| 2017-01-21 12:41:18 |
Musbach |
description |
The secure boot option is supposed to work only for 64Bit and mainboard which support uefi. However, I experienced that a signature is mandatory also for non uefi boards with normal bios and 32 bit. My system is Ubuntu 16.04/32Bits and 4.4.0-59-generic kernel. I use the standard kernel.
1) If I build a module like I always did on Ubuntu 10.4 and 14.04 but now on 16.04 and try to load it, I get the following error in `dmesg | tail`: `module verification failed: signature and/or required key missing - tainting kernel`.
2) I create a key pair (`/usr/src/linux-headers-$(uname -r)/scripts/sign-file …`) and sign the module. `hexdump -C (modinfo –n MY_MODULE) | tail` shows:
00004e60 7e 4d 6f 64 75 6c 65 20 73 69 67 6e 61 74 75 72 |~Module signatur|
00004e70 65 20 61 70 70 65 6e 64 65 64 7e 0a |e appended~.|
00004e7c
And tried to load the keys with ` sudo mokutil --import MOK.der ` but I get the error:
EFI variables are not supported on this system
3) I tried to disable the signature validation
# sudo mokutil --disable-validation
EFI variables are not supported on this system
4) I added in grub `noefi` and ` acpi_enforce_resources=lax`. But it had no effect. Ubuntu refuses to load the module.
5) IU was looking for the private key of the kernel in order to sign my generated key with the kernel key. If I would found the private key, it would have completely useless to introduce signatures to Ubuntu J
6 Try) Suggestions by Rod Smith to install the MokManager.efi were not successful because it requires an uefi motherboard.
Other tries are suggested by Rod Smith here (http://askubuntu.com/questions/765509/login-broken-after-15-10-16-04-lts-upgrade-related-to-nvidia-driver). To use older version of grub is considered not be the best idea. The build of a new kernel is principle possible but the question is which kernel parameter have to be change? The answer is difficult because it is a bug in Ubuntu.
Could you please fix the bug? Please let me know I you need more information. |
The secure boot option is supposed to work only for 64Bit and mainboard which support uefi. However, I experienced that a signature is mandatory also for non uefi boards with normal bios and 32 bit. My system is Ubuntu 16.04/32Bits and 4.4.0-59-generic kernel. I use the standard kernel.
1) If I build a module like I always did on Ubuntu 10.4 and 14.04 but now on 16.04 and try to load it, I get the following error in `dmesg | tail`: `module verification failed: signature and/or required key missing - tainting kernel`.
2) I create a key pair (`/usr/src/linux-headers-$(uname -r)/scripts/sign-file …`) and sign the module. `hexdump -C $(modinfo –n MY_MODULE) | tail` shows:
00004e60 7e 4d 6f 64 75 6c 65 20 73 69 67 6e 61 74 75 72 |~Module signatur|
00004e70 65 20 61 70 70 65 6e 64 65 64 7e 0a |e appended~.|
00004e7c
And tried to load the keys with ` sudo mokutil --import MOK.der ` but I get the error:
EFI variables are not supported on this system
3) I tried to disable the signature validation
# sudo mokutil --disable-validation
EFI variables are not supported on this system
4) I added in grub `noefi` and ` acpi_enforce_resources=lax`. But it had no effect. Ubuntu refuses to load the module.
5) IU was looking for the private key of the kernel in order to sign my generated key with the kernel key. If I would found the private key, it would have completely useless to introduce signatures to Ubuntu J
6 Try) Suggestions by Rod Smith to install the MokManager.efi were not successful because it requires an uefi motherboard.
Other tries are suggested by Rod Smith here (http://askubuntu.com/questions/765509/login-broken-after-15-10-16-04-lts-upgrade-related-to-nvidia-driver). To use older version of grub is considered not be the best idea. The build of a new kernel is principle possible but the question is which kernel parameter have to be change? The answer is difficult because it is a bug in Ubuntu.
Could you please fix the bug? Please let me know I you need more information. |
|
