signing kernel modules on RHEL 7
lw at cn.fujitsu.com
Thu Jun 4 05:15:47 EDT 2015
On 05/28/2015 05:08 PM, Chakradhar thota wrote:
> Thank you Li Wei.
> Is MOK supported in Legacy BIOS? I have tried to import but after
No, MOK is some kind of UEFI things.
MOK is the only way to insert your own public key without recompile kernel.
> reboot couldn't find the key registered
> All articles of Signing kernel modules mention about UEFI enviroment
> for registering MOK.
> Can we register MOK with Legacy BIOS?
> On Thu, May 28, 2015 at 1:14 PM, Li Wei <lw at cn.fujitsu.com> wrote:
>> On 05/20/2015 08:41 PM, Chakradhar thota wrote:
>>> Hello Everyone,
>>> I have compiled kernel module on RHEL7 but when I insert the module, I
>>> got following warning
>>> "module verification failed: signature and/or required key missing -
>>> tainting kernel".
>>> I tried signing the module on custom kernel and find it working.
>>> How can we sign the module for a target system with standard RHEL distribution?
>>> where can we find keys for signing the module on standard kernel?
>> You will never get the signing key from RH, it's RH's private key.
>> You should import your own key into MOK(Machine Owner Key) list and use
>> your own private key to sign module.
>> RH has a document on this:
>>> Kernelnewbies mailing list
>>> Kernelnewbies at kernelnewbies.org
More information about the Kernelnewbies