modules in a
non-leaf
> >>
On 11/18/21 7:15 AM, Tomas Pospisek wrote:
> On Thu, 18 Nov 2021, Thomas Goirand wrote:
>
>> On 11/17/21 11:01 AM, Tomas Pospisek wrote:
>>> Our instructions on Secure Boot [1] are a bit scatterbrained and do not
>>> specify precisely where the key should exist at.
>>
>> I was the one who wrote
On Thu, 18 Nov 2021, Thomas Goirand wrote:
On 11/17/21 11:01 AM, Tomas Pospisek wrote:
Our instructions on Secure Boot [1] are a bit scatterbrained and do not
specify precisely where the key should exist at.
I was the one who wrote them, after *A LOT* of research about it on the
internet. It
On 11/17/21 11:01 AM, Tomas Pospisek wrote:
> Our instructions on Secure Boot [1] are a bit scatterbrained and do not
> specify precisely where the key should exist at.
I was the one who wrote them, after *A LOT* of research about it on the
internet. It was hard to find, really.
I just explained
On Wed, 17 Nov 2021, Tomas Pospisek wrote:
I would edit those [wiki] instruction so that they create the key at the
same location Ubuntu has its MOK keys. However I would prefer not to
collide with some tools or automation or scripts that do the same at the
same place.
[...]
[1]
(Thomas I hope you don't mind I put you in the Cc)
Leif Lindholm wrote:
Currently, if dkms is installed, shim-signed prompts to disable
kernel/module verification on next boot on some trigger events - to
ensure the system will successfully boot (something, not necessarily
untampered with)
7 matches
Mail list logo