signing kernel modules on RHEL 7
Li Wei
lw at cn.fujitsu.com
Thu Jun 4 05:15:47 EDT 2015
On 05/28/2015 05:08 PM, Chakradhar thota wrote:
> Thank you Li Wei.
> Is MOK supported in Legacy BIOS? I have tried to import but after
No, MOK is some kind of UEFI things.
MOK is the only way to insert your own public key without recompile kernel.
Thanks.
> reboot couldn't find the key registered
> All articles of Signing kernel modules mention about UEFI enviroment
> for registering MOK.
> Can we register MOK with Legacy BIOS?
>
> On Thu, May 28, 2015 at 1:14 PM, Li Wei <lw at cn.fujitsu.com> wrote:
>> Hi,
>>
>> On 05/20/2015 08:41 PM, Chakradhar thota wrote:
>>> Hello Everyone,
>>>
>>> I have compiled kernel module on RHEL7 but when I insert the module, I
>>> got following warning
>>>
>>> "module verification failed: signature and/or required key missing -
>>> tainting kernel".
>>>
>>> I tried signing the module on custom kernel and find it working.
>>> How can we sign the module for a target system with standard RHEL distribution?
>>> where can we find keys for signing the module on standard kernel?
>>
>> You will never get the signing key from RH, it's RH's private key.
>> You should import your own key into MOK(Machine Owner Key) list and use
>> your own private key to sign module.
>>
>> RH has a document on this:
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/System_Administrators_Guide/sect-signing-kernel-modules-for-secure-boot.html
>>
>>>
>>> Regards,
>>> Chakradhar
>>>
>>> _______________________________________________
>>> Kernelnewbies mailing list
>>> Kernelnewbies at kernelnewbies.org
>>> http://lists.kernelnewbies.org/mailman/listinfo/kernelnewbies
>>>
> .
>
More information about the Kernelnewbies
mailing list