On 16/03/2020 20:23, Jerry Geis wrote:
Ok I tried signing a module... Did not work.
+ openssl req -new -x509 -newkey rsa:2048 -keyout MOK.priv -outform DER
-out MOK.der -nodes -days 36500 -subj '/CN=dahdi Modules/'
Generating a 2048 bit RSA private key
......................................+++
..............................................................................+++
writing new private key to 'MOK.priv'
-----
++ uname -r
++ modinfo -n dahdi
+ /usr/src/kernels/3.10.0-1062.12.1.el7.x86_64/scripts/sign-file sha256
./MOK.priv ./MOK.der /lib/modules/3.10.0-1062.12.1.el7.x86_64/dahdi/dahdi.ko
service dahdi restart
Restarting dahdi (via systemctl): Job for dahdi.service failed because the
control process exited with error code. See "systemctl status
dahdi.service" and "journalctl -xe" for details.
[FAILED]
Mar 16 16:20:12 dahdi[12787]: Loading DAHDI hardware modules:
Mar 16 16:20:12 dahdi[12787]: modprobe: ERROR: could not insert 'dahdi':
Required key not available
Mar 16 16:20:12 kernel: Request for unknown module key 'dahdi Modules:
3e93f14b19188e27f6dbfaf5ad47474abb9606fc' err -11
Did I miss something ?
Looks like you did not enroll your signing key in the MOK list as the
kernel is telling you it can not find your key to verify the signing of
the module?
Read the two links I posted earlier, and links therein. That is the best
documentation that exists AFAIK.
Phil
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos
