我制作了一个模块并用make modules_install.
我运行了以下命令这个要点:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -subj "/CN=Owner/"
mokutil --import MOK.der
之后我重新启动,并在启动时使用 MokManager 注册 mok。重新启动后,我使用以下命令签署了该文件(也对要点进行了稍微修改):
sudo /lib/modules/$(uname -r)/build/scripts/sign-file sha256 ./MOK.priv ./MOK.der /lib/modules/$(uname -r)/extra/veikk.ko
modinfo veikk以下是、mokutil -l和 的输出sudo cat /proc/keys,可能会有所帮助:
modinfo veikk:
filename: /lib/modules/5.1.5-arch1-2-ARCH/extra/veikk.ko.xz
license: GPL
srcversion: A82263B16A25C763382D8B9
alias: hid:b0003g*v00002FEBp00000003
alias: hid:b0003g*v00002FEBp00000002
alias: hid:b0003g*v00002FEBp00000001
depends: hid
retpoline: Y
name: veikk
vermagic: 5.1.5-arch1-2-ARCH SMP preempt mod_unload
sig_id: PKCS#7
signer: Owner
sig_key: 5A:18:61:8C:22:EC:D0:BC:93:BB:E2:D2:97:1F:8B:E8:9F:7E:44:4D
sig_hashalgo: sha256
signature: 12:F3:84:AB:05:27:17:64:E0:7B:39:62:2D:81:43:7F:42:4A:36:79:
13:09:88:C4:3A:66:DB:EA:83:97:D6:5F:3C:05:30:01:60:AE:B7:92:
09:29:FE:A0:C9:9F:34:E8:6D:22:D3:CE:A3:D8:4E:B9:75:A8:A4:0A:
BB:E3:B0:2C:68:C4:73:2F:8C:49:22:1B:F3:E8:70:EE:07:A1:C8:2F:
DA:51:8A:9C:8A:29:D5:84:18:17:BD:7E:89:25:CC:79:BE:34:1D:8A:
2C:F0:B1:13:AD:6A:1E:27:C5:31:37:03:37:33:AC:35:75:D4:CC:16:
C3:EF:75:4E:C5:85:FF:45:D2:4F:33:F1:50:99:AC:36:14:08:19:D7:
37:6B:2C:1A:4E:16:3D:35:D1:57:FD:50:AF:45:66:D1:72:83:BC:2A:
FE:B8:F2:99:F4:EB:7E:35:0A:EC:91:49:13:D0:3D:33:DF:BB:75:0E:
BA:F3:11:BB:CD:68:30:00:72:16:CD:E6:79:85:E0:3D:32:D7:41:8B:
AC:A1:02:D7:EA:33:36:C6:F4:04:F1:66:8C:F3:9D:9F:7F:EF:3C:2D:
30:77:08:95:1F:1D:7F:A2:98:63:CD:2D:CF:68:0C:C4:7F:5C:0F:33:
D9:C1:70:95:0D:8F:37:B5:B9:4C:28:9F:F7:1A:8A:71
mokutil -l:
[key 1]
SHA1 Fingerprint: c0:fa:91:66:f8:dc:74:df:09:6f:9c:a1:d3:4f:57:a1:5d:45:16:ad
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
20:58:4e:e8:65:65:61:35:3a:d3:b2:cf:88:64:f0:77:6c:f2:d0:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Owner
Validity
Not Before: Jun 14 01:15:17 2019 GMT
Not After : Jul 14 01:15:17 2019 GMT
Subject: CN=Owner
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:81:f9:35:0e:ff:29:8f:78:c1:b8:67:03:6e:
9a:cd:c1:62:0d:35:ee:56:3a:4f:7c:af:df:83:dd:
1b:3f:83:86:30:c1:8c:e2:2f:42:03:12:9d:40:39:
16:4b:2e:57:eb:94:42:00:3e:8e:d4:2b:eb:2d:13:
92:62:c9:65:47:a9:ac:91:fc:b0:dd:79:c3:d4:6f:
2e:32:a3:45:9b:d4:17:d1:e9:3c:4d:21:74:83:17:
91:70:6a:84:27:dd:36:db:59:16:72:c3:eb:1c:a0:
d7:3b:97:1b:ad:6e:3d:de:fd:91:8b:c3:78:37:ec:
f5:96:be:0d:4b:a0:07:01:5e:50:d9:0f:15:17:19:
6b:a3:8b:74:3f:e2:b6:34:ce:5d:16:f6:0d:20:87:
0e:e9:3d:ac:73:dc:36:eb:36:6c:57:22:c2:25:58:
e2:c1:7f:2d:72:94:4d:68:fa:1a:f3:26:4e:27:35:
a2:ec:82:02:da:61:d0:a2:44:68:64:1c:11:b0:40:
4f:0f:a3:fe:c8:d8:d5:87:11:c8:33:88:b2:5f:c0:
f8:5b:8d:68:5d:01:fd:5a:a7:6c:33:65:bc:64:20:
dc:95:1e:15:ec:bf:88:7d:97:aa:0a:c3:74:48:01:
0c:64:5f:df:e1:47:9a:bc:c5:2c:71:f3:ec:33:a8:
cf:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:9E:94:49:32:C9:02:2F:93:8C:D5:58:39:40:5D:C0:BB:11:35:76
X509v3 Authority Key Identifier:
keyid:0E:9E:94:49:32:C9:02:2F:93:8C:D5:58:39:40:5D:C0:BB:11:35:76
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
76:4b:d4:8e:b4:08:c3:07:f8:d0:44:97:84:54:a8:e3:07:36:
49:91:86:71:46:1b:42:18:f8:f0:c3:be:95:a2:22:1d:e2:8a:
d4:8c:6e:ec:1c:ff:58:2e:12:82:0a:b9:90:37:10:96:39:08:
f0:44:35:ea:ba:95:f8:99:64:c7:96:d2:a0:fc:67:dc:89:e8:
df:29:60:6b:e5:bd:f6:45:86:83:8f:87:f7:dc:37:ba:26:3d:
c2:0a:5e:f2:ee:6e:36:17:00:1f:74:37:52:d7:5f:d5:c9:ec:
2d:3e:30:66:66:a9:4c:37:b7:95:3e:77:9d:d8:cf:09:70:d6:
29:8f:00:5e:84:23:0b:0d:f8:09:b0:d1:cd:9b:55:1f:40:c5:
56:99:3c:01:79:1f:86:9c:ac:7f:fd:1b:77:c0:24:41:21:d1:
3d:f8:bd:d3:44:ba:62:76:50:30:2f:ea:bc:0b:7c:76:78:21:
bc:1d:d2:6c:f3:38:a3:42:4e:c5:04:d8:ef:49:5a:f3:2d:ed:
cd:f7:6b:2a:2f:a9:22:bd:d8:95:12:fa:02:87:81:af:7d:07:
5e:98:22:7f:db:94:59:95:f9:a0:be:45:61:2b:2b:4e:af:2c:
e8:f9:ee:64:19:ef:58:9c:9c:87:66:41:2c:df:0f:79:e7:12:
c4:23:8a:2a
[key 2]
SHA1 Fingerprint: d8:e4:11:a9:45:7d:55:ec:46:f6:99:37:33:ca:73:a0:72:39:61:de
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
1b:21:0b:68:21:d6:b1:f0:e6:e6:72:82:69:8a:b5:58:55:05:c6:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Owner
Validity
Not Before: Jun 14 01:20:04 2019 GMT
Not After : Jul 14 01:20:04 2019 GMT
Subject: CN=Owner
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:25:17:e4:02:3d:4b:da:4a:6d:95:ba:7b:23:
22:34:67:87:45:56:b4:62:60:57:63:92:ba:eb:66:
92:6d:32:b3:60:18:26:79:ec:5f:8f:bb:d5:5d:e6:
1a:06:d2:24:a5:43:70:32:c8:cf:69:e6:1d:ff:15:
62:f3:11:8c:77:16:45:d4:ce:3a:9d:30:a7:33:c9:
3e:6d:47:08:69:8d:29:32:c8:67:6b:b1:1a:15:3f:
3c:62:72:45:28:e4:4a:2d:7f:b3:92:00:28:36:85:
fb:95:ea:2c:33:4b:a6:8c:bd:b6:73:f8:22:4a:3d:
30:89:dc:f6:2c:8f:fc:ea:68:3c:8f:da:a1:93:45:
93:44:7a:06:ce:1c:8e:9c:c5:13:2c:e0:01:c9:ea:
e7:6b:db:2e:bf:33:ca:79:ba:f7:e2:02:92:5e:29:
0d:f0:a5:b4:bc:44:10:ea:13:89:b2:b6:64:d9:bf:
92:d8:43:06:79:06:d7:5f:c4:9d:a7:54:21:51:97:
92:a9:58:e8:a8:50:e3:49:37:e5:81:2c:1a:16:2c:
ac:35:ef:fe:32:72:a2:a7:72:9f:93:f5:92:99:6f:
00:e4:f0:19:f6:84:67:26:66:e8:e5:b4:33:cd:bd:
b3:b6:32:f1:1c:01:ec:ae:59:7e:c4:85:9b:c4:3d:
a6:67
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:BC:D2:F9:F0:EF:86:E5:B5:C8:7A:EC:90:8D:F3:E6:2C:C5:86:BF
X509v3 Authority Key Identifier:
keyid:4A:BC:D2:F9:F0:EF:86:E5:B5:C8:7A:EC:90:8D:F3:E6:2C:C5:86:BF
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
75:c1:2f:c9:6f:af:dc:3f:6e:66:93:99:80:90:20:ce:47:0c:
be:30:c6:65:05:49:ff:46:74:57:52:69:61:74:ff:59:d9:0e:
eb:c2:b3:3d:4f:26:b1:cd:1f:01:29:9d:c4:1d:78:a3:b7:87:
c1:ac:d4:88:3f:db:3c:cb:28:94:a4:04:e1:5b:ad:0d:5f:a6:
cf:2d:86:17:13:28:c4:27:5f:73:67:fc:fb:da:18:30:c6:df:
b4:01:6f:e3:0d:e8:75:ed:d2:92:50:54:0d:be:bd:c9:82:5d:
ca:31:53:60:a1:d5:ed:8d:8a:a1:02:76:6e:6c:cd:c4:c1:90:
da:54:0d:15:6c:87:b6:4e:d7:bc:6a:67:0d:b1:86:a7:d2:7f:
00:8a:56:b8:6d:fa:a7:ac:da:c7:a6:7b:d5:28:27:d1:c6:9d:
d3:a3:91:2b:00:14:3e:b3:c8:27:32:54:f4:c3:85:f1:3e:38:
a4:18:8c:ff:f3:3d:b9:34:62:87:66:ba:69:bb:3c:3a:48:73:
bb:0f:a8:3d:b5:43:f0:3e:ac:19:7f:c6:5d:af:1f:2b:a9:17:
2e:dc:f7:fa:ed:a1:23:16:eb:ab:bd:a3:e2:1d:ee:97:82:90:
d6:d2:a9:ab:16:50:d7:bd:96:c8:a3:2a:32:54:84:88:ce:9c:
ab:03:1d:9a
[key 3]
SHA1 Fingerprint: b3:68:bf:1c:e4:1d:05:48:94:01:71:c2:0b:9e:12:70:55:07:11:9f
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
5a:18:61:8c:22:ec:d0:bc:93:bb:e2:d2:97:1f:8b:e8:9f:7e:44:4d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Owner
Validity
Not Before: Jun 14 03:20:34 2019 GMT
Not After : Jul 14 03:20:34 2019 GMT
Subject: CN=Owner
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:6d:5b:fa:cf:bb:d7:57:83:53:9b:51:f0:71:
4c:42:d9:ea:b9:16:bd:a4:97:3f:b2:01:ed:3c:47:
b3:7f:5b:98:d7:78:2d:db:a6:5c:20:fe:ef:fe:6d:
7f:1e:62:02:68:38:39:ca:80:2a:b8:6b:af:ba:7f:
7c:4e:e2:e1:75:d0:2a:22:70:8f:76:48:21:c6:81:
4d:99:40:97:3f:f5:63:1f:66:01:52:a3:75:64:1f:
41:f1:74:53:52:c0:53:cd:46:81:1b:85:f2:13:ef:
93:2a:97:00:bc:79:9e:f9:7f:07:15:0e:b9:16:42:
83:35:10:49:ac:41:7e:ba:15:20:3f:7b:7b:19:b9:
85:3b:e6:9b:28:5d:fa:91:0d:66:98:be:d8:4e:6c:
12:20:81:85:a2:05:c6:3f:fe:73:c3:76:bc:ab:b1:
c2:d2:fd:46:5c:ac:17:19:0e:7b:d9:36:e4:7c:c8:
8b:28:ea:3b:eb:55:28:19:dd:00:01:6e:21:5a:9f:
6f:68:fd:a5:b7:1e:47:ea:2d:0c:2b:e9:ba:92:eb:
06:53:32:08:b9:1f:68:5a:5a:1f:f8:41:64:80:6f:
ee:1b:4b:b3:a0:11:60:ca:61:ca:b2:66:13:af:11:
87:55:cf:d2:b9:71:a3:1d:87:f8:7e:cc:27:e7:dd:
85:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:78:89:84:E0:8C:74:3C:BC:68:B2:63:83:53:72:41:22:39:88:A1
X509v3 Authority Key Identifier:
keyid:35:78:89:84:E0:8C:74:3C:BC:68:B2:63:83:53:72:41:22:39:88:A1
X509v3 Basic Constraints: critical
CA:TRUE
Signature Algorithm: sha256WithRSAEncryption
2a:55:83:03:24:91:54:83:83:c6:88:34:67:19:e2:3c:e3:3b:
5d:58:0d:ab:d2:b2:89:09:6f:7b:6d:da:25:41:cf:e2:51:d2:
0e:1b:0d:04:dd:d3:14:54:37:b7:dc:a2:1c:1e:04:b6:a0:27:
74:a0:bc:5e:09:eb:59:d0:88:02:67:9c:6e:90:f6:d4:8f:aa:
8f:b8:ed:a8:2e:42:e8:06:4f:7d:cd:47:81:64:b8:8b:ba:a6:
4b:65:91:d2:75:87:f2:90:03:4c:c0:a7:72:7d:3e:32:0c:98:
be:56:6b:dc:f5:9b:15:70:13:c5:0e:ef:49:83:4e:4c:25:e6:
ad:71:8c:3b:d6:be:18:b3:ca:e4:fb:75:68:74:10:2f:2c:38:
22:f7:fc:d9:1e:ca:72:36:0e:b6:b3:e6:6c:8e:60:a0:5f:9a:
a3:b1:ca:0c:d5:6c:07:68:8a:19:c6:2c:e6:9e:a1:5d:5d:f3:
43:36:67:62:cf:de:44:11:21:d2:09:87:78:d0:75:cd:7c:3b:
ff:cd:48:ab:b6:56:94:c4:f7:d2:65:06:df:ee:81:55:53:55:
7a:1e:b8:6a:f5:05:20:48:da:90:03:e7:18:ab:0d:90:ec:93:
fe:13:4f:b8:53:cc:7c:1e:d3:56:93:51:99:f0:ab:0b:8f:2c:
d7:6c:cc:c1
[key 4]
SHA1 Fingerprint: 7e:68:65:1d:52:68:5f:7b:f5:8e:a0:1d:78:4d:2f:90:d3:f4:0f:0a
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2574709492 (0x9976f2f4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=Fedora Secure Boot CA
Validity
Not Before: Dec 7 16:25:54 2012 GMT
Not After : Dec 5 16:25:54 2022 GMT
Subject: CN=Fedora Secure Boot CA
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:f5:f7:52:81:a9:5c:3e:2b:f7:1d:55:f4:5a:
68:84:2d:bc:8b:76:96:85:0d:27:b8:18:a5:cd:c1:
83:b2:8c:27:5d:23:0a:d1:12:0a:75:98:a2:e6:5d:
01:8a:f4:d9:9f:fc:70:bc:c3:c4:17:7b:02:b5:13:
c4:51:92:e0:c0:05:74:b9:2e:3d:24:78:a0:79:73:
94:c0:c2:2b:b2:82:a7:f4:ab:67:4a:22:f3:64:cd:
c3:f9:0c:26:01:bf:1b:d5:3d:39:bf:c9:fa:fb:5e:
52:b9:a4:48:fb:13:bf:87:29:0a:64:ef:21:7b:bc:
1e:16:7b:88:4f:f1:40:2b:d9:22:15:47:4e:84:f6:
24:1c:4d:53:16:5a:b1:29:bb:5e:7d:7f:c0:d4:e2:
d5:79:af:59:73:02:dc:b7:48:bf:ae:2b:70:c1:fa:
74:7f:79:f5:ee:23:d0:03:05:b1:79:18:4f:fd:4f:
2f:e2:63:19:4d:77:ba:c1:2c:8b:b3:d9:05:2e:d9:
d8:b6:51:13:bf:ce:36:67:97:e4:ad:58:56:07:ab:
d0:8c:66:12:49:dc:91:68:b4:c8:ea:dd:9c:c0:81:
c6:91:5b:db:12:78:db:ff:c1:af:08:16:fc:70:13:
97:5b:57:ad:6b:44:98:7e:1f:ec:ed:46:66:95:0f:
05:55
Exponent: 65537 (0x10001)
X509v3 extensions:
Authority Information Access:
CA Issuers - URI:https://fedoraproject.org/wiki/Features/SecureBoot
X509v3 Authority Key Identifier:
keyid:FD:E3:25:99:C2:D6:1D:B1:BF:58:07:33:5D:7B:20:E4:CD:96:3B:42
X509v3 Extended Key Usage:
Code Signing
X509v3 Subject Key Identifier:
FD:E3:25:99:C2:D6:1D:B1:BF:58:07:33:5D:7B:20:E4:CD:96:3B:42
Signature Algorithm: sha256WithRSAEncryption
37:77:f0:3a:41:a2:1c:9f:71:3b:d6:9b:95:b5:15:df:4a:b6:
f4:d1:51:ba:0d:04:da:9c:b2:23:f0:f3:34:59:8d:b8:d4:9a:
75:74:65:80:17:61:3a:c1:96:7f:a7:c1:2b:d3:1a:d6:60:3c:
71:3a:a4:c4:e3:39:03:02:15:12:08:1f:4e:cd:97:50:f8:ff:
50:cc:b6:3e:03:7d:7a:e7:82:7a:c2:67:be:c9:0e:11:0f:16:
2e:1e:a9:f2:6e:fe:04:bd:ea:9e:f4:a9:b3:d9:d4:61:57:08:
87:c4:98:d8:a2:99:64:de:15:54:8d:57:79:14:1f:fa:0d:4d:
6b:cd:98:35:f5:0c:06:bd:f3:31:d6:fe:05:1f:60:90:b6:1e:
10:f7:24:e0:3c:f6:33:50:cd:44:c2:71:18:51:bd:18:31:81:
1e:32:e1:e6:9f:f9:9c:02:53:b4:e5:6a:41:d6:65:b4:2e:f1:
cf:b3:b8:82:b0:a3:96:e2:24:d8:83:ae:06:5b:b3:24:74:4d:
d1:a4:0a:1d:0a:32:1b:75:a2:96:d1:0e:3e:e1:30:c3:18:e8:
cb:53:c4:0b:00:ad:7e:ad:c8:49:41:ef:97:69:bd:13:5f:ef:
ef:3c:da:60:05:d8:92:fc:da:6a:ea:48:3f:0e:3e:73:77:fd:
a6:89:e9:3f
sudo cat /proc/keys:
0234c79f I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
039c00fe I--Q--- 4 perm 3f030000 0 0 keyring _ses: 1
03ab10e5 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
06bc3e3b I--Q--- 1 perm 1f3f0000 0 65534 keyring _uid_ses.0: 1
0780e17d I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
07bf62e1 I------ 1 perm 1f0b0000 0 0 keyring .blacklist: empty
0ae980e1 I------ 1 perm 1f030000 0 0 asymmetri sforshee: 00b28ddf47aef9cea7: X509.rsa []
0e605083 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
113791d8 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
11deafb6 I------ 1 perm 1f0b0000 0 0 keyring .builtin_regdb_keys: 1
13c6f543 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
151375a1 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
15447179 I--Q--- 3 perm 1f3f0000 0 65534 keyring _uid.0: empty
17cad795 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
17f2f258 I--Q--- 12 perm 3f030000 0 0 keyring _ses: 1
18e7fe91 I--Q--- 1 perm 3f030000 0 0 keyring _ses: 2
1b7fa1cf I--Q--- 80 perm 3f030000 1000 985 keyring _ses: 1
1ba8e3bc I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
1db7b7ea I--Q--- 4 perm 1f3f0000 1000 65534 keyring _uid.1000: empty
1e44ead1 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
1fc4383f I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
2029dd28 I--Q--- 4 perm 3f030000 0 0 keyring _ses: 1
21270038 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2230acc6 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
22f1e510 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2311d4c0 I------ 1 perm 1f0f0000 0 0 keyring .secondary_trusted_keys: 1
24d5f2fc I------ 2 perm 1f0b0000 0 0 keyring .builtin_trusted_keys: 1
258cd717 I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
26aa10b5 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2aa5d9ac I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2d224ec5 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
2ed0156d I--Q--- 2 perm 3f030000 0 0 keyring _ses: 1
3004b863 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
339f79bb I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
36d50737 I--Q--- 6 perm 3f030000 0 0 keyring _ses: 1
373aa376 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
39be7bef I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3d9385d6 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16
3e5b4c2a I------ 1 perm 1f030000 0 0 asymmetri Build time autogenerated kernel key: 4024ce463c4ca8bf03bb78eb9a2465b58d864fcd: X509.rsa 8d864fcd []
构建/签名都没有给出错误。看来该密钥是由 MokManager 加载的(参见 中的密钥 3 mokutil -l)。我不确定如何解释/proc/keys,但将其包括在内,以防出现危险信号。但在尝试实际加载模块时我仍然收到错误:
$ sudo modprobe veikk
modprobe: ERROR: could not insert 'veikk': Required key not available
为什么会出现这种情况?
如果有帮助的话,我正在运行 Arch Linux(内核 5.1.5),并且安装了 shim 和 mokmanager 以使安全启动正常工作,并使用内核配置module.sig_enforce=1。 (禁用安全启动时模块签名正在工作,但我正在尝试帮助其他人在启用安全启动的情况下对其模块进行签名。)
编辑:刚刚意识到创建密钥时出现错误:
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -subj "/CN=Owner/"
应该有一个-days参数,否则为 0(参见mokutils -l输出)。但这个命令也不起作用(但它确实提供了有效的时间范围):
openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER -out MOK.der -nodes -days 36500 -subj "/CN=Owner/"